Nessus alternative for Mac homelabs

Tenable Nessus is genuinely great. It's also $3,000 per year, runs a Java web UI on a box you have to provision, and expects you to know the difference between a credentialed and uncredentialed scan before you click Go. It's built for people running thousands of hosts with a compliance binder. That's not you.

If your fleet is twenty hosts, ten hosts, or — let's be honest — six hosts, Nessus is a Mercedes for a one-block commute. You want a bicycle.

What a right-sized homelab scanner looks like

1. Mac-native, not a server appliance. The tool lives on the machine you already sit in front of. No provisioning a scanner VM. No reserving a port on the LAN. No second Nessus license when you reformat your laptop.
2. Agentless via SSH. No daemon on every target. No "install this agent" story for the Raspberry Pi that runs Pi-hole. You already SSH into these hosts when you change their configs — Noxen reads the same data the same way.
3. One-time purchase. Nessus is a subscription. Homelab tools should not be. $79 one-time is the Noxen 1.x price. Annual maintenance ($39) is optional from year two onward — only for the people who want continued updates.
4. Reads your ~/.ssh/config. You already have a host list. Noxen imports it in one click.
5. Diff view over raw findings. The Nessus report dumps every finding every time. What you actually want to see is what changed since yesterday. That's the default dashboard.
6. No compliance mode. If you need SOC 2, CIS, PCI, ISO 27001 templates — get Nessus, or Qualys, or Rapid7. Noxen is for the people who don't have that audit requirement and don't want to pay for the feature.

What Noxen actually detects

• CVEs in installed packages (dpkg, rpm, apk), matched via CPE 2.3 against a signed feed sourced from NVD + OSV + GHSA.
• Weak SSH ciphers, deprecated KEX, permissive sshd_config.
• TLS certs approaching expiry, weak signature algorithms (SHA-1, small RSA), deprecated TLS versions, CBC-mode ciphers.
• Missing HTTP security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy).
• Exposed admin surfaces — phpMyAdmin, Grafana, Portainer, Kibana, unauthenticated Redis / Mongo / Elasticsearch, .git/config leaks, .env leaks.
• Open TCP ports from the Nmap-style top 1000.

What Noxen will not do

• Test default credentials against found admin panels. That's a liability; Noxen flags, it doesn't authenticate.
• Perform exploit attempts. If you want Nuclei's active exploit templates, use Nuclei.
• Pretend to be a compliance primary. ISO 27001 templates (Phase 5) are evidence supplements, never the auditor primary.

Pricing, honestly

$79 one-time for Noxen 1.x (25 hosts, scheduled scans, signed CVE feed snapshot per release). $19/month if you want a fresh feed every day instead of per-release and need up to 100 hosts. $149/month for multi-tenant MSP features on up to 500 hosts.

If you price that against Nessus Professional at ~$3,000 per year, or HostedScan at $30–200/month, or Intruder at $100+/month — the gap isn't an accident. Noxen is deliberately cheaper because it's deliberately smaller.

Noxen ships soon — $79 one-time for the Noxen 1.x tier. Follow launch updates via the blog.