About Noxen

Noxen is an independent Mac software project. It exists because homelab operators need nightly visibility into what's broken on every box — without standing up an enterprise scanner or shipping logs to a SaaS.

What it is

Noxen is a native macOS app that runs agentless security audits against your remote Linux fleet over SSH. CVE matching against installed packages, TLS audit, exposed admin-surface fingerprinting, port scan, diff-from-yesterday — the morning-after report on what changed on your hosts overnight.

The audience is intentionally narrow: homelab operators, sysadmins, and small consultancies who run somewhere between 3 and 500 Linux hosts and want one clean view across all of them.

Why it exists

The existing options didn't fit the homelab shape. Pareto Security ships a friendly Mac-native UX but uses a per-device-agent architecture — every host you want to audit needs their app installed. Lynis is a great open-source CLI but runs on the host being scanned, with central reporting only on the paid enterprise edition. Nessus / Tenable / Rapid7 are proper enterprise tools at proper enterprise prices, optimised for compliance reporting rather than the weekend question of "what changed in this homelab last night."

Noxen is the gap-filler: native Mac UX, agentless over SSH, sees every host, runs every night, surfaces what's new — at indie pricing.

How it's built

Noxen is a native macOS app written in Swift, using SwiftUI and SwiftData. The CVE feed is a signed, gzipped NDJSON snapshot served from Cloudflare R2 — the bytes are signed with Ed25519 and verified by the app via CryptoKit before any record touches your local store. The data sources are VulnCheck NVD++ and OSV.dev. We never enrich, never re-score, never invent — the goal is to faithfully mirror what those projects already publish, then match it against what's actually installed on your hosts.

The macOS app is distributed via Apple's Developer ID + notarisation pipeline (the same channel used by most indie Mac apps), and updates ship via Sparkle with Ed25519-signed release artefacts. There's no Mac App Store listing — the App Sandbox blocks ~/.ssh/config access and raw sockets, both of which Noxen needs. (Longer write-up here.)

What you can rely on

• Your scan data is yours. Findings live in your local SwiftData store and sync to your private iCloud account. Noxen has no servers that see your scans.
• Your SSH keys are yours. Keys are read from your existing ~/.ssh/config, copied into the macOS Keychain scoped to Noxen's app group, and never synced anywhere.
• The app is signed and notarised. Every build that reaches you was hashed by Apple and signed with the project's Developer ID. Tampering is detectable at launch.
• The CVE feed is signed. The app verifies every snapshot's Ed25519 signature against a bundled public key before importing.
• Direct support channel. Email hello@noxen.app for purchases, activation issues, false-positive findings, or feature requests.

Beta access

If you'd like to test the app before launch and share feedback, email hello@noxen.app with a one-line description of your fleet (rough host count + distros). Beta testers get a free 1.x license at GA.

See pricing →   See the full check list →