IPv4 + IPv6 — full dual-stack support
SECURITY
guardian_audit
FREE
Machine security scanner. Checks for backdoors, unauthorized RDP/SSH, persistence mechanisms, and suspicious connections. Geo-IP tags foreign IPs. 45+ checks across Windows, macOS, and Linux.
CAPABILITIES
Platform-Specific Security Checks
Windows
- Scheduled tasks
- Services
- Startup items
- WMI subscriptions
- Defender exclusions
- BITS jobs
- COM hijacking
- IFEO debugger injection
- AppInit_DLLs
- Named pipes
- Alternate Data Streams
Linux
- Crontabs (user + system)
- Systemd services
- Systemd timers
- Kernel modules
- LD_PRELOAD config
- File capabilities
- SUID/SGID binaries
- /etc/rc.local
- Suspicious network connections
macOS
- LaunchAgents
- LaunchDaemons
- Login items
- Kernel extensions
- System extensions
- Profiles (MDM)
- Suspicious network connections
Cross-Platform
- Browser extensions
- npm global packages
- Docker containers
- Git hooks
- IDE extensions
- SSH authorized keys
- Network connections
- DNS configuration
Geo-IP Intelligence
Every external IP address found during the audit is tagged with geographic location data. IPv4 and IPv6 are both supported. Connections to unexpected geographic regions are flagged for investigation.
Use skipGeo: true to disable geo-IP lookups for faster offline scans when network access is unavailable or unnecessary.
Country + city — geographic resolution for each external IP
Anomaly detection — flags connections to unexpected regions
Smart False Positive Handling
Guardian Audit includes a built-in whitelist of known safe software to minimize false positives. Common developer tools and security products are automatically recognized and excluded from findings.
Whitelisted Software
1Password
Bitwarden
Docker Desktop
VS Code
Homebrew
+ more
Verdicts
INVESTIGATE
Active threat indicators found. Immediate review needed.
REVIEW
Suspicious items found. May be legitimate.
CLEAN
No threats detected. System looks healthy.
EXAMPLE
Scan Your Machine for Threats
MCP Tool Call
// Request
{
"name": "guardian_audit",
"arguments": {
"skipGeo": false
}
}
// Response
{
"verdict": "REVIEW",
"platform": "win32",
"checks_run": 47,
"findings": [
{
"category": "scheduled_tasks",
"severity": "medium",
"detail": "Unknown task: UpdateCheck",
"path": "\\Microsoft\\Windows\\UpdateCheck"
},
{
"category": "browser_extensions",
"severity": "low",
"detail": "3 extensions detected in Chrome",
"whitelisted": 2,
"flagged": 1
}
],
"network": {
"connections": 14,
"external_ips": 8,
"geo_tagged": 8,
"flagged": 0
},
"cross_platform": {
"npm_globals": 12,
"docker_containers": 3,
"git_hooks": 0,
"ide_extensions": 24
}
}
CLI Usage
Terminal
# Full machine audit with geo-IP tagging
npx 50c guardian-audit
# Fast offline scan (skip geo-IP lookups)
npx 50c guardian-audit --skip-geo
USE CASES
When to Audit Your Machine
Post-Incident Response
After a suspected breach or phishing attack, run Guardian Audit to check for persistence mechanisms and unauthorized access points.
New Machine Setup
Baseline a new development machine. Run Guardian Audit to verify no pre-installed backdoors or unwanted persistence from OEM software.
Regular Security Sweeps
Schedule weekly or monthly audits on developer machines. Catch unauthorized changes before they become incidents.
Package Install Verification
Run after installing new npm packages or running unknown scripts. Detect if a package dropped persistence mechanisms on your system.
Remote Worker Compliance
Have team members run Guardian Audit on their machines. Review findings to ensure corporate security policies are being met.
Network Connection Audit
Identify all external connections with geo-IP tagging. Detect unauthorized outbound connections to unexpected geographic regions.
Know What Is Running on Your Machine
Guardian Audit is free for all 50c users. 45+ security checks, geo-IP tagging, cross-platform detection, zero cost.
Get Started Free