Noxen

Noxen is a native macOS app that runs nightly, agentless security audits of your remote Linux fleet over SSH - built for homelab operators, self-hosters, and small ops teams who want fleet-wide visibility without standing up an enterprise scanner or shipping logs to a SaaS.

It connects over your existing ~/.ssh/config (no agent to install on the targets), inventories installed packages, and matches them against a signed, daily-rebuilt CVE feed sourced from VulnCheck NVD++ and OSV.dev. Alongside CVE matching it runs a TLS certificate and cipher audit, an HTTP security-header probe, a TCP port scan, and exposed admin-surface fingerprinting for ~70 self-hosted services (Grafana, Portainer, Pi-hole, Proxmox, the *arr suite, unauthenticated Redis/Mongo/Elasticsearch, leaked .git/.env files, and more).

Instead of dumping the full report every run, Noxen defaults to a diff - only what changed since the last scan: new CVEs, config drift, newly exposed services - so you read it like a morning email. Findings are ranked by exposure, KEV, EPSS and CVSS rather than raw severity, and can be exported to PDF, SIEM NDJSON (Wazuh/Splunk/ELK/Loki), or a CIS Controls v8 / SOC 2 / ISO 27001:2022 evidence map.

Your data stays local: findings live in a local store on your Mac, SSH keys stay in the macOS Keychain, and Noxen has no server that sees your scans - its only backend hosts the signed CVE feed. The app is distributed directly as a notarised Developer ID build (not via the Mac App Store) with Ed25519-signed updates via Sparkle.

Pricing is honest and mostly one-time: 3 hosts free forever, $79 one-time for 25 hosts and scheduled scans, with optional subscriptions for a daily feed ($19/mo) and larger multi-tenant fleets.