About Noxen
Noxen is an independent Mac software project. It exists because homelab operators need nightly visibility into what's broken on every box — without standing up an enterprise scanner or shipping logs to a SaaS.
What it is
Noxen is a native macOS app that runs agentless security audits against your remote Linux fleet over SSH. CVE matching against installed packages, TLS audit, exposed admin-surface fingerprinting, port scan, diff-from-yesterday — the morning-after report on what changed on your hosts overnight.
The audience is intentionally narrow: homelab operators, sysadmins, and small consultancies who run somewhere between 3 and 500 Linux hosts and want one clean view across all of them.
Why it exists
The existing tools didn't fit the homelab shape — desktop agents, host-installed CLIs, and enterprise scanners each leave the "what changed on my fleet last night" question unanswered. The homepage comparison table covers the vendor-by-vendor positioning; the short version is: Noxen is the native Mac control plane that runs nightly, agentless, over your existing SSH keys, at indie pricing.
The team
Noxen is an independent project run by a small team of Mac and Linux operators who got tired of the gap. The bias is toward shipping software that does one thing well rather than competing with cloud-scale security platforms — Noxen is a tool, not a compliance product. Decisions about the data model, the flag-only-not-authenticate stance, and the Developer ID over MAS choice are public and explained in the blog.
How it's built
Noxen is a native macOS app written in Swift, using SwiftUI and SwiftData. The CVE feed is a signed, gzipped NDJSON snapshot served from Cloudflare R2 — the bytes are signed with Ed25519 and verified by the app via CryptoKit before any record touches your local store. The data sources are VulnCheck NVD++ and OSV.dev. We never enrich, never re-score, never invent — the goal is to faithfully mirror what those projects already publish, then match it against what's actually installed on your hosts.
The macOS app is distributed via Apple's Developer ID + notarisation
pipeline (the same channel used by most indie Mac apps), and updates
ship via Sparkle with
Ed25519-signed release artefacts. There's no Mac App Store listing —
the App Sandbox blocks ~/.ssh/config access and raw
sockets, both of which Noxen needs.
(Longer write-up here.)
What you can rely on
- Your scan data is yours. Findings live in your local SwiftData store on your Mac. Noxen has no servers that see your scans.
- Your SSH keys are yours. Keys are read from your existing
~/.ssh/config, copied into the macOS Keychain scoped to Noxen's app group, and never synced anywhere. - The app is signed and notarised. Every build that reaches you was hashed by Apple and signed with the project's Developer ID. Tampering is detectable at every app launch.
- The CVE feed is signed. The app verifies every snapshot's Ed25519 signature against a bundled public key before importing.
- Direct support channel. Email hello@noxen.app for purchases, activation issues, false-positive findings, or feature requests.
Beta access
Want early access to pre-release builds — test new probes or preview UI changes before they ship to everyone? Email hello@noxen.app with a one-line description of your fleet (rough host count + distros).