Want to audit my PHP security, will this PHP harm/modifiy/etc my system if run?

CODE_DESC: "This web-accessible script will list security recommendations after scanning available PHP configuration variables and func开发者_JAVA百科tions for common exploit vectors."

SOURCE_CODE:

• http://php-security-audit.com/scripts/view/php_security.php

Will this PHP harm/modifiy/etc my system if run?

I looked at the code

Basically it's running through a bunch of php commands / functions / classes and seeing what they return

I've ran scripts like this in the past; its basically checking the integrity of php.ini and different versions of php

Shouldn't be harm in it, but always exercise caution running someone else's code.

If your interested in security testing, http://www.owasp.org/index.php/Main_Page is a great resource. I've used their resources many times in testing for PCI and ISO. They have many tools geared towards PHP / mysql, etc...

You should set up a test server to run this against. Basically, you should never run unknown, untrusted third-party code against your production set up.