EE 0.30.0 — AWS + Azure false-negative depth-pass + cross-source/cross-vector compliance-mapping parity · 28 plugins, 7 matrices UNCHANGED · Hepta-Framework →

Security Intelligence
Without Data Exposure.

Open-source, AI-powered network security scanner. 55 plugins. SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS v4.0.1 + ISO/IEC 27001:2022 + CIS Controls v8 + GDPR Article 32 compliance evidence. Runs entirely on your infrastructure — zero data exfiltration by architecture.

Enterprise — compliance evidence → Start free — Community

nsauditor-ai — scan

$ nsauditor-ai scan --host aws --plugins all --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8,gdpr

✓ 55 plugins loaded (27 CE + 28 EE)

✓ Frameworks: SOC 2 · HIPAA §164.312 · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO 27001:2022 · CIS Controls v8 · GDPR Art. 32

✓ scan_compliance_soc2.{md,html,json} → 10/4/33

✓ scan_compliance_hipaa.{md,html,json} → 7/3/45

✓ scan_compliance_nist-csf.{md,html,json} → 13/10/83

✓ scan_compliance_pci-dss.{md,html,json} → 19/9/39 MVP-67

✓ scan_compliance_iso-27001.{md,html,json} → 17/14/62

✓ scan_compliance_cis-v8.{md,html,json} → 17/22/114

✓ scan_compliance_gdpr.{md,html,json} → 4/5/2 Art.32 substrate

✓ Zero data exfiltration — no findings left your infra

# Audit a cloud account directly from Claude Desktop (MCP) — "audit my AWS account"

$ nsauditor-ai scan --host aws --env ~/envs/prod.env --compliance soc2

$ nsauditor-ai scan --host aws --aws-profile prod --compliance soc2

Get Started

Enterprise — seven frameworks, one scan → Pro — from $39/mo View Pricing

The cloud-audit + compliance engine shown above is NSAuditor AI Enterprise · Community Edition is free forever, MIT licensed

What's Inside

🔒

Zero Data Exfiltration

Runs entirely on your machine. No cloud. No telemetry. License validation is offline. We can't see your data because we never touch it.

🔍

Verified Vulnerabilities

Safe probes confirm findings are real — not just version-matched guesses. VERIFIED or POTENTIAL, clearly labeled. No false confidence.

🤖

AI-Powered Analysis

OpenAI, Claude, or Ollama (fully local). Executive reports, remediation guidance, risk prioritization. Your API keys, your data.

📊

55 Scanner Plugins

27 CE plugins: Ports, SSH, HTTP, TLS, DNS, SNMP, SMB, RPC, mDNS, UPnP, and more. 28 EE cloud plugins: AWS S3, GCP, Azure, Zero Trust, IAM Deep Auditor, CloudTrail, API Gateway, DynamoDB, KMS, Lambda, Secrets+SSM, CodePipeline, IAM Decrypt-Path, S3 Lifecycle, AWS Backup, RDS, SES, VPC/PrivateLink, EC2 SG, ElastiCache, Inspector2/GuardDuty, plus dedicated Azure Storage / NSG perimeter / Key Vault deep auditors, and more.

📋

Hepta-Framework Compliance

SOC 2 (AICPA TSC 2017), HIPAA Security Rule §164.312, NIST CSF 2.0, PCI DSS v4.0.1, ISO/IEC 27001:2022, CIS Critical Security Controls v8, and GDPR Article 32 (Security of Processing) — all from one scan. Sub-requirement-level mapping for QSA RoC workflow. Defined-vs-Customized Approach discipline per Appendix E. CHD Scope operator-attested. ISO 27001 Statement of Applicability discipline. CIS Implementation Group cumulative discipline (IG1 cyber-insurance baseline). GDPR Article 32 is an infrastructure substrate for Art. 32 only (4 covered + 5 partial + 2 OOS across 11 sub-measure units) — NOT GDPR compliance. Auditor-ready evidence packs with SHA-256 chain-of-custody and RFC 3161 timestamps. Zero BAA required.

🔌

MCP Integration — free in Community

The MCP server ships free in the Community Edition — drive NSAuditor from Claude Desktop, Claude Code, Cursor, or any MCP-aware agent. Add it to your claude_desktop_config.json (npx nsauditor-ai-mcp), then install the optional agent skill so the assistant knows NSAuditor's tools, schemas, and audit workflows — in Claude Desktop: Skills → Create skill → Upload a skill (upload SKILL.md). Then just ask: "audit my AWS account."

Viewing Scan Reports

out/<host>_<timestamp>/ — output files

scan_response_ai.html Styled AI report — CVE links, risk badges, remediation guidance

scan_conclusion_raw.html Full admin detail — interactive filters, all plugin findings unredacted

scan_intelligence.json CVE matches, MITRE ATT&CK mapping, risk scores (Pro)

scan_conclusion_raw.json Full machine-readable conclusion for automation

scan_response_ai.txt AI analysis as plain Markdown — paste into issues, Slack, chat

scan_compliance_soc2.{html,json,md} SOC 2 evidence pack — AICPA TSC 2017, SHA-256 chain-of-custody (EE)

scan_compliance_hipaa.{html,json,md} HIPAA §164.312 evidence pack — R/A discipline, Zero BAA (EE)

scan_compliance_nist-csf.{html,json,md} NIST CSF 2.0 evidence pack — subcategory-level, SP 800-53 refs (EE)

scan_compliance_pci-dss.{html,json,md} PCI DSS v4.0.1 evidence pack — sub-requirement-level for QSA RoC, CHD Scope operator-attested, card-brand AOC enforcement view (EE)

scan_compliance_gdpr.{html,json,md} GDPR Article 32 evidence pack — Security-of-Processing infrastructure substrate (Art. 32 only, not GDPR compliance), 4 covered + 5 partial + 2 OOS across 11 sub-measure units (EE)

Open reports in your browser

# macOS — open AI report open out/192.168.1.1_*/scan_response_ai.html # macOS — open full admin detail open out/192.168.1.1_*/scan_conclusion_raw.html # Linux xdg-open out/192.168.1.1_*/scan_response_ai.html # Custom output directory nsauditor-ai scan --host 10.0.0.1 --out ./reports open ./reports/10.0.0.1_*/scan_response_ai.html # Markdown report (paste-ready) nsauditor-ai scan --host 10.0.0.1 --output-format md

Scanner Plugins

Compliance Frameworks

MIT

Licensed

Data Collected

Three Editions

Community

Free

forever, MIT licensed

npm install -g nsauditor-ai

27 scanner plugins
AI analysis (OpenAI, Claude, Ollama)
CTEM watch mode
SARIF + CSV export
MCP server (Claude Desktop / Code / Cursor)

Pro

$39/mo

billed $470/yr · save 20% vs monthly

Learn More & Subscribe →

CVE matching + MITRE
Parallel analysis agents
Verified vulnerabilities
Risk scoring
Intelligence-enriched AI reports

Enterprise

$2k+/yr

custom pricing · net-30 invoicing

Enterprise — compliance evidence →

55 plugins (27 CE + 28 EE cloud plugins — AWS · GCP · Azure)
Hepta-framework compliance — one scan, seven evidence packs
SOC 2 (AICPA TSC 2017) — 10/4/33
HIPAA §164.312 — 7/3/45 · Zero BAA
NIST CSF 2.0 — 13/10/83 subcategories
PCI DSS v4.0.1 — 19/9/39 sub-requirements (MVP-67)
ISO/IEC 27001:2022 — 17/14/62 Annex A controls
CIS Controls v8 — 17/22/114 Safeguards
GDPR Article 32 — 4/5/2 across 11 sub-measure units (Security-of-Processing infrastructure substrate, Art. 32 only)
Docker isolation · Air-gapped deployment
Dedicated SLA · Vanta GRC connector

Security IntelligenceWithout Data Exposure.