A consistent, offline endpoint audit that runs from a USB drive.
On-site security assessments often rely on whoever happens to run them that day — different people, different checks, results that can't be compared. This tool standardises the process: plug in, run the script, get a structured JSON report covering hardware, network posture, and system configuration across macOS, Linux, and Windows.
The problem
Security assessments that varied by who ran them.
Inconsistent assessments
On-site security assessments depended on whoever ran them that day — different people checked different things, used different tools, and produced results that couldn't be compared across clients or visits.
Slow and manual
Collecting system inventory and network posture meant running commands one by one, copying output, and assembling a report by hand. Hours of work for information that should take minutes.
Online dependency
Most audit tools require an internet connection, an agent installation, or both. Running them on a client's machine — especially in an air-gapped or restricted environment — was impractical.
Evidence, not just results
Most audit tools report a pass or fail. This one captures the evidence behind every finding: the exact command that was run, its return code, and the raw output. When a client asks why something was flagged — or how a specific result was determined — the answer is already in the report.
The output is structured JSON, which means it can be read directly, parsed by other tools, or fed into a reporting template. Every run produces the same schema regardless of which platform it ran on.
audit_report.json — sanitised
{
"system": {
"hostname": "WS-EXAMPLE-01",
"os": "macOS 14.4.1",
"arch": "arm64",
},
"network": {
"default_gateway": "192.168.1.1",
"dns_servers": "["8.8.8.8","8.8.4.4"]",
"proxy_enabled": "false",
},
"hardware": {
"cpu_cores": "10",
"ram_gb": "16",
"disk_used_pct": "61%",
},
"evidence": [cmd, rc, stdout] …
}
The same checks on every platform
macOS, Linux, and Windows expose the same information through completely different commands. The auditor wraps each platform's native tooling — scutil on macOS, resolvectl on Linux, netsh on Windows — and normalises the output into a consistent schema.
Fallbacks handle the variance across distributions and configurations. If the primary command isn't available, the auditor tries an alternative. If nothing works, it reports clearly what it attempted and why.
macOS
- Default route / gateway
- DNS resolver config
- Proxy configuration
- CPU, memory, disk
- Interface inventory
- Listening ports
Linux
- Default route (ip / netstat fallback)
- DNS (resolvectl / resolv.conf)
- Proxy (env vars + /etc/environment)
- Hardware via psutil
- Network interfaces
- Listening ports
Windows
- Default route (Get-NetRoute / route print)
- DNS (Get-DnsClientServerAddress)
- Proxy (netsh + HKCU registry)
- Hardware via psutil
- Network interfaces
- Listening ports
Solution overview
Plug in. Run. Report.
Plug in
Run from a USB drive. No installation, no internet connection required.
Collect
Hardware, network, and system data gathered using OS-native commands and psutil.
Validate
Evidence captured per check — command run, return code, raw stdout/stderr.
Report
Client-ready JSON report written to the output directory. Portable and reviewable.
Built-in safeguards
Built to run safely on client systems.
Offline by design
No network calls during the audit. The tool runs entirely from local commands and the USB-mounted script.
Evidence per finding
Every check captures the raw command and its output — not just a pass/fail. Results are justifiable and auditable.
Safe failure modes
If a check isn't supported on the current OS or permission level, it fails gracefully and logs the reason rather than crashing the run.
No data left behind
The tool reads and reports — it does not write to the target system, install agents, or modify any configuration.
Technologies used
Need a consistent, repeatable way to assess endpoint security across your clients?
Let's talk about building an assessment process that produces the same quality of evidence every time — regardless of who runs it.