Simple pricing.
Start free, scale up.

Community Edition is free forever. Upgrade when you need intelligence, verification, and compliance.

All tiers include AI analysis via OpenAI, Claude, or Ollama — your keys, your data
Annual Monthly Save 20%
Community
Free
Forever. MIT licensed. No restrictions.
npm install -g nsauditor-ai
Scanning
  • 27 scanner plugins
  • Subnet scanning (parallel)
  • SYN scanner (Nmap wrapper)
AI & Analysis
  • AI analysis (OpenAI, Claude, Ollama)
  • Basic scan-summary prompts
  • Basic MITRE ATT&CK tagging
Output & Integration
  • JSON, HTML, SARIF, CSV export
  • MCP server (5 tools)
  • CTEM watch mode (7-day history)
  • Webhook alerts
Most Popular
Pro
$39 /mo
Billed as $470/yr · saves $118 vs monthly
Subscribe Annual — $470/yr →
Everything in Community, plus
  • CVE matching (offline NVD) new
  • Full MITRE ATT&CK mapping
  • Parallel analysis agents (5 categories) new
  • Verified vulnerabilities (safe probes) new
  • Risk scoring + prioritization
  • Intelligence-enriched AI prompts
  • Executive-ready reports + PDF
  • Branded reports (custom logo)
  • Advanced CTEM (unlimited history, SQLite)
  • Enhanced redaction profiles
  • Pro MCP tools (9 total)
  • Email support (48hr SLA)
Full Pro feature breakdown →
Enterprise
$2k+/yr
Annual invoicing. Volume discounts available.
Buy Enterprise → Full Enterprise details →
Everything in Pro, plus
  • 48 plugins (21 EE: S3, GCP, Azure, Zero Trust, IAM, CloudTrail, API Gateway, DynamoDB, KMS, Lambda, Secrets+SSM, CodePipeline+CodeBuild, IAM Decrypt-Path, S3 Lifecycle+Replication, AWS Backup Auditor, AWS RDS Auditor, AWS SQS/SNS Auditor, AWS VPC Endpoints / PrivateLink Auditor, AWS EC2 SG Perimeter Auditor, AWS ElastiCache Redis Auditor, AWS SES Email Integrity Auditor) NEW in 0.6.0: VPC Endpoints / PrivateLink Auditor (plugin 1160) · v0.6.x line opens with plugin-breadth expansion
  • Zero Trust assessment
  • Compliance engine (NIST, HIPAA, PCI, GDPR)
  • Compliance dashboards
  • Docker per-scan isolation new
  • ZDE policy engine + audit logs
  • Air-gapped deployment
  • PostgreSQL backend (unlimited retention)
  • Enterprise MCP tools
  • Dedicated support channel
  • Onboarding call included
Enterprise Tiers
Base
$2,000/yr
Up to 5 seats / scanning nodes
Buy Now
Growth
$5,000/yr
Up to 25 seats / scanning nodes
Buy Now
Scale
$10,000+/yr
Unlimited seats · custom SLA · custom plugins
Buy Now
Frequently Asked Questions
What's the difference between annual and monthly Pro?
Same features, same license — annual is $470/yr ($39.17/mo effective), monthly is $49/mo billed each month. Annual saves you $118/yr. Both can be cancelled, though annual billing is for the full year. If you cancel an annual plan, it remains active until the period ends.
Can I use OpenAI or Claude with the free Community Edition?
Yes. All AI providers (OpenAI, Claude, Ollama) work in all tiers. You provide your own API keys — we never see them. The difference is what goes into the prompt: CE sends basic scan summaries, Pro injects CVE matches, risk scores, MITRE techniques, and verification status. Same API call, vastly better output.
What does "Zero Data Exfiltration" mean?
NSAuditor AI runs entirely on your machine. Your scan data, findings, and reports never touch our servers. License validation is offline (JWT). AI uses your own API keys. We are not a data processor under any regulation — no DPAs or BAAs required.
What are "Verified Vulnerabilities"?
Instead of just matching software versions against CVE databases (which produces false positives), NSAuditor AI Pro sends safe, non-destructive probes to confirm findings are real. TLS 1.0 enabled? We attempt a handshake. Default SNMP community? We send a GET. Findings are classified as VERIFIED, POTENTIAL, or FALSE_POSITIVE. See the full breakdown on the Pro page.
Can I run NSAuditor AI fully offline?
Yes. The scanner, plugins, and all analysis run offline. AI analysis with Ollama requires no internet. CVE matching uses an offline NVD feed. Enterprise tier includes Docker images and air-gapped installation tarballs for fully isolated environments.
What payment methods do you accept?
Pro subscriptions are handled through Stripe — all major credit cards accepted. Enterprise contracts are invoiced annually (net-30). Contact enterprise@nsasoft.us for custom arrangements.
What counts as a seat?
One seat = one installation of NSAuditor AI EE on one machine (laptop, server, container image, or CI runner). The license operates per installation, not per named user. If the same engineer installs EE on a laptop and a build server, that counts as two seats under your license agreement.
Do CI runners count toward seats?
Contractually, yes — each runner that installs and executes EE is a seat under your license agreement. For pipelines that spin up many short-lived runners, contact enterprise@nsasoft.us up front about a CI-runner allowance rather than provisioning per-runner seats.
What happens if I exceed my seat count?
Nothing breaks at runtime. EE seat enforcement is contractual, not technical — there are no surprise lockouts, no install blocks, and no remote check-ins (NSAuditor AI is designed to run in air-gapped and restricted-egress environments). nsauditor-ai license --status shows the seat number on your license. If your team has grown past your tier, contact enterprise@nsasoft.us or upgrade at https://www.nsauditor.com/ai/pricing/ — we reconcile and prorate at renewal.
Can I move a seat between machines?
Yes. Uninstall EE on the old machine and install on the new one. There's no per-machine activation to undo; the seat count is contractual, so a 1-for-1 move stays within your license agreement.

Start scanning in 30 seconds

No account needed. No credit card. Just install and scan.

npm install -g nsauditor-ai