NSAuditor AI

Security Intelligence Without Data Exposure.

A modular, AI-assisted network security audit platform that scans, understands, prioritizes, and tracks vulnerabilities — without ever requiring your data to leave your infrastructure.

NSAuditor AI is the open-source core of a privacy-first security intelligence platform built by Nsasoft US LLC. It orchestrates 27 specialized scanning plugins against target hosts, fuses their results through an intelligent concluder, and optionally produces AI-powered vulnerability reports — all running entirely on your machine.

Zero Data Exfiltration by design. NSAuditor AI works fully offline. AI analysis, CVE correlation, and continuous monitoring all happen locally. External calls (to AI APIs, NVD, etc.) are opt-in and use your own API keys. We never see your scan data.

What's New

Latest: CE 0.1.91 + Enterprise 0.16.0 (May 2026)

• 🎯 Per-account scanning: --env / --aws-profile + sentinel-host plugin scoping (CE 0.1.91 — paired EE 0.16.0) — audit many cloud accounts one at a time without shell-export juggling. --env <path> loads a per-scan dotenv credentials file (override-on; fail-fast on a missing file; an INI/~/.aws/credentials file is detected and redirected to --aws-profile). --aws-profile <name> uses a named profile from the OS-default ~/.aws/credentials (clears stale explicit keys, sets AWS_SDK_LOAD_CONFIG=1, implies CLOUD_PROVIDER=aws). On a cloud-sentinel host, --host aws|gcp|azure + --plugins all auto-scopes to only that cloud's plugins (other clouds + non-cloud plugins are skipped and logged); explicit --plugins lists are unaffected. A host↔CLOUD_PROVIDER conflict fails fast (no silent empty "clean" report), and a zero-match sentinel scope warns loudly. EE 0.16.0 adds a declarative cloudProvider field to all 27 cloud plugins. Plugin count UNCHANGED at 28; all six matrices UNCHANGED.

• 🛡️ Cross-cloud scope hotfix (CE 0.1.90 — paired EE 0.15.9) — EE 0.15.9 moves the AWS-plugin CLOUD_PROVIDER gate from preflight() to run(): the 0.15.8 gate was placed where the scan orchestrator never calls it, so the cross-cloud bleed persisted; it's now on the load-bearing run() path (a CLOUD_PROVIDER=gcp|azure scan with AWS creds present no longer bleeds AWS resources into the GCP/Azure packs), validated via a run()-path test + a real-creds local proof. CE is a paired no-op bump. Plugin count UNCHANGED at 28; all six matrices UNCHANGED.

• 🛡️ Cloud-plugin scoping fixes (CE 0.1.89 — paired EE 0.15.8) — EE 0.15.8 closes two issues surfaced by the 0.15.7 full multi-cloud smoke: the AWS plugins now gate on CLOUD_PROVIDER (a CLOUD_PROVIDER=gcp|azure scan with AWS creds present no longer bleeds AWS resources into the GCP/Azure attestation packs), and the GCP IAM/storage auditor now surfaces an evidence-gap instead of a false-clean PASS when a policy can't be read. CE is a paired no-op bump (no CE code change). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED.

• ☁️ GCP SDK refresh (CE 0.1.88 — paired EE 0.15.7) — EE 0.15.7 re-applies the GCP SDK major bump (@google-cloud/compute ^6 / @google-cloud/iam ^2 / googleapis ^173) on the pure-ADC credential path, validated live against a test-infra GCP project (first live GCP audit: 3 CRITICAL firewall findings on compute@6). Compute-client SA-impersonation is explicitly unsupported on compute@6 (documented in-code + gated to plan-later); pure-ADC and key-file paths are fully supported. Also folds the plugin-1021 project-resolution fix. CE is a paired no-op bump (no CE code change). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED.

• 🧭 Compliance-mapping correctness (CE 0.1.87 — paired EE 0.15.6) — EE 0.15.6 closes two cross-framework defects in how S3 public-exposure findings route to the compliance frameworks: a publicly-accessible bucket now correctly maps to NIST CSF PR.AA-05 + PR.DS-01 and PCI DSS 7.2.1 (it previously showed CLEAN on those two), and a missing-Public-Access-Block guardrail gap (not a confirmed exposure) no longer false-FAILs the confidentiality-exposure controls. CE is a paired no-op bump (no CE code change). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED.

• 🧹 Dependency-hygiene / institutional-trust patch (CE 0.1.86 — paired EE 0.15.5) — removes deprecation warnings + advisories from npm install. The abandoned simple-wappalyzer (→ deprecated, now-commercial wappalyzer-core) is replaced by an in-house zero-dependency web tech fingerprinter (utils/tech_fingerprint.mjs — header/HTML/script-src/cookie/meta signatures; same {name,categories,confidence,version} output). @anthropic-ai/sdk bumped ^0.82→^0.100 (exits the GHSA-p7fg-763f-g4gf range; the Filesystem Memory Tool is never used). The direct uuid dependency is dropped in favor of native crypto.randomUUID(). NEW SECURITY.md documents remaining transitive notices. No feature/behavior change.

• 🪣 Non-current-version ACL sampling + public WRITE-vs-READ differentiation (EE 0.15.4 — paired) — closes the two residuals the 0.15.3 spec carried as deferred. Plugin 1020 gains NEW step 2c-v: on versioning-Enabled/Suspended buckets it samples non-current object versions (ListObjectVersions first-page, cap-bounded → per-version GetObjectAcl({VersionId}), delete-markers skipped) — catching a public ACL that survives on an overwritten version still downloadable via ?versionId= after the current version is made private (CRITICAL via the existing "publicly accessible" anchor; PAB IgnorePublicAcls → LOW; skipped on BucketOwnerEnforced). NEW sibling helper extractPublicWriteGroups flags public WRITE/WRITE_ACP/FULL_CONTROL grants (anyone-can-overwrite) distinctly from READ-only, as an enrichment line on the already-CRITICAL finding at bucket/object/version ACL sites. ListObjectVersions AccessDenied (distinct s3:ListBucketVersions action) + a GetBucketVersioning AccessDenied review-fold both degrade to routed LOW evidence-gaps via the existing "S3 object-ACL evidence-gap" anchor — never a silent PASS. Enterprise plugin count UNCHANGED (28); all six coverage matrices UNCHANGED; ZERO framework-JSON edits. TDD-first, +27 tests; EE regression 6628/6628 GREEN. (Staged on main; awaiting live smoke + trio publish.)

• 🪣 Object-level ACL enumeration + BucketOwnerEnforced short-circuit (EE 0.15.3 — paired) — closes the 4th and final S3 public-exposure vector (object-level ACLs) documented as a residual in the 0.15.2 closure. Plugin 1020 gains NEW step 2c sampled GetObjectAcl enumeration over first-page objects (default cap 10; per-object throttle default 50ms) + NEW step 2a GetBucketOwnershipControls upstream short-circuit that skips both 2b (bucket-ACL) and 2c (object-ACL) on BucketOwnerEnforced buckets (the default since April 2023; saves 11+ API calls per BOE bucket on modern estates AND closes a false-positive class where BOE buckets with legacy stored public ACL grants previously emitted CRITICAL — they now emit informational because S3 structurally ignores ACL grants under BOE). INTENTIONAL MATRIX DELTA from 0.15.2 on BOE buckets with pre-BOE legacy grants: CRITICAL → informational. NEW shared extractPublicGroups helper used by BOTH step 2b (refactored byte-identical) AND step 2c. 4 LOW evidence-gap emissions via NEW "S3 object-ACL evidence-gap" substring anchor on SOC 2 CC7.1 + HIPAA §164.312(b) (substrate-depth on already-covered controls; matrices unchanged). Live AWS smoke all 4 spot-checks PASS (BOE detection; E1 CRITICAL en-dash bytes preserved; cap clamping; objectRateMs throttling). Enterprise plugin count unchanged (28); all six coverage matrices unchanged.

• 🎯 Audit-accuracy calibration & CloudTrail hardening (EE 0.15.2 — paired) — four real-production-account-driven folds: (1) plugin 1020 (S3) effective-public-exposure calibration — missing/partial Public Access Block downgraded CRITICAL→MEDIUM (guardrail gap, not current exposure) + NEW GetBucketAcl check completing the ACL×policy×PAB join (public AllUsers/AuthenticatedUsers grant → CRITICAL unless neutralized by PAB IgnorePublicAcls); (2) plugin 1040 (CloudTrail) KMS-CMK calibration — trail-level "KmsKeyId not set" downgraded MEDIUM→LOW when the destination bucket has default SSE-KMS; (3) plugin 1040 (CloudTrail) multi-region timeout hardening — an AbortController tied to the soft-budget deadline lets a hung disabled-region abort so the plugin finalizes PARTIAL evidence; (4) plugin 1221 (Azure NSG) +10 restricted UDP ports + plugin 1222 (Azure Key Vault) F-2 custom-role resolution + F-7.2 HSM dim. Enterprise plugin count unchanged (28); all six coverage matrices unchanged.

• 🔧 Azure Key Vault Deep auditor hotfix (EE 0.15.1 — plugin 1222) — two defects surfaced by the 0.15.0 published-build smoke. H-1: the diagnostic-logging dim treated @azure/arm-monitor's diagnosticSettings.list() as a paged async-iterator when it actually returns a {value:[]} collection object → the dim always degraded to a non-functional evidence-gap; now correctly await-ed and read via .value (confirmed against live Azure; the unit-test mock was the mock-vs-real-SDK mismatch that masked it). H-2: the privileged-access dim flagged inherited subscription/management-group-scope Owner/Contributor as HIGH on every RBAC vault — re-tuned so inherited Owner/User-Access-Admin → MEDIUM, inherited Contributor → LOW, with HIGH reserved for vault-scoped control-plane god roles + Key Vault Administrator. Additive bug-fix only; enterprise plugin count unchanged (28); all six coverage matrices unchanged.

• ☁️ NEW Azure Key Vault Deep auditor (EE 0.15.0 — plugin 1222; enterprise plugin count 27 → 28) — the third dedicated Azure auditor (after 1220 storage + 1221 NSG), the Key Vault analog of how 1221 deepens the multi-purpose Azure scanner's flat NSG dim. Enumerates each vault's keys, role assignments, and diagnostic settings across 4 dims: (1) key auto-rotation policy, (2) key expiry, (3) diagnostic logging → Log Analytics, (4) privileged-access depth (RBAC role assignments + legacy access-policy breadth incl. export/wide-crypto). Orthogonal to the Azure scanner's vault-property dims (purge/soft-delete/network-ACL/RBAC-mode) — no double-emission; secret/cert expiry is a deliberate data-plane scope boundary. Findings route across all six frameworks (SOC 2 CC6.3/C1.1/CC6.1/CC7.2 / HIPAA / NIST CSF / PCI DSS / ISO 27001 / CIS v8) — all coverage matrices unchanged.

• ☁️ Azure NSG Perimeter auditor — UDP lane (EE 0.14.1 — plugin 1221) — the perimeter auditor now tiers UDP management/amplification services (SNMP 161, CLDAP 389, NTP 123, rpcbind 111, IPMI 623, IKE 500, Memcached 11211, etc.), not just TCP — closing a false negative where a public-internet UDP service was silently treated as a benign "web tier" port. NEW Dim 2u/3u (UDP public-source + ::/0), attachment-aware (CRITICAL effective / MEDIUM latent), per-transport priority/deny-override resolution; Dim-4 made protocol-aware. Plugin count unchanged (27); all six coverage matrices unchanged.

• ☁️ NEW Azure NSG Perimeter auditor (EE 0.14.0 — plugin 1221; enterprise plugin count 26 → 27) — the Azure analog of AWS plugin 1170, a CC6.6 network-segmentation perimeter auditor for Azure Network Security Groups. Evaluates each NSG's inbound rules in Azure priority order (first match wins; DenyAllInbound default): all-protocol public Allow, public-source (*/0.0.0.0/0/Internet) to restricted management/data-tier ports (SSH/RDP/databases/etc.), ::/0 IPv6-wildcard (the dimension the multi-purpose Azure scanner misses), with attachment-aware severity (attached to a subnet/NIC → CRITICAL effective exposure; orphaned → MEDIUM latent), effective priority/deny-override resolution, and 0.0.0.0/1 split-range coverage. Findings route across all six frameworks (SOC 2 CC6.6 / HIPAA / NIST CSF / PCI DSS / ISO 27001 / CIS v8) — all coverage matrices unchanged.

• ☁️ Azure Storage auditor deepened (EE 0.13.3 — plugin 1220, +2 dims) — added blob recoverability (soft-delete + versioning) and per-container anonymous public-access detection (account-toggle-aware) via the secondary blob-service / container API paths. Plugin count unchanged (26); all six coverage matrices unchanged.

• ☁️ NEW Azure Storage Account auditor (EE 0.13.2 — plugin 1220; enterprise plugin count 25 → 26) — the first dedicated Azure auditor beyond the multi-purpose Azure scanner. Audits the encryption-at-rest / in-transit / authorization-mode surface: HTTPS-only transit, minimum TLS version, Shared Key authorization (bypasses Azure AD), infrastructure (double) encryption, and customer-managed-key reachability + rotation. Findings route across all six frameworks (SOC 2 / HIPAA / NIST CSF / PCI DSS / ISO 27001 / CIS v8) — all coverage matrices unchanged.

• 🛡️ CIS-Hardened-Image detection LIVE + AWS EC2 Instance auditor (EE 0.13.1 — plugin 1210) — multi-cloud CIS-Hardened-Image detection (AWS / Azure / GCP) on CIS Safeguards 4.1/4.2/4.6; EC2 instance-level IMDSv1 / EBS + account-default encryption / public-IP exposure audit. CIS v8 matrix 17/22/114.

• 🆕 CIS Critical Security Controls v8 (Center for Internet Security, May 2021; v8.1 errata June 2024) is now the sixth supported compliance framework in Enterprise — alongside SOC 2, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, and ISO/IEC 27001:2022. Per-Safeguard mapping (the atomic, attestable unit): 17 covered + 21 partial + 115 OOS across 153 Safeguards / 18 Controls / 3 cumulative Implementation Groups. Implementation Group cumulative discipline — IG1=56 (the cyber-insurance baseline; ~50-70% of mid-market policies require IG1 attestation), IG2 cumulative=130, IG3 cumulative=153. No-certification-body attestation discipline — engine output is INPUT to your CSAT / CIS-CAT Pro self-attestation (or a SOC 2 auditor cross-validating CIS scope), never "CIS certified." Cloud Companion Guide v8 shared-responsibility-model boundary + CIS-Hardened-Image substrate-evidence credit (Safeguards 4.1/4.2/4.6) + 5 Security Functions (NOT 6 — no Govern) + MS-ISAC/EI-ISAC/H-ISAC sector baselines. Generate evidence for any combination from a single scan: --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 (Enterprise only).

• 🔐 ISO/IEC 27001:2022 (added in EE 0.12.0) — per-Annex-A-code mapping (auditor-canonical for ISO/IEC 17021-1 certification body assessors): 17 covered + 14 partial + 62 OOS across 93 Annex A controls. Statement of Applicability per Clause 6.1.3.d discipline + ISMS Clauses 4-10 OOS-by-design with 7 Major Nonconformity classes (absence of internal audit per Clause 9.2 or management review per Clause 9.3 = auto-fail Stage 2) + 11 NEW 2022 controls + 5-attribute taxonomy.

• 💳 PCI DSS v4.0.1 (added in EE 0.11.0) — Defined-vs-Customized Approach discipline per Appendix E. CDE scope operator-attested. Card-brand AOC enforcement priority view (Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC).

• ⚡ NIST Cybersecurity Framework 2.0 (added in EE 0.10.0) — 13 covered + 10 partial + 83 OOS Subcategories across 106 of CSF 2.0's 107 Subcategories.

• 🏥 HIPAA Security Rule §164.312 (added in EE 0.9.0) — Zero BAA required; your ePHI never leaves your infrastructure.

• ☁️ 25 cloud plugins across AWS, Azure, GCP — fully integrated SOC 2 / HIPAA / NIST CSF 2.0 / PCI DSS v4.0.1 / ISO 27001 / CIS Controls v8 evidence pipeline (Enterprise).

• 🔬 Per-Framework Adversarial-Audit Skill Pairing (institutional pattern) — Enterprise now ships with 10 authored Claude Code skills (Phase-4 Compliance/GRC chain 7-of-7 COMPLETE for all shipped frameworks). Each framework cycle is paired with a dedicated adversarial-audit skill authored in the same cycle: CIS Controls v8 pairs with NEW audit-cis-controls-v8-implementation-group-perspective (Skill #19) — surfacing 16 ship-blocker classes pre-author for a clean ship.

→ Full release history: CHANGELOG.md → See a sample EE scan output: walk-through with synthetic Acme Corp AWS account (no signup required)

What It Does

Scan → Verify → Prioritize → Track → Act

• 27 scanner plugins probe networks across ICMP, TCP, UDP, HTTP, TLS, SNMP, DNS, SMB, RPC, mDNS, UPnP, WS-Discovery, MCP (Model Context Protocol), and more
• Smart result fusion — the Result Concluder merges all plugin outputs into a normalized view with OS detection, service fingerprinting, and evidence linking
• Structured finding format — all findings use a common schema with category, severity, evidence, and remediation — enabling consistent SARIF export and MCP integration
• AI-powered analysis — send redacted scan results to OpenAI or Claude (your keys, your choice) for vulnerability assessments and remediation guidance
• Verified vulnerabilities (Pro) — safe, non-destructive probes confirm findings are real, not just version-matched guesses. If it can't be verified, it's flagged as "potential" not "confirmed"
• Continuous monitoring (CTEM) — watch mode rescans on a schedule, diffs against previous results, and fires webhook alerts on changes
• MCP integration — expose scanning tools to AI assistants like Claude Code via Model Context Protocol
• CI/CD ready — SARIF output with --fail-on severity gating for pipeline integration

Editions

NSAuditor AI is available in three editions: Community (free, MIT-licensed, no restrictions), Pro ($49/mo), and Enterprise ($2k+/yr).

Why upgrade to Enterprise?

If you're heading into a SOC 2, HIPAA, NIST CSF 2.0, PCI DSS, ISO 27001, or CIS Controls v8 audit — or need to satisfy customer security questionnaires citing those frameworks, or an IG1 attestation for cyber-insurance renewal — Enterprise turns scan output into auditor-ready evidence packs that pass institutional scrutiny:

• ☁️ 25 cloud plugins across AWS / Azure / GCP — find the configuration risks an auditor will flag, before they do (CloudTrail integrity, KMS custody, S3 Object Lock, IAM shadow-admin paths, GCP IAM impersonation chains, Azure RBAC sprawl, and more)
• 📋 6 compliance frameworks shipped — generate any combination from a single scan:
  • SOC 2 (AICPA TSC 2017) — 10 fully-covered + 4 partial controls
  • HIPAA Security Rule §164.312 — 7 covered + 3 partial Technical Safeguards; Zero BAA required (ePHI never leaves your infrastructure)
  • NIST CSF 2.0 Core (NIST CSWP 29, Feb 2024) — 13 covered + 10 partial Subcategories across 106 of CSF 2.0's 107 Subcategories; Subcategory-level mapping (auditor-canonical, not high-level Function/Category claims)
  • PCI DSS v4.0.1 (PCI SSC, June 2024 errata; v3.2.1 retired March 31, 2024) — 20 covered + 8 partial + 39 OOS sub-requirements across 67 of ~250 (MVP-67); sub-requirement-level mapping for QSA Report on Compliance workflow; Defined-vs-Customized Approach discipline per Appendix E (15 Defined-only sub-requirements enforced at schema layer); CHD Scope operator-attested via CDE Data Flow Diagram per Req 1.2.4; Card-brand AOC enforcement priority view (Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC)
  • ISO/IEC 27001:2022 (ISO + IEC, Oct 2022; 2013 edition retired Oct 31, 2025) — 17 covered + 14 partial + 62 OOS across 93 Annex A controls (the complete Annex A universe); per-Annex-A-code mapping auditor-canonical for ISO/IEC 17021-1 certification body assessors; Statement of Applicability per Clause 6.1.3.d discipline + ISMS Clauses 4-10 OOS-by-design with 7 Major Nonconformity classes
  • CIS Critical Security Controls v8 (CIS, May 2021; v8.1 errata June 2024) — 17 covered + 21 partial + 115 OOS across 153 Safeguards / 18 Controls; per-Safeguard mapping with the Implementation Group cumulative discipline (IG1=56 cyber-insurance baseline / IG2 cumulative=130 / IG3 cumulative=153); no-certification-body attestation discipline (INPUT to your CSAT / CIS-CAT Pro self-attestation, never "CIS certified"); Cloud Companion Guide v8 shared-responsibility + CIS-Hardened-Image substrate-evidence credit (4.1/4.2/4.6)
• 🔐 Cryptographically signed evidence — SHA-256 chain-of-custody + RFC 3161 trusted timestamps + Ed25519 suppression signing. Non-repudiation, not just integrity. Auditors can verify offline.
• 🏛️ Zero Data Exfiltration architecture — your scan data never leaves your infrastructure. Air-gapped deployment supported. AI analysis happens locally (Ollama) or via your own API keys. Important for PCI DSS CDE-isolation threat models.
• 🔗 Native GRC platform integration — push evidence directly to Vanta (live; Drata + Secureframe planned). Idempotent retries, per-tenant token rotation, rate-limit handling, signed-envelope round-trip integrity.
• 🗄️ WORM evidence storage — S3 Object Lock COMPLIANCE-mode for SEC Rule 17a-4(f) / FINRA 4511 retention compliance
• 📊 SLA / MTTR tracking + recurring-scan attestation — the Type II operating-effectiveness evidence auditors actually demand (not just point-in-time snapshots)
• 🎯 10 adversarial-audit Claude Code skills authored per the Per-Framework Adversarial-Audit Skill Pairing institutional pattern — Phase-4 Compliance/GRC chain 7-of-7 COMPLETE for all shipped frameworks (SOC 2 + HIPAA + NIST CSF + PCI DSS + ISO 27001 + CIS Controls v8 + GRC connector)

→ See sample EE scan output — full evidence pack against synthetic Acme Corp AWS account (no signup required) → Buy NSAuditor AI Enterprise Edition — $2k / $5k / $10k+ per year for 5 / 25 / unlimited seats + custom SLA. Onboarding call included.

Feature comparison

| | Community (Free) | Pro ($49/mo) | Enterprise ($2k+/yr) | |---|:---:|:---:|:---:| | Network scanning | | | | | 27 scanner plugins (SSH, HTTP, TLS, DNS, SMB, RPC, mDNS, etc.) | ✅ | ✅ | ✅ | | AI analysis (OpenAI, Claude, Ollama — your keys) | ✅ basic | ✅ enriched | ✅ enriched | | Structured findings + SARIF + CSV export | ✅ | ✅ | ✅ | | CTEM watch mode | ✅ basic | ✅ advanced | ✅ advanced | | Pro features (vulnerability assessment) | | | | | CVE matching + MITRE ATT&CK mapping | — | ✅ | ✅ | | Verified vulnerabilities (safe non-destructive probes) | — | ✅ | ✅ | | Risk scoring + prioritization | — | ✅ | ✅ | | Parallel analysis agents | — | ✅ | ✅ | | Enterprise — cloud scanning | | | | | 25 cloud plugins (AWS / Azure / GCP) | — | — | ✅ | | Zero Trust assessment | — | — | ✅ | | Enterprise — compliance (6 frameworks) | | | | | SOC 2 (AICPA TSC 2017) — 10 covered + 4 partial controls | — | — | ✅ | | HIPAA Security Rule §164.312 — Zero BAA required | — | — | ✅ | | NIST CSF 2.0 Core — Subcategory-level mapping (106 of 107 Subcategories) | — | — | ✅ | | PCI DSS v4.0.1 — Sub-requirement-level mapping for QSA RoC (MVP-67) | — | — | ✅ | | ISO/IEC 27001:2022 — per-Annex-A-code mapping + SoA discipline (93 Annex A controls) | — | — | ✅ | | CIS Critical Security Controls v8 — per-Safeguard mapping + IG-cumulative discipline (153 Safeguards / 18 Controls) (NEW) | — | — | ✅ | | Multi-framework --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 from one scan | — | — | ✅ | | Enterprise — auditor-grade evidence | | | | | Signed evidence packs (SHA-256 + RFC 3161 timestamps) | — | — | ✅ | | Ed25519 suppression signing | — | — | ✅ | | Chain-of-custody manifests | — | — | ✅ | | SLA / MTTR tracking + compensating controls | — | — | ✅ | | Recurring-scan attestation (Type II operating-effectiveness) | — | — | ✅ | | WORM evidence storage (S3 Object Lock — SEC 17a-4 / FINRA 4511) | — | — | ✅ | | Enterprise — integration + deployment | | | | | GRC platform connector (Vanta live; Drata + Secureframe planned) | — | — | ✅ | | Tabletop simulation + SIEM correlation | — | — | ✅ | | Docker per-scan isolation | — | — | ✅ | | Air-gapped deployment | — | — | ✅ |

This repository is the Community Edition — fully functional, MIT-licensed, no restrictions, no telemetry. Pro and Enterprise features ship via the @nsasoft/nsauditor-ai-ee package and install alongside the CE binary once licensed.

→ Get Pro or Enterprise →

Quick Start

# Install globally
npm install -g nsauditor-ai

# See all flags, subcommands, and worked examples
nsauditor-ai --help

# Configure (optional — scans work fully offline without AI)
cat > .env << 'EOF'
AI_ENABLED=true
AI_PROVIDER=ollama              # openai | claude | ollama
OLLAMA_MODEL=llama3             # For local AI (no API key needed)
# OPENAI_API_KEY=sk-...         # Or use OpenAI
# ANTHROPIC_API_KEY=sk-ant-...  # Or use Claude
OPENAI_REDACT=true
EOF

# Scan a host with all plugins
nsauditor-ai scan --host 192.168.1.1 --plugins all

# Scan a subnet in parallel
nsauditor-ai scan --host 192.168.1.0/24 --plugins all --parallel 10

# Start the MCP server for AI assistants
nsauditor-ai-mcp

Or run without installing:

npx nsauditor-ai scan --host 192.168.1.1 --plugins all

Or clone and run from source:

git clone https://github.com/nsasoft/nsauditor-ai.git
cd nsauditor-ai
npm install
node --env-file=.env cli.mjs scan --host 192.168.1.1 --plugins all

Results land in ./out/<host>_<timestamp>/:

| File | Contents | |---|---| | scan_conclusion_raw.json | Full unredacted conclusion (admin reference) | | scan_conclusion_raw.html | Admin RAW HTML with filters and full detail | | scan_response_ai_payload.json | Redacted payload sent to AI | | scan_response_ai.json | Raw AI API response | | scan_response_ai.txt | AI conclusion (markdown) | | scan_response_ai.html | Styled HTML report with CVE links and badges | | scan_results.sarif.json | SARIF 2.1 — only with --output-format sarif (renamed scan_<host>.sarif.json for multi-host runs) | | scan_results.csv | CSV — only with --output-format csv | | scan_report.md | GitHub-flavored Markdown report — only with --output-format md (or markdown) |

Works on Node 20+ (tested on Node 22).

Plugins

Core Scanners

| ID | Name | Protocols | Purpose | |---|---|---|---| | 001 | Ping Checker | ICMP/ARP | Reachability + TTL-based OS hints | | 002 | SSH Scanner | TCP:22 | Banner, version fingerprinting, timeout policy | | 003 | Port Scanner | TCP/UDP | Bulk open port detection (populates context for downstream plugins) | | 004 | FTP Banner Check | TCP:21 | FTP daemon version detection | | 005 | Host Up Check | TCP/UDP | Quick multi-probe reachability confirmation | | 006 | HTTP Probe | TCP:80/443 | Headers, server token, vendor hints | | 007 | SNMP Scanner | UDP:161 | sysDescr, OIDs, serial/hardware/firmware extraction | | 008 | Result Concluder | Meta | Fuses all plugin outputs (always runs last) | | 009 | DNS Scanner | TCP/UDP:53 | version.bind CHAOS/TXT + A record lookup | | 010 | Webapp Detector | HTTP | Technology stack fingerprinting via wappalyzer | | 011 | TLS Scanner | TCP:443+ | TLS version + cipher enumeration per port | | 012 | OpenSearch Scanner | HTTP:9200+ | OpenSearch/Dashboards version + Linux/Node.js hints | | 013 | OS Detector | Meta | Derives distro/OS from all prior banners with TTL fallback | | 014 | NetBIOS Scanner | UDP:137/TCP:445 | NetBIOS/SMB enumeration + SMB2 null session probe | | 015 | SUN RPC Scanner | TCP/UDP:111 | RPC portmapper service discovery (NFS, mountd) | | 016 | WS-Discovery | UDP:3702 | Multicast device discovery with XML metadata | | 024 | TCP SYN Scanner | TCP (Nmap) | SYN half-open scan via Nmap wrapper (optional) | | 040 | TLS Certificate & Cipher Auditor | TCP:443+ | Cert expiry, chain integrity, hostname mismatch, weak ciphers, deprecated protocols, key strength | | 050 | TRIBE v2 Neural API Security Probe | TCP/HTTP:8080 | Debug leak detection, stack traces in errors, header security, CORS misconfiguration, unauthenticated routes | | 060 | DNS Security Auditor | DNS/UDP:53 | SPF/DKIM/DMARC, dangling CNAMEs, DNSSEC, NS delegation, zone transfer exposure, MX security, CAA records | | 070 | MCP Scanner | TCP/HTTP+SSE | Detects MCP (Model Context Protocol) servers on candidate ports (1967, 3000, 3005, 5173, 6274, 6277, 8000, 8090). Audits for cleartext transport (HTTP not HTTPS), missing/anonymous auth, anonymous tool enumeration, deprecated protocol versions, and Inspector exposure on non-loopback. Maps findings to CWE/OWASP/MITRE per the FindingSchema. STDIO-transport MCP servers are out of scope (no network port). |

Discovery Plugins

| Name | Purpose | |---|---| | ARP Scanner | MAC resolution + OUI vendor lookup + OS hints | | mDNS/Bonjour Scanner | Local service discovery + friendly names from TXT records | | UPnP/SSDP Scanner | Device discovery + description XML parsing | | DNS-SD Scanner | DNS Service Discovery announcements | | LLMNR Scanner | Link-local multicast name resolution | | DB Scanner | Database service detection (MySQL, PostgreSQL, Redis, etc.) |

Pro/Enterprise Plugins (via @nsasoft/nsauditor-ai-ee)

28 enterprise plugins across AWS, GCP, and Azure substrate audits — all mapped to AICPA Trust Services Criteria 2017 (10 covered + 4 partial controls). EE plugins live in the disjoint 1000+ ID range; CE reserves 001-099. Once licensed, the EE package installs alongside the CE binary and discovers automatically.

→ Watch a sample scan run end-to-end — synthetic Acme Corp AWS account + home-office router. Real EE 0.6.7 output, no signup required. See the transitive SG chain reachability finding, the multi-region GuardDuty audit, the dnsmasq CVE detection, and what the signed evidence pack actually looks like.

→ Buy NSAuditor AI Enterprise Edition · $2k / $5k / $10k+ per year · 5 / 25 / unlimited seats · onboarding call included.

All EE plugins follow the same institutional plumbing pattern:

• Thread H _instrumentSdkClient wrap — per-API AccessDenied counter + ZDE structural guard (verb-prefix denylist regex blocks Get* / Retrieve* / Read* value-reading APIs at SDK boundary) + idempotency sentinel
• Throttle-retry — exponential-backoff retry on Throttling* / RequestLimitExceeded / TooManyRequestsException with per-command wall-clock budget
• Thread F conclude() field-selection allowlist — structured-data ZDE: only AWS-public-namespace identifiers + integer counts flow through to findings; customer policy content / key material / encrypted payloads NEVER propagate
• conservative_classifier_principle — emit INFO+evidenceGap with verification prompt when ARN-shape disambiguation needs a follow-up API call; vacuous PASS on partial substrate evidence is treated as the worst SOC 2 reporting outcome
• aws_string_case_normalization — trim + lowercase AWS-returned strings at SDK-helper boundary; protects against the 7+ recurrent classes of case-sensitivity fail-open (IAM Condition keys, Lambda runtimes, KMS aliases, Effect/Action discriminators, FULL_ADMIN sentinel, S3 region)

| ID | Name | Tier | What it audits | |---|---|---|---| | 1020 | AWS S3 Security | Enterprise | Bucket hardening: public-access block, encryption at rest, versioning, Object Lock COMPLIANCE-mode, MFA Delete, access logging. CC6.1 / C1.1 / C1.2 | | 1021 | GCP Cloud Scanner | Enterprise | Firewall rules + IAM bindings + Storage bucket public-access. CC6.1 / CC6.6 / C1.1 | | 1022 | Azure Cloud Scanner | Enterprise | NSG rules + RBAC role assignments + Storage account hardening. CC6.1 / CC6.6 / C1.1 | | 1023 | Zero Trust Checker | Enterprise | Segmentation, encryption, identity, lateral-movement scoring across the network surface. CC6.1 / CC6.6 | | 1024 | GCP Cloud Storage Auditor | Enterprise | Multi-cloud parity sister of plugin 1020 AWS S3. 6 dimensions: bucket-level IAM public bindings (allUsers = CRITICAL, allAuthenticatedUsers = HIGH), Uniform Bucket-Level Access (closes legacy bucket-ACL false-PASS class), Object Versioning, Bucket Lock retention policy (SEC 17a-4 / FINRA 4511 WORM-alignment), CMEK via Cloud KMS (four-tier custody ladder), bucket-level access logging. CC6.1 / CC6.6 / CC7.1 / C1.1 / C1.2 / A1.2 | | 1025 | GCP IAM Project-Level Auditor (v2 — EE 0.7.1) | Enterprise | First plugin in the v0.7.x GCP-IAM-deep-audit cohort. Mirrors plugin 1030 AWS IAM Deep Auditor's shadow-admin discipline adapted to the GCP IAM data model. 7 dimensions (EE 0.7.1 v2 expansion): project-scope public-member bindings (allUsers = CRITICAL, allAuthenticatedUsers = HIGH at the project root), admin-equivalent role inventory across 12 predefined sensitive roles, IAM Conditions classifier on sensitive-role bindings (restrictive CEL = PASS, absent on sensitive = MEDIUM, vacuous = LOW + evidenceGap), custom-role permission audit (* wildcard = CRITICAL; admin-equivalent permission intersection across 16-entry allowlist = HIGH), SA key custody (user-managed long-lived keys = HIGH; 90-day rotation threshold uplift), SA impersonation graph BFS (transitive serviceAccountTokenCreator/User/OpenIdTokenCreator chains — 2-hop = HIGH, 3+ hop = CRITICAL; project-scope grants surface independently as CRITICAL), Organization Policy constraint enumeration (4 sensitive constraints incl. iam.disableServiceAccountKeyCreation). Honors GOOGLE_IMPERSONATE_SERVICE_ACCOUNT via utils/gcp_auth.mjs. CC6.1 / CC6.6 / C1.1 | | 1030 | AWS IAM Deep Auditor | Enterprise | Shadow-admin path detection via BFS over PassRole / AssumeRole / federated trust. Restrictive-Condition allowlist for Auth0 / Okta / Cognito OIDC patterns. CC6.1 | | 1040 | AWS CloudTrail Operational Integrity | Enterprise | Trail health + CloudWatch alarm coverage against CIS AWS Benchmark §3.1–3.14 + AWS Config + cross-account S3 trail-destination WORM verification (SEC 17a-4 / FINRA 4511). CC7.2 / CC7.3 | | 1050 | AWS API Gateway Assurance | Enterprise | Per-route authz classifier (NONE=CRITICAL), custom-domain TLS policy, stage-level access logging + WAF, public-endpoint exposure. Entry-point evidence for serverless deployments. CC6.1 / CC6.6 / CC6.7 / CC7.1 / A1.2 | | 1060 | AWS DynamoDB Audit Integrity | Enterprise | First "audit-the-auditor" plugin. PITR + deletion protection + KMS-CMK custody + resource-policy presence + CloudTrail data-event cross-reference. CC6.6 / CC7.1 / C1.1 / PI1.5 | | 1070 | AWS KMS Auditor | Enterprise | Per-key rotation + wildcard-Principal classifier across 5 severity tiers (covers Principal.AWS / Federated / Service / CanonicalUser + NotPrincipal-Allow + NotAction-Allow + glob actions). CC6.3 / C1.1 | | 1080 | AWS Lambda Security | Enterprise | Runtime EOL detection (CRITICAL on nodejs16.x / python3.7 etc.), public function URLs, resource-policy wildcards, env-var secret-name detection (ZDE-safe), VPC config, KMS custody, DLQ. CC6.1 / CC6.6 / CC7.1 / C1.1 | | 1090 | AWS Secrets Manager + SSM Parameter Store | Enterprise | Rotation cadence + KMS-CMK custody + SecureString classification + secret-name detection. ZDE-critical: never calls GetSecretValue / GetParameter — metadata only. Verb-prefix denylist blocks Get* / Retrieve* / Read* at the SDK boundary. CC6.1 / CC6.6 / C1.1 | | 1100 | AWS CodePipeline + CodeBuild | Enterprise | Source-stage encryption, privilegedMode detection, buildspec drift, secrets-via-env vs Secrets-Manager, IAM wildcard-Action, artifact-store encryption, stale-execution detection. CC6.1 / CC7.1 / CC8.1 / C1.1 | | 1110 | IAM Effective Decrypt-Path Auditor | Enterprise | Cross-plugin reconciler — walks IAM policies for kms:Decrypt / ReEncrypt* / GenerateDataKey grants and cross-references against KMS key policies to compute the effective decrypt path. Closes the NotAction-implicit-decrypt false-PASS class. CC6.1 / CC6.6 / C1.1 / C1.2 | | 1120 | AWS S3 Lifecycle + Cross-Region Replication | Enterprise | Lifecycle policy enumeration + cross-region replication topology. Cross-region destination-bucket reachability check closes silent-PASS where replication FAILED but emitted clean. C1.1 / C1.2 / A1.2 | | 1130 | AWS Backup Auditor | Enterprise | The flagship plugin — 12-dimension air-gapped vault attestation arc for LogicallyAirGappedBackupVault resources. Audits Plans + Vaults + Recovery Points + Frameworks + Restore Testing + Legal Holds + vault Access Policy. SEC 17a-4 / FINRA 4511 ransomware-defense substrate. CC6.3 / CC6.6 / CC7.1 / CC8.1 / C1.1 / C1.2 / A1.2 | | 1140 | AWS RDS Auditor | Enterprise | 10 dimensions: Multi-AZ, storage encryption + KMS custody, parameter-group SSL, backup retention, public accessibility, IAM database auth, snapshot encryption, pgAudit + SPL cross-check, CloudWatch Logs exports (engine-dispatched), log retention. A1.2 / CC6.1 / CC6.6 / C1.1 / CC7.2 / CC7.3 | | 1150 | AWS SQS/SNS Auditor | Enterprise | 7 dimensions across both services: encryption at rest + KMS custody, transit-encryption policy, topic-policy wildcards (CRITICAL on unconditional + NotPrincipal-Allow), DLQ presence, CloudWatch alarm coverage on ApproximateAgeOfOldestMessage + NumberOfNotificationsFailed. C1.1 / CC6.6 / A1.2 / CC7.1 / CC7.2 | | 1160 | AWS VPC Endpoints / PrivateLink | Enterprise | Endpoint-policy wildcards (CRITICAL on PrivateLink-breaking unconditional), PrivateDNS enabled (silent-bypass class), endpoint state (failed = silent failure), type substrate disclosure. CC6.6 / A1.2 / CC7.2 | | 1170 | AWS EC2 SG Perimeter | Enterprise | RESTRICTED_PORTS (23 ports per CIS AWS Foundations v3.0) wildcard ingress + IPv6 ::/0 + all-protocol-from-wildcard + orphan SG detection. SG→SG transitive chain reachability: BFS from public-CIDR roots through UserIdGroupPairs — 2-hop = HIGH, 3+ hop = CRITICAL. Catches the ALB → app → database exposure that per-SG audits silently miss. CC6.6 / CC6.2 | | 1180 | AWS ElastiCache Redis | Enterprise | 6 dimensions: transit encryption, at-rest + KMS custody (four-tier ladder), Redis AUTH / IAM user groups (Redis 7+ ACL), Multi-AZ, snapshot retention cadence, subnet placement. Cross-plugin sister to plugin 1170 for cache-tier perimeter. CC6.1 / CC6.2 / CC6.6 / A1.2 / C1.1 | | 1190 | AWS SES Email Integrity | Enterprise | 6 dimensions: DKIM enablement + CNAME DNS resolution + key-fingerprint pin, DMARC TXT parsing + alignment classifier, custom MailFrom alignment, config-set TLS enforcement, sending-auth policy wildcards, dedicated IP pool, suppression list (count-only — ZDE invariant: never reads addresses). CC6.1 / CC6.6 / C1.1 / CC7.1 / Privacy | | 1200 | AWS Inspector2 / GuardDuty Enablement | Enterprise | 4 dimensions across all opted-in regions (17+ incl. GovCloud / ISO): GuardDuty Detector + protection features (S3 / EKS / EBS-malware / RDS-login / Lambda / RuntimeMonitoring), Inspector2 enablement, scan-target coverage. Plus alerting-destination dim (EventBridge or SecurityHub) and per-target liveness probes for Lambda / SNS / SQS / IAM / API destination / CloudWatch Logs. CC7.1 / CC7.2 | | 1210 | AWS EC2 Instance (EE 0.13.1) | Enterprise | Multi-region (DescribeRegions; single-region fallback emits an evidence-gap) EC2 instance audit: IMDSv1 enabled (IMDSv2-only enforcement; hop-limit > 1 container-escape) + EBS volume + account-default encryption + public-IP exposure (incl. IPv6 GUA + secondary-ENI/EIP) + instance-store evidence-gap. AMI inventory → CIS-Hardened-Image detection on CIS Safeguards 4.1/4.2/4.6 — the AWS producer; Azure (1022) + GCP (1021) feed the same cisImageInventory contract. CC6.1 / C1.1 / CC6.6 | | 1220 | Azure Storage Account Data-Protection (EE 0.13.2) | Enterprise | Dedicated Azure Storage Account encryption / transit / authorization auditor — orthogonal to the 1022 scanner's network-exposure dims (no double-emission; mirrors the AWS 1020 + 1120 two-plugin S3 split). HTTPS-only transit (enableHttpsTrafficOnly) + minimum TLS version + Shared Key authorization (allowSharedKeyAccess — bypasses Azure AD; absent = enabled, never silent-PASS) + infrastructure (double) encryption + encryption key source incl. customer-managed-key reachability + rotation (keyVaultProperties — a disabled/revoked/version-pinned CMK degrades, not silent-PASS). Conservative classifier: indeterminate field / AccessDenied → evidence-gap; single-subscription scope surfaced explicitly. CC6.7 / CC6.1 / C1.1 | | 1221 | Azure NSG Perimeter (EE 0.14.0; UDP lane EE 0.14.1) | Enterprise | The Azure analog of AWS 1170 — a CC6.6 network-segmentation perimeter auditor for Azure Network Security Groups. Evaluates each NSG's inbound rules in Azure priority order (first match wins; DenyAllInbound default): all-protocol public Allow + public-source (*/0.0.0.0/0/Internet) to a restricted TCP management/data-tier port (SSH/RDP/MSSQL/MySQL/Postgres/Redis/Mongo/SMB/WinRM/etc.) + ::/0 IPv6-wildcard to a restricted port (the dimension 1022's flat lint misses) + public-source / ::/0 to a restricted UDP service (SNMP/CLDAP/NTP/rpcbind/IPMI/IKE/Memcached etc. — Dim 2u/3u, EE 0.14.1) + public→non-restricted INFO + PASS substrate. Attachment-aware (attached → CRITICAL effective; orphaned → MEDIUM latent) + effective priority/deny-override resolution + 0.0.0.0/1 split-range coverage. Non-overlapping-by-depth with 1022's coarse per-rule NSG lint. Conservative classifier: denied/indeterminate → evidence-gap; one malformed NSG degrades per-resource. CC6.6 | | 1222 | Azure Key Vault Deep Auditor (EE 0.15.0) | Enterprise | The third dedicated Azure auditor (after 1220 storage + 1221 NSG) — the KV analog of how 1221 deepens 1022's flat NSG dim. Enumerates each vault's keys, role assignments, and diagnostic settings across 4 dims: (1) key auto-rotation policy + (2) key expiry (epoch-s/ms/Date/string coerced) + (3) diagnostic logging → Log Analytics (@azure/arm-monitor) + (4) privileged-access depth (RBAC roleAssignments admin/data-plane/scope-aware + legacy accessPolicies export/wide-crypto breadth). Orthogonal to 1022's vault-property dims (purge/soft-delete/network-ACL/RBAC-mode) — no double-emission. Secret/cert expiry is a deliberate data-plane scope boundary. Conservative classifier: indeterminate field / AccessDenied / arm-monitor absent → evidence-gap; one malformed vault degrades per-resource. CC6.3 / C1.1 / CC6.1 / CC7.2 | | — | SOC 2 Compliance Engine | Enterprise | AICPA TSC 2017 mapping (10 covered + 4 partial controls), chain-of-custody, RFC 3161 timestamps, suppression workflow with Ed25519 signing. | | — | HIPAA Compliance Engine (EE 0.9.0) | Enterprise | HIPAA Security Rule §164.312 Technical Safeguards mapping (7 covered + 3 partial + 45 OOS within §164.312 + entire §164.308 + entire §164.310). HHS Required/Addressable discipline per control. Same institutional-grade evidence infrastructure as SOC 2 (chain-of-custody, RFC 3161 timestamps, Ed25519 suppression signing). Use --compliance hipaa or --compliance soc2,hipaa for dual-framework reports from a single scan. Zero BAA required — Zero Data Exfiltration architecture means ePHI never leaves customer infrastructure. | | — | NIST CSF 2.0 Compliance Engine (EE 0.10.0) | Enterprise | NIST Cybersecurity Framework 2.0 Core mapping at the auditor-canonical Subcategory level — 13 covered + 10 partial + 83 OOS across 106 of CSF 2.0's 107 Subcategories. Govern function OOS-by-design (GV.SC-04 partial as substrate exception); Respond function OOS-entirely; Implementation Tiers 1-4 OOS as organizational-maturity claims. NIST SP 800-53 Rev. 5 + CIS Critical Security Controls v8 cross-references baked into informativeReferences. Use --compliance nist-csf or --compliance soc2,hipaa,nist-csf for triple-framework reports from a single scan. | | — | PCI DSS v4.0.1 Compliance Engine (NEW EE 0.11.0) | Enterprise | PCI DSS v4.0.1 (PCI SSC, June 2024 errata; supersedes v4.0 March 2022; v3.2.1 retired March 31, 2024) mapping at the auditor-canonical sub-requirement level for QSA Report on Compliance workflow — 20 covered + 8 partial + 39 OOS across 67 of ~250 sub-requirements (MVP-67 density). Req 12 Information Security Program OOS-by-design entirely. Req 5 anti-malware + Req 9 physical OOS-entirely. Defined-vs-Customized Approach discipline per Appendix E — 15 Defined-only sub-requirements enforced at schema layer. Cardholder Data Environment (CDE) scope operator-attested via CDE Data Flow Diagram per Req 1.2.4 + Req 12.5.1. Card-brand AOC enforcement priority view (Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC). 4 load-bearing schema enrichments per control: controlType + approachEligibility + cloudProviderAttestation (AWS / Azure / GCP currently-named AOCs) + cdeScope. CAO MVP-deferred to EE 0.11.1. Use --compliance pci-dss or --compliance soc2,hipaa,nist-csf,pci-dss for quad-framework reports from a single scan. | | — | ISO/IEC 27001:2022 Compliance Engine (EE 0.12.0) | Enterprise | ISO/IEC 27001:2022 (ISO + IEC, October 2022; 2013 edition retired October 31, 2025) Annex A mapping at the auditor-canonical per-Annex-A-code level for ISO/IEC 17021-1 certification body assessors — 17 covered + 14 partial + 62 OOS across 93 Annex A controls (the complete Annex A universe across 4 themes: A.5 Organizational 37 + A.6 People 8 + A.7 Physical 14 + A.8 Technological 34). Statement of Applicability per Clause 6.1.3.d discipline — engine produces substrate for INCLUDED controls; SoA inclusion/exclusion is operator-side. ISMS Clauses 4-10 OOS-by-design with 7 Major Nonconformity classes (absence of internal audit per Clause 9.2 OR management review per Clause 9.3 = auto-fail Stage 2). 11 NEW 2022 controls + 5-attribute taxonomy (cybersecurityConcepts 5 categories, NOT 6 like NIST CSF) + 2013-to-2022 transition discipline + Cloud-Provider Certificate Inheritance Matrix. Use --compliance iso-27001 or any combination for multi-framework reports from a single scan. | | — | CIS Critical Security Controls v8 Compliance Engine (NEW EE 0.13.0) | Enterprise | CIS Controls v8 (Center for Internet Security, May 2021; v8.1 errata June 2024) mapping at the per-Safeguard level (the atomic, attestable unit; coverage claimed at the SAFEGUARD level, never the Control level) — 17 covered + 21 partial + 115 OOS across 153 Safeguards / 18 Controls. Implementation Group cumulative discipline — IG1=56 (cyber-insurance baseline; ~50-70% of mid-market policies require IG1 attestation), IG2 cumulative=130, IG3 cumulative=153; smallest-IG-membership tagging (NEVER report IG2 as 74-of-74 in isolation). No-certification-body attestation discipline — engine output is INPUT to CSAT / CIS-CAT Pro self-attestation OR a SOC 2 auditor cross-validating CIS scope, never "CIS certified." Cloud Companion Guide v8 shared-responsibility-model boundary + CIS-Hardened-Image substrate-evidence credit (Safeguards 4.1/4.2/4.6) + 5 Security Functions (NOT 6 — no Govern) + 6 Asset Types + MS-ISAC/EI-ISAC/H-ISAC sector baselines + v7.1-to-v8 cross-reference. Use --compliance cis-v8 or --compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8 for hexa-framework reports from a single scan. | | — | SLA & MTTR Tracking | Enterprise | Per-severity SLA targets, compensating-control flow, finding lifecycle, Type II rolling-quarter cadence. | | — | Recurring-Scan Attestation | Enterprise | Multi-scan chronological matrix, cadence gap detection, scope-drift surface (CC8.1). | | — | GRC Platform Connector | Enterprise | Native API push to Vanta / Drata / Secureframe with retry/backoff, idempotency, rate-limit handling, per-tenant token rotation. | | — | WORM Evidence Storage | Enterprise | S3 Object Lock COMPLIANCE-mode + resource redaction + SHA-256 manifest. SEC 17a-4 / FINRA 4511 retention-compatible. | | — | Tabletop Simulation | Enterprise | Probe-event manifest + SIEM detection correlation, configurable coverage bands (Type II / High-Assurance presets). |

Running EE plugins (after nsauditor-ai license install <key>):

# Run a single EE plugin
nsauditor-ai scan --host aws --plugins 1130 --compliance soc2 --out evidence.json

# Run multiple EE plugins
nsauditor-ai scan --host aws --plugins 1030,1040,1070,1130 --compliance soc2

# Run all EE plugins (auto-discovered via plugin manager)
nsauditor-ai scan --host aws --plugins all --compliance soc2

# Tune plugin parameters (e.g., raise VPC-endpoint PAGE_CAP for large-fleet customers)
nsauditor-ai scan --host aws --plugins 1130 --plugin-opts '{"1130":{"vpcEndpointsPageCap":50}}'

The auditor evidence pack is emitted under out/ — cover-page Scope Attestation, SHA-256 chain-of-custody sidecars, RFC 3161 trusted-timestamps, suppression workflow, identity verification. EE is available at www.nsauditor.com/ai/pricing.

How Results Are Fused

The Result Concluder (plugin 008) merges all plugin outputs into a normalized structure:

1. Imports each plugin's conclude() adapter to get normalized ServiceRecord objects
2. Merges services by (protocol, port), preferring authoritative records
3. Selects OS — OS Detector result first, then high-signal hints (Windows services, HTTP tokens), finally TTL fallback
4. Produces a unified { summary, host, services, evidence } output
5. Enriches host details with names from mDNS, UPnP, NetBIOS; MAC + vendor from ARP

AI Analysis

NSAuditor AI supports three AI providers for vulnerability analysis. All providers work in all tiers — CE, Pro, and Enterprise. AI is optional; the platform is fully functional without it.

Providers: OpenAI (GPT-4o), Anthropic Claude (Sonnet/Opus), Ollama (fully local)

What changes by tier is the prompt content, not the provider:

• CE — basic scan-summary prompts (services, ports, versions detected). Local MITRE ATT&CK mapping via utils/attack_map.mjs: service-context-aware CVE→technique mapping (mapCveToAttack, mapServiceToAttack), plus a CWE→technique fallback (cweToMitre, cwesToMitre) covering ~30 common CWEs (auth, crypto, injection, memory safety, info disclosure, privilege escalation, web). The CWE fallback fires only when CVE-derived mapping returns no techniques — useful for findings annotated with evidence.cwe[] (per FindingSchema v0.1.13+) but no CVE context, such as agent-detected misconfigurations and compliance-flagged weaknesses
• Pro — intelligence-enriched prompts (CVE matches, MITRE techniques, risk scores, verification status injected into the prompt). Same API call, vastly better output
• Enterprise — Pro prompts + compliance context

Redaction: Before any data reaches an AI API, the redaction pipeline masks IP addresses, MAC addresses, serial numbers, and configurable confidential keywords. Admin RAW reports retain full detail for internal review.

# .env
AI_PROVIDER=claude
ANTHROPIC_API_KEY=sk-ant-...        # Your key — never sent to Nsasoft
ANTHROPIC_MODEL=claude-sonnet-4-6
OPENAI_PROMPT_MODE=optimized
OPENAI_REDACT=true

For fully local AI (no external API calls), use Ollama:

AI_PROVIDER=ollama
OLLAMA_MODEL=llama3

Continuous Monitoring (CTEM)

Watch mode enables periodic rescanning with delta detection and webhook alerts:

nsauditor-ai scan --host 192.168.1.0/24 --plugins all \
  --watch --interval 15 \
  --webhook-url https://hooks.example.com/security \
  --alert-severity high

• Scheduling with configurable intervals and concurrency control
• Delta detection — new, removed, and changed services highlighted between cycles
• Webhook alerts — JSON POST with retry (exponential backoff, no retry on 4xx)
• SSRF protection — private, loopback, and cloud metadata addresses blocked at the scan entry point and inside sendWebhook(). Set NSA_ALLOW_ALL_HOSTS=1 to scan RFC 1918 ranges (local network auditing)
• Scan history stored in .scan_history/ (JSONL format, 7-day retention in CE)

MCP Server

Heads-up on AI-client fabrication. Some MCP clients (notably Claude Desktop) can silently substitute AI-generated responses if a tools/call times out, instead of surfacing the failure. Every response from this server now ends with a ── Verified MCP call ── footer and a UUID. Run nsauditor-ai mcp verify-call <id> to confirm a response is genuine before acting on it. Full background and workflow: docs/mcp-verification.md. When in doubt, generate compliance evidence via the CLI (nsauditor-ai scan ...), which has no MCP client in the path.

Expose scanning capabilities to AI assistants via Model Context Protocol:

nsauditor-ai-mcp
# or
npx nsauditor-ai-mcp

CE Tools:

| Tool | Purpose | |---|---| | scan_host | Run full scan against a host with plugin selection | | list_plugins | List available scanner plugins with metadata |

Pro Tools (requires license key + @nsasoft/nsauditor-ai-ee):

| Tool | Purpose | |---|---| | probe_service | Deep scan a specific port/service | | get_vulnerabilities | Query CVEs by CPE string | | risk_summary | Prioritized risk overview from last scan | | scan_compare | Diff two scan results with risk weighting | | save_finding | Save a validated finding to the finding queue (schema-checked) |

Enterprise Tools (requires Enterprise license):

| Tool | Purpose | |---|---| | start_assessment | Multi-host orchestrated assessment workflow | | prioritize_risks | Cross-host risk prioritization | | compliance_check | Compliance mapping with gap analysis | | export_report | Generate formatted compliance report |

Security: SSRF protection on all host inputs (blocks RFC 1918, loopback, fc00::/7, cloud metadata), port validation (1–65535), CPE format enforcement, dependency injection for test isolation. Server-startup authentication is required — see next section.

Authentication (required)

The MCP server uses stdio transport, which means it runs as a child process of whatever client launches it. Without authentication, any process running as your user could spawn the server and use its tools — including the Pro/Enterprise tools that talk to AWS, generate compliance reports, and access your scan history. A per-operator shared-secret check at server startup closes this gap.

One-time setup (run once per machine after npm install -g nsauditor-ai):

nsauditor-ai mcp install-key

This generates a 256-bit auth key, stores it in the macOS Keychain (or ~/.nsauditor/.env mode 0600 on Linux/Windows), and prints the Claude Desktop config snippet for you to paste. The MCP server refuses to start unless the env-presented key matches the stored key (constant-time compare; mismatch produces an actionable error pointing at this command).

Inspect / verify:

nsauditor-ai mcp status                  # shows storage source WITHOUT printing the key
nsauditor-ai mcp print-key --confirm     # reveals the key (use sparingly; refuses non-TTY output)
nsauditor-ai mcp rotate-key --confirm    # generates a new key (invalidates old one immediately)

Why the Claude Desktop config snippet uses keychain: indirection on macOS: the printed snippet looks like "NSA_MCP_AUTH_KEY": "keychain:NSA_MCP_AUTH_KEY" rather than the literal key value. The MCP server resolves the placeholder from your Keychain at startup. Net effect: the secret never lands in ~/Library/Application Support/Claude/claude_desktop_config.json (which is mode 0644 by default — readable by other local users and any macOS app with Documents/Application Support entitlement). On Linux/Windows where there's no Keychain equivalent, the snippet uses the literal key with an explicit chmod 600 warning.

Threat model — what this defends, what it doesn't:

| Threat | Defended? | |---|---| | Malicious npm post-install / browser extension running as you spawning the server | ✅ — attacker cannot read your Keychain without GUI prompt | | Other users on a shared dev box / CI runner | ✅ — key is per-operator | | Future HTTP/SSE transport network exposure | ✅ — key gates server startup, not network | | Attacker with full operator code-exec AND can suppress macOS Keychain prompts | ⚠ partial — recent macOS versions log Keychain-access denial events | | Debugger-attach memory snooping | ⚠ out of scope (any shared-secret auth has this limit) | | Linux env-var visibility in /proc/<pid>/environ | ⚠ partial — see Linux note below |

Linux note (/proc/<pid>/environ): on modern Linux, /proc/<pid>/environ is readable only by the process owner (the same user that spawned the MCP server). Other users on a multi-user system cannot read your MCP auth key from /proc under default kernel settings. The realistic remaining risks are:

• Container scenarios where multiple "users" share the same kernel UID (e.g., a Docker container running as root, with multiple processes inside) — the secret is visible to any process in the same UID namespace. Mitigation: run the MCP server in its own container / user.
• Audit/SIEM agents with broad read access (e.g., auditd configured to log child-process env). Mitigation: review your auditd rules; modern setups exclude env from logs by default.
• The legacy ps eww command on older POSIX systems (modern ps respects /proc permissions).

A shell-wrapper indirection script (read key from ~/.nsauditor/.env at exec time, pass to child) was considered for v1 but does NOT solve the underlying issue: the spawned MCP server still needs the key in its env to perform the auth check, so it appears in /proc/<server-pid>/environ regardless of how the parent process obtained it. v2 may add libsecret integration on Linux to mirror the macOS Keychain indirection model.

Rotation cadence: keys older than 90 days emit a soft warning at every server startup AND in nsauditor-ai mcp status output. SOC 2 CC6.1 / CC6.7 reviewers expect a credential-rotation cadence; rotate with nsauditor-ai mcp rotate-key --confirm and update Claude Desktop config with the new key.

Escape hatch for CI / dev (operator-acknowledged risk; emits a stderr warning every startup):

NSA_MCP_AUTH_DISABLE=1 nsauditor-ai-mcp

Claude Desktop Setup

First install the package globally:

npm install -g nsauditor-ai
nsauditor-ai mcp install-key   # required before MCP server will start

Then add this to your claude_desktop_config.json (Settings → Developer → Edit Config):

{
  "mcpServers": {
    "nsauditor-ai": {
      "command": "nsauditor-ai-mcp",
      "env": {
        "NSA_MCP_AUTH_KEY": "keychain:NSA_MCP_AUTH_KEY",
        "AI_PROVIDER": "claude",
        "ANTHROPIC_API_KEY": "keychain:ANTHROPIC_API_KEY",
        "NSA_ALLOW_ALL_HOSTS": "1",
        "PLUGIN_TIMEOUT_MS": "5000"
      }
    }
  }
}

The exact NSA_MCP_AUTH_KEY value to paste is printed by nsauditor-ai mcp install-key — on macOS it's the keychain:NSA_MCP_AUTH_KEY placeholder shown above; on Linux/Windows it's the literal key value (and you should chmod 600 your config file).

• NSA_MCP_AUTH_KEY — required (see Authentication section above)
• NSA_ALLOW_ALL_HOSTS=1 — required to scan private/RFC 1918 addresses (e.g., 192.168.x.x)
• PLUGIN_TIMEOUT_MS=5000 — reduces per-plugin timeout to 5s so the full scan completes within Claude Desktop's 60s MCP limit
• AI_PROVIDER and API key — optional, enables AI-powered analysis of scan results

Claude Code Setup

nsauditor-ai mcp install-key   # required before MCP server will start
claude mcp add nsauditor-ai \
  --env NSA_MCP_AUTH_KEY=keychain:NSA_MCP_AUTH_KEY \
  -- npx nsauditor-ai-mcp

(On Linux/Windows, replace the keychain:NSA_MCP_AUTH_KEY placeholder with the literal key printed by install-key.)

Troubleshooting MCP authentication

"MCP authentication is not configured" at server startup → run nsauditor-ai mcp install-key. If you set NSA_MCP_AUTH_DISABLE=1 in CI by intent, that's fine — but check that you didn't forget it in your shell rc.

"NSA_MCP_AUTH_KEY env var is not set, but a key is configured in storage" → the server found a key in your Keychain (or ~/.nsauditor/.env) but the spawning client didn't pass NSA_MCP_AUTH_KEY in the env block. Update your Claude Desktop / Claude Code config to include the env value (use nsauditor-ai mcp install-key output as a reference snippet).

"NSA_MCP_AUTH_KEY env var does not match the key configured in storage" → most often means you ran nsauditor-ai mcp rotate-key --confirm but didn't update Claude Desktop config with the new key. Run nsauditor-ai mcp status to confirm storage source, then either re-paste the new key or use keychain:NSA_MCP_AUTH_KEY indirection (macOS only) so future rotations don't require a config change.

"MCP_AUTH uses keychain: indirection but the referenced Keychain entry could not be read" → typically a headless macOS / SSH-only CI runner where there's no GUI session to approve Keychain access. Replace the keychain: placeholder with the literal key value (or move auth to ~/.nsauditor/.env with mode 0600).

mcp status reports keychain-locked → distinct from unconfigured: the Keychain entry exists but the security daemon refused to unlock without a GUI prompt. Same workarounds as the previous error: approve a Keychain GUI prompt, replace keychain: indirection with the literal key, or move auth to ~/.nsauditor/.env.

mcp status shows ⚠ Created: ... — > 90d threshold → key is older than the 90-day rotation cadence. Run nsauditor-ai mcp rotate-key --confirm and update Claude Desktop config with the new key. Server emits the same warning to stderr at every startup.

Claude Desktop reports "Current tier: CE" despite nsauditor-ai license --status showing Enterprise → first run nsauditor-ai mcp tier to get the ground-truth tier the MCP server actually resolves at startup. If mcp tier reports enterprise but Claude Desktop's list_plugins says CE, the AI client is synthesizing the response without actually calling the tool — see docs/mcp-verification.md and verify any suspicious response with nsauditor-ai mcp verify-call <id>.

If mcp tier itself reports CE → genuine resolution failure. Inspect the license storage:

nsauditor-ai license --status
security find-generic-password -s nsauditor-ai -a NSAUDITOR_LICENSE_KEY -w 2>&1 | head -c 30

If license is in ~/.nsauditor/.env but not in Keychain on macOS, re-run nsauditor-ai mcp install-key — the auto-mirror writes the license to Keychain so Claude Desktop's child process can read it via the keychain: indirection.

Secure Credential Storage

Store API keys in the macOS Keychain instead of plaintext .env files:

# Store keys
nsauditor-ai security set ANTHROPIC_API_KEY
nsauditor-ai security set OPENAI_API_KEY

# List stored keys (masked)
nsauditor-ai security list

# Delete a key
nsauditor-ai security delete OPENAI_API_KEY

Then reference them with the keychain: prefix in .env or Claude Desktop config:

ANTHROPIC_API_KEY=keychain:ANTHROPIC_API_KEY

"env": {
  "ANTHROPIC_API_KEY": "keychain:ANTHROPIC_API_KEY"
}

The keychain: prefix works anywhere an API key is read — CLI, MCP server, or programmatic API.

CLI Reference

nsauditor-ai scan [options]
nsauditor-ai license install <KEY>
nsauditor-ai license <--status | --capabilities | --plugins>
nsauditor-ai security <set|delete|list|get> <KEY>
nsauditor-ai validate
nsauditor-ai --help        (or -h, or `help`)
nsauditor-ai --version     (or -v, or `version`)

Run nsauditor-ai --help (or -h, or just nsauditor-ai help) for a quick reference of subcommands, flags, env vars, and worked examples — works without a license key configured. --version / -v prints nsauditor-ai <version> and exits 0.

| Flag | Description | Default | |---|---|---| | --host <target> | Target: IP, hostname, CIDR, dash range. Aliases: --ip, --target | required* | | --host-file <path> | File with one host per line (# comments, blank lines OK) | — | | --plugins <list> | Comma-separated plugin IDs or all | all | | --ports <list> | Additional ports to scan, merged into the default config-derived list. Comma-separated. Optional /tcp or /udp suffix per entry (default: tcp). Examples: 8090 · 8090,9090 · 8090/tcp,5353/udp. Use this to scan custom services on non-standard ports (e.g. MCP servers on 8090, dev servers on 3000–9000) | — | | --out <dir> | Custom output directory — applies to the per-scan folder and to alternate