The Mac-native homelab vulnerability scanner
If you've ever searched for "Mac homelab vulnerability scanner" and come up with enterprise agents, Linux CLI tools, or SaaS dashboards — this post is the answer. Noxen is a native Mac app that scans your homelab the way you already work with it: over SSH, from the machine you sit in front of.
What "Mac-native" means, in practice
- Runs on your Mac. Not on a dedicated scanner VM, not on a Raspberry Pi, not in a Docker container. Just the laptop you already own.
- SwiftUI interface. Dark mode, Retina, keyboard shortcuts, menu bar — everything you'd expect from a serious Mac app.
- Signed + notarised. Gatekeeper trusts it on first launch. No right-click-Open workarounds.
- Apple Silicon native. Universal binary, but arm64 is where it was built and tested.
- Uses macOS APIs directly.
Network.frameworkfor port scanning (sandbox-compatible),SecTrust/Securityfor TLS inspection,Keychainfor SSH credentials, CloudKit for iPhone sync. No Electron, no Java, no Mono.
What it scans
- SSH inventory. Reads
/etc/os-release, kernel,dpkg -l/rpm -qa/apk info,sshd_config,authorized_keysfrom every enrolled host. - CPE → CVE matching. Every package maps to a CPE 2.3 string; every CPE is checked against a signed CVE feed derived from NVD, OSV, and GHSA.
- Port scan (top 1000 TCP) with service names.
- TLS audit on any HTTPS / IMAPS / POP3S / MySQL-SSL port: cipher suite, protocol, cert expiry, signature algorithm, key size.
- HTTP security headers: CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, server banners.
- Exposed admin surfaces: phpMyAdmin, Grafana, Portainer, Kibana, Traefik, Prometheus, unauthenticated Redis / MongoDB / Elasticsearch,
.git/configleaks,.envleaks. Flag only — Noxen never authenticates.
Who it's for
- Homelab operators. Plex, Home Assistant, Proxmox, Pi-hole, Unifi, Syncthing, Nextcloud — the canonical stack.
- Self-hosted SaaS refugees. People who moved off Google Photos / 1Password / Notion to their own boxes and want to know those boxes are still safe.
- Sysadmins with a small side-fleet. The VPS you use for side projects, the two boxes at a client, the shared infra for a co-op.
- DevOps engineers who don't want to bring their enterprise scanner home.
Who it's not for
- Enterprises with compliance requirements. Get Nessus, Qualys, Rapid7.
- Red teams running active exploitation. Use Nuclei, Nikto, Metasploit.
- Windows-only fleets. Noxen is a Mac app scanning Linux hosts; Windows support is not on the roadmap.
Pricing, unambiguous
| Tier | Price | Hosts | Feed |
|---|---|---|---|
| Free | $0 | 3 | Snapshot (per release) |
| Noxen 1.x | $79 one-time | 25 | Snapshot (per release) |
| Live Feed | $19/month | 100 | Daily |
| MSP / Team | $149/month | 500 | Daily + multi-tenant |
Year 2+ maintenance updates are an optional $39/year for the one-time tier. No per-seat pricing, no hidden tiers, no "contact sales."
Why not Linux or Windows?
Because the Mac is the operator machine for most homelabs — the MacBook open on the desk while the Proxmox cluster hums in the closet. Putting the scanner on the same machine the operator already uses removes a whole class of "where do we run this" problems. No scanner VM to keep patched, no SSH between the scanner and the management laptop, no split-brain about where findings live.
Noxen does not require you to run anything on Linux. Every probe is initiated from the Mac. The hosts themselves don't know they're being scanned, beyond the normal SSH log lines.