Nightly security audits for your homelab.

From your Mac. Without the SaaS.

Noxen runs agentless audits against your remote Linux boxes and VPSs, then shows only what changed since the last scan — new CVEs, config drift, newly exposed admin services. Read it like email, not like a 200-row report.

Download Noxen — free to try See pricing — $79 one-time

macOS 26+ · Notarised Developer ID · 14-day full-feature trial · Local-only — your data stays on your Mac.

Noxen dashboard showing 1 critical and 2 high-severity findings across 3 enrolled hosts, including CVE-2024-6387 (regreSSHion) and CVE-2024-3094 (xz backdoor).

Why this matters

Read it like email, not like a 200-row report.

Most scanners dump every finding every run. The real risk gets buried under the noise of unchanged hosts, unchanged CVEs, and the same TLS warnings you read yesterday. Noxen does the opposite: each morning's report is what changed in the last 24 hours. Nothing else.

New CVEs only Yesterday's matches are archived. The morning report shows what landed against your installed packages overnight — not the same 47 CVEs you've already triaged.
Config drift, called out An sshd_config edit, a TLS cipher change, a regressed HSTS header — surfaced as a single line per host, not a wall of "current state."
Newly exposed services A Docker port that punched through ufw, a fresh admin panel reachable on :3000, a service you forgot to bind to localhost. Caught the run after it appears.
What's still not resolved Findings persist across runs until they're fixed or acknowledged. The diff view tells you what's new; the unresolved list tells you what's still on you.

Where it works

From a Raspberry Pi to a public-web tower

Noxen runs the same agentless SSH scan across every box in your fleet. Pi running Home Assistant. NUC running Plex. Your Linux VMs. The server tower facing the public internet. One inventory, one CVE-feed match, one report.

What it does

Four checks every Linux fleet needs

Agentless coverage over your existing SSH keys — no agent on the target, no new ports to open, no SaaS round-trip. Findings diff against the last scan so you only see what changed.

CVE matching Reads dpkg/rpm package inventory and matches against a signed feed sourced from VulnCheck NVD++ and OSV.dev.
SSH & TLS audit Weak ciphers, deprecated protocols, HSTS, OCSP stapling, near-expiry certs, sshd_config drift.
Exposed admin surfaces Detects 70+ services — Grafana, Portainer, phpMyAdmin, unauth Redis/Mongo/Elasticsearch. Flag only, never authenticates.
Diff-from-yesterday Only shows what's new since the last scan — so you read it like email, not like a 200-row report.

See the full check list → See the live CVE feed →

How it compares

Where Noxen fits

The server-audit space is split between heavy enterprise scanners, host-installed CLIs, and per-device agents. Noxen sits in a different spot: a native Mac control plane, agentless over your existing SSH keys.

	Noxen	Pareto Security	Lynis	Nessus
Architecture	Agentless over SSH	Desktop agent per device	Host-installed script	Both (agent + agentless)
macOS-native control plane	Yes	Yes	CLI only	Web UI
Audits remote Linux fleet	Yes	Yes — via Pareto Cloud + agent on each device	Per-host (or paid central mgmt)	Yes
Pricing	$79 one-time	Free desktop · paid Cloud tiers	Free (open source)	~$5,000/yr (Professional)
Primary audience	Homelabs, small fleets	Cross-platform endpoints	Sysadmins, hardening pros	Enterprise & SMB

Pricing and feature claims verified from each vendor's public site at time of writing. Pareto Security and Nessus are independent products of their respective vendors; we mention them for honest positioning, not endorsement or comparison-by-association.

Why this exists

Real homelab problems. Mac-native solutions.

Noxen came out of a frustration shared by anyone running their own small fleet: enterprise scanners are too heavy, single-host CLIs don't survey breadth, and SaaS round-trips are the wrong privacy model for servers in your house. Noxen is the alternative.

Notarised & signed by Apple Distributed via Apple's Developer ID + notarisation pipeline — the same channel as most indie Mac apps. Tampering is detectable at every app launch.
Sparkle update channel Ed25519-signed release artefacts, verified before any update is applied. Public-key rotation is documented.
Direct support Questions and false-positive reports go to hello@noxen.app and get a reply within a business day.
Scan data stays on your Mac No SaaS upload, no shared dashboard URL, no telemetry on what you scan or what's found. Findings live in your local SwiftData store on your Mac — Noxen has no servers that see your scans.