Built for IT teams, MSPs, and small businesses

See every weakness on
your office network.

NetAudit discovers every device on your LAN, scans for open services, matches versions against the NVD CVE database, audits your gateway and Wi-Fi configuration, and emits a severity-ranked report in minutes.

Start a free audit See how it works
netaudit — fast scan
$ netaudit --intensity fast
Interface: en0 Gateway: 192.168.1.1 CIDR: 192.168.1.0/24
Discovered 33 devices on the network
Port scan complete — 44 open ports total
CVE matching complete
 
─── Findings ───
CRITICAL Vulnerable Samba smbd 4 on 192.168.1.87:139
HIGH SMB exposed across 3 hosts (lateral-movement risk)
HIGH dnsmasq vulnerability on gateway 192.168.1.1
MEDIUM Flat network — no VLAN segmentation
LOW Wi-Fi: WPA2 (recommend WPA3)
 
Report → reports/netaudit-2026-05-09.html
What it checks

A complete picture of your network's security posture

Six categories of checks, every device, every port, every known CVE. No agents to install on endpoints — runs from one Mac on your network.

Device discovery

Finds every device on the LAN via ARP, nmap ping sweep, mDNS, and reverse DNS — including printers, IoT, and rogue devices.

Port + service scan

Top 100 or 1000 TCP ports per host, service version detection, OS fingerprint. Flags risky services like Telnet, RDP, exposed databases.

CVE matching

Each detected service version is checked against the NVD CVE database. Findings are CVSS-ranked with direct links to vendor advisories.

Router & AP audit

Detects HTTP-only admin panels, UPnP exposure, default credentials (opt-in), and flat-network topology that enables lateral movement.

Wi-Fi config

WPA1/2/3 detection, mixed-mode TKIP downgrade risk, legacy 802.11n hardware, evil-twin / duplicate-SSID detection.

LAN hygiene

DNS NXDOMAIN rewriting, ISP-only resolver, IPv6 firewall parity, broadly-exposed SMB/NetBIOS — the things attackers actually exploit.

How it works

From zero to a security report in five minutes

1

Install the scanner

One terminal command on a Mac. No agents, no kernel drivers, no infra to deploy.

2

Connect to the network

Wi-Fi or Ethernet — anywhere a normal client device would join.

3

Run the audit

netaudit --intensity fast — discovery, port scan, CVE match, gateway audit, Wi-Fi audit.

4

Read the report

Severity-ranked HTML report with remediation steps. Optionally upload to your dashboard for history and trends.

Pricing

Simple plans, no per-device pricing

Audit as many devices on as many networks as you want. Pay for what you need from the cloud dashboard.

Self-hosted

Free · forever
  • Full scanner (open source)
  • Local HTML + JSON reports
  • Unlimited scans
  • Community support
Download scanner

Cloud Pro

$120 / month
  • Everything in Self-hosted
  • Cloud dashboard with history
  • Trend charts & comparisons
  • Up to 10 networks
  • Email alerts on new criticals
Start 14-day trial

MSP / Enterprise

Custom
  • Multi-tenant dashboard
  • White-label reports
  • Scheduled scans
  • SSO + audit log
  • Priority support
Talk to sales

Find the holes before someone else does.

Run your first audit in under five minutes. No account required for the self-hosted scanner.

Get NetAudit