Pareto Security for your whole fleet

Pareto Security is the friendliest security tool on the Mac. Live in the menu bar, clear list of checks, green/orange bullets, no dashboards, no seat pricing. I want that same UX for the boxes I SSH into — the VPSes, the Raspberry Pis, the Proxmox nodes, the one mystery box that's definitely running something.

That's Noxen. Same philosophy, broader scope: instead of just the local Mac, it scans the fleet of remote Linux hosts sitting behind your ~/.ssh/config.

What's the same

• Mac-native. SwiftUI. Signed + notarised. No Electron, no Docker, no Linux VM requirement.
• Discreet. Noxen runs nightly via a LaunchAgent helper and only shows itself when there's a diff to surface.
• Clear checks. Each finding is one line with a severity, a fix suggestion, and a reference link.
• Transparent. No usage telemetry, no dashboards phoning home, no user analytics.
• Not a SaaS. Pareto charges $17 one-time for personal use. Noxen charges $79 one-time for 25 hosts. No per-host pricing.

What's different

Pareto's strength is also the reason it stops at the Mac: its checks read local system state through macOS APIs (SMAppService, TCC, system_profiler, SecTrustEvaluate, etc). That's by construction, not accident. The same checks can't work against a remote Ubuntu host over SSH.

Noxen's scope is deliberately the inverse:

• SSH inventory. /etc/os-release, kernel version, dpkg -l / rpm -qa / apk info, sshd_config, authorized_keys.
• CPE → CVE matching. Every installed package is normalised to a CPE 2.3 string and matched against a signed CVE feed sourced from NVD + OSV + GHSA.
• Network posture. TCP port scan (top 1000), TLS certificate + cipher audit, HTTP security header probe, exposed admin surface detection (Grafana, Portainer, Kibana, unauth Redis / Mongo / Elasticsearch, .git/config, .env).
• Diff-from-yesterday. You don't want the full report every morning — you want to know what changed.

Do I need both?

If you run Pareto on your Mac today, keep it. Noxen doesn't replace it — the checks are different by design. Use Pareto for your laptop(s), use Noxen for the boxes you SSH into. The two tools together cover the thing most indie homelabs are missing: "what's the posture of every machine I own, without a SaaS running in the background?"

Noxen 1.x ships soon — $79 one-time for 25 hosts. Follow updates via the blog.