Nightly security audits for your homelab.

From your Mac. Without the SaaS.

Noxen runs agentless audits against your remote Linux boxes and VPSs. CVEs, weak SSH, rotting TLS, exposed admin panels — caught the morning after. Findings sync to your iPhone.

$79 one-time at launch. No spam. One email when it ships.

Noxen dashboard showing 1 critical and 2 high-severity findings across 3 enrolled hosts, including CVE-2024-6387 (regreSSHion) and CVE-2024-3094 (xz backdoor).

What it does

Four checks every Linux fleet needs

Each runs over your existing SSH keys. No agent to install, no port to open. Findings diff against the last scan so you only see what changed.

CVE matching Reads dpkg/rpm package inventory and matches against a signed feed sourced from VulnCheck NVD++ and OSV.dev.
SSH & TLS audit Weak ciphers, deprecated protocols, HSTS, OCSP stapling, near-expiry certs, sshd_config drift.
Exposed admin surfaces Detects 70+ services — Grafana, Portainer, phpMyAdmin, unauth Redis/Mongo/Elasticsearch. Flag only, never authenticates.
Diff-from-yesterday Only shows what's new since the last scan — so you read it like email, not like a 200-row report.

See the full check list → See the live CVE feed →

How it compares

Where Noxen fits

The server-audit space is split between heavy enterprise scanners, host-installed CLIs, and per-device agents. Noxen sits in a different spot: a native Mac control plane, agentless over your existing SSH keys.

	Noxen	Pareto Security	Lynis	Nessus
Architecture	Agentless over SSH	Desktop agent per device	Host-installed script	Both (agent + agentless)
macOS-native control plane	Yes	Yes	CLI only	Web UI
Audits remote Linux fleet	Yes	Yes — via Pareto Cloud + agent on each device	Per-host (or paid central mgmt)	Yes
Pricing	$79 one-time	Free desktop · paid Cloud tiers	Free (open source)	$4,790/yr (Professional)
Primary audience	Homelabs, small fleets	Cross-platform endpoints	Sysadmins, hardening pros	Enterprise & SMB

Pricing and feature claims verified from each vendor's public site at time of writing. Pareto Security and Nessus are independent products of their respective vendors; we mention them for honest positioning, not endorsement or comparison-by-association.

Why this exists

Real homelab problems. Mac-native solutions.

Noxen came out of a frustration shared by anyone running their own small fleet: enterprise scanners are too heavy, single-host CLIs don't survey breadth, and SaaS round-trips are the wrong privacy model for servers in your house. Noxen is the alternative.

Notarised & signed by Apple Distributed via Apple's Developer ID + notarisation pipeline — the same channel as most indie Mac apps. Tampering is detectable at launch.
Sparkle update channel Ed25519-signed release artefacts, verified before any update is applied. Public-key rotation is documented.
Direct support Questions and false-positive reports go to hello@noxen.app and get a reply within a business day.