EE 0.19.3 — MCP affordance + class-O truncation sweep · Hexa-Framework

Security Intelligence
Without Data Exposure.

Open-source, AI-powered network security scanner. 55 plugins. SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS v4.0.1 + ISO/IEC 27001:2022 + CIS Controls v8 compliance evidence. Runs entirely on your infrastructure — zero data exfiltration by architecture.

nsauditor-ai — scan

$ nsauditor-ai scan --host aws --plugins all --compliance soc2,hipaa,nist-csf,pci-dss

✓ 55 plugins loaded (27 CE + 28 EE)

✓ Frameworks: SOC 2 · HIPAA §164.312 · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO 27001:2022 · CIS Controls v8

✓ scan_compliance_soc2.{md,html,json} → 10/4/33

✓ scan_compliance_hipaa.{md,html,json} → 7/3/45

✓ scan_compliance_nist-csf.{md,html,json} → 13/10/83

✓ scan_compliance_pci-dss.{md,html,json} → 20/8/39 MVP-67

✓ scan_compliance_iso-27001.{md,html,json} → 17/14/62

✓ scan_compliance_cis-v8.{md,html,json} → 17/22/114

✓ Zero data exfiltration — no findings left your infra

# Audit a cloud account directly from Claude Desktop (MCP) — "audit my AWS account"

$ nsauditor-ai scan --host aws --env ~/envs/prod.env --compliance soc2

$ nsauditor-ai scan --host aws --aws-profile prod --compliance soc2

Get Started

Pro — from $39/mo → View Pricing

Community Edition is free forever · MIT licensed

What's Inside

🔒

Zero Data Exfiltration

Runs entirely on your machine. No cloud. No telemetry. License validation is offline. We can't see your data because we never touch it.

🔍

Verified Vulnerabilities

Safe probes confirm findings are real — not just version-matched guesses. VERIFIED or POTENTIAL, clearly labeled. No false confidence.

🤖

AI-Powered Analysis

OpenAI, Claude, or Ollama (fully local). Executive reports, remediation guidance, risk prioritization. Your API keys, your data.

📊

55 Scanner Plugins

27 CE plugins: Ports, SSH, HTTP, TLS, DNS, SNMP, SMB, RPC, mDNS, UPnP, and more. 28 EE cloud plugins: AWS S3, GCP, Azure, Zero Trust, IAM Deep Auditor, CloudTrail, API Gateway, DynamoDB, KMS, Lambda, Secrets+SSM, CodePipeline, IAM Decrypt-Path, S3 Lifecycle, AWS Backup, RDS, SES, VPC/PrivateLink, EC2 SG, ElastiCache, Inspector2/GuardDuty, plus dedicated Azure Storage / NSG perimeter / Key Vault deep auditors, and more.

📋

Hexa-Framework Compliance

SOC 2 (AICPA TSC 2017), HIPAA Security Rule §164.312, NIST CSF 2.0, PCI DSS v4.0.1, ISO/IEC 27001:2022, and CIS Critical Security Controls v8 — all from one scan. Sub-requirement-level mapping for QSA RoC workflow. Defined-vs-Customized Approach discipline per Appendix E. CHD Scope operator-attested. ISO 27001 Statement of Applicability discipline. CIS Implementation Group cumulative discipline (IG1 cyber-insurance baseline). Auditor-ready evidence packs with SHA-256 chain-of-custody and RFC 3161 timestamps. Zero BAA required.

🔌

MCP Integration

Expose scanning tools to AI assistants like Claude via Model Context Protocol. Security intelligence at your fingertips.

Viewing Scan Reports

out/<host>_<timestamp>/ — output files

scan_response_ai.html Styled AI report — CVE links, risk badges, remediation guidance

scan_conclusion_raw.html Full admin detail — interactive filters, all plugin findings unredacted

scan_intelligence.json CVE matches, MITRE ATT&CK mapping, risk scores (Pro)

scan_conclusion_raw.json Full machine-readable conclusion for automation

scan_response_ai.txt AI analysis as plain Markdown — paste into issues, Slack, chat

scan_compliance_soc2.{html,json,md} SOC 2 evidence pack — AICPA TSC 2017, SHA-256 chain-of-custody (EE)

scan_compliance_hipaa.{html,json,md} HIPAA §164.312 evidence pack — R/A discipline, Zero BAA (EE)

scan_compliance_nist-csf.{html,json,md} NIST CSF 2.0 evidence pack — subcategory-level, SP 800-53 refs (EE)

scan_compliance_pci-dss.{html,json,md} PCI DSS v4.0.1 evidence pack — sub-requirement-level for QSA RoC, CHD Scope operator-attested, card-brand AOC enforcement view (EE)

Open reports in your browser

# macOS — open AI report open out/192.168.1.1_*/scan_response_ai.html # macOS — open full admin detail open out/192.168.1.1_*/scan_conclusion_raw.html # Linux xdg-open out/192.168.1.1_*/scan_response_ai.html # Custom output directory nsauditor-ai scan --host 10.0.0.1 --out ./reports open ./reports/10.0.0.1_*/scan_response_ai.html # Markdown report (paste-ready) nsauditor-ai scan --host 10.0.0.1 --output-format md

Scanner Plugins

Compliance Frameworks

MIT

Licensed

Data Collected

Three Editions

Community

Free

forever, MIT licensed

npm install -g nsauditor-ai

27 scanner plugins
AI analysis (OpenAI, Claude, Ollama)
CTEM watch mode
SARIF + CSV export
MCP server

Pro

$39/mo

billed $470/yr · save 20% vs monthly

Learn More & Subscribe →

CVE matching + MITRE
Parallel analysis agents
Verified vulnerabilities
Risk scoring
Intelligence-enriched AI reports

Enterprise

$2k+/yr

custom pricing · net-30 invoicing

Learn More →

55 plugins (27 CE + 28 EE cloud plugins — AWS · GCP · Azure)
Hexa-framework compliance — one scan, six evidence packs
SOC 2 (AICPA TSC 2017) — 10/4/33
HIPAA §164.312 — 7/3/45 · Zero BAA
NIST CSF 2.0 — 13/10/83 subcategories
PCI DSS v4.0.1 — 20/8/39 sub-requirements (MVP-67)
ISO/IEC 27001:2022 — 17/14/62 Annex A controls
CIS Controls v8 — 17/22/114 Safeguards
Docker isolation · Air-gapped deployment
Dedicated SLA · Vanta GRC connector

Security IntelligenceWithout Data Exposure.