I have only ever once seen anything remotely like that -> www.arianim.com
One of my customers use it to analyse and document their channels and connections and their status, so it is more a PI / PO admin tool. As a by-product it however delivered the security information which we needed so did the trick.
You can also look into the SOLMAN Security Configuration Validation. That also generally probes some settings and services of the Java stack as a platform for PI double-stacks of PO Java systems, but not the application itself.
I would also be very interested in any other experiences, as I regularly am confronted by this question.
Cheers,
Julius