CVE matching, MITRE ATT&CK mapping, and safe verification probes that confirm findings are real before they hit your report. Client-ready PDFs included.
Version-based CVE matching is just the start. Every finding goes through safe, non-destructive probes that attempt to confirm the vulnerability is actually present and exploitable. Results are classified — no guessing, no inflated reports.
Rate-limited (2s between probes per host), no exploit payloads, no data writes. Every probe is audit-logged. Configurable per scan.
Auto-generated CPEs from detected services matched against the NVD feed — offline, no API calls. Know which CVEs affect each host before writing a single line of your report.
Every finding maps to ATT&CK techniques with kill-chain association. Compliance teams love it. Clients understand it. Takes zero extra effort on your part.
Five specialized agents run concurrently — Auth, Crypto, Config, Service, and Exposure. Each produces structured findings for its category, then feeds the risk engine.
Composite scoring: severity × exploitability × impact × exposure. Verification-aware — VERIFIED findings score 1.0×, POTENTIAL scores 0.6×. Prioritized, sortable output.
Custom logo, company name, header text. VERIFIED vs POTENTIAL clearly labeled. Client-ready output — executive summary and technical findings in one document.
Same OpenAI / Claude / Ollama providers you use in CE — but Pro injects CVE matches, MITRE techniques, risk scores, and verification status into every prompt. Vastly better output.
Unlimited scan history in SQLite. CVE-level delta detection — new vulnerabilities since last scan, not just host diffs. Risk trend analysis (improving / degrading / stable).
Configurable profiles (strict / moderate / minimal), additional patterns for AWS keys, DB connection strings, and JWTs. Full redaction audit log for compliance.
Four additional tools for AI assistant integration: get_vulnerabilities, risk_summary, scan_compare, save_finding.
Agents run via Promise.allSettled — if one category has no relevant services, it's skipped. Results feed the risk engine.
Start the MCP server with nsauditor-ai-mcp — works with Claude Desktop, Cursor, and any MCP-compatible AI assistant.
# @nsasoft/nsauditor-ai-ee is a private (restricted) package. # Use the npm read-token delivered with your license email. npm config set //registry.npmjs.org/:_authToken npm_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Or, project-scoped, in an .npmrc file echo "//registry.npmjs.org/:_authToken=npm_xxxx..." >> ~/.npmrc
# Install the CE platform (if not already) npm install -g nsauditor-ai # Add the Pro package npm install -g @nsasoft/nsauditor-ai-ee
export NSAUDITOR_LICENSE_KEY=pro_eyJhbGciOiJFUzI1NiIs... # Verify it's working nsauditor-ai license --status ✓ Pro license active | Org: you@example.com | Expires: 2027-04-29
nsauditor-ai scan --host 192.168.1.0/24 --plugins all # View your AI report in browser open out/192.168.1.0_*/scan_response_ai.html # macOS xdg-open out/192.168.1.0_*/scan_response_ai.html # Linux # Executive scan with branded PDF nsauditor-ai scan --host 10.0.0.0/24 --plugins all \ --report-mode executive --report-brand ./my-logo.png
Subscribe directly to unlock the verification engine, CVE matching, MITRE mapping, parallel analysis agents, and branded reports. Cancel anytime — reverts to Community Edition with no data lost.