Security Toolkit
Scan your infrastructure for access issues, exposed secrets, misconfigurations, and runtime risks. View an interactive report and export to PDF — all in your browser.
Quick install
curl -fsSL https://updates.onepam.com/cli/install.sh | sh
Linux & macOS · amd64 & arm64 · no dependencies
What it checks
Access
SSH config, sudo rules, user accounts, authorized keys, PAM policies
Secrets
Cloud credentials, SSH keys, .env files, Docker & K8s tokens, git stores
Configuration
Firewall, SELinux/AppArmor, kernel hardening, file permissions, auto-updates
Risks
Root processes, world-writable dirs, SUID binaries, Docker socket
Usage
onepam scan
onepam scan --category secrets
onepam scan --format json > report.json
Sample output
Scanning access... ✗ SSH root login CRITICAL ! SSH password authentication WARN ✓ SSH empty passwords PASS ✓ Passwordless sudo PASS Scanning secrets... ✗ AWS credentials CRITICAL ! SSH key passphrase WARN ✓ Git credential store PASS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ SCAN COMPLETE — Score: 45/100 (Needs Attention) 2 critical · 1 warning · 3 pass
FAQ
Is it free?
Yes. The Security Toolkit CLI is completely free with no limits. Run it on as many servers as you want.
Does it send data anywhere?
No. All checks run locally. No data is collected, transmitted, or stored. The JSON output stays on your filesystem.
Does it modify anything on my system?
No. The scanner is read-only. It reads configuration files, /proc entries, and file metadata. It never writes or changes anything.
What about the report viewer?
The report viewer processes your JSON entirely in your browser. Nothing is uploaded. PDF generation also happens client-side.
How is this different from OnePAM?
The toolkit gives you a one-time snapshot. OnePAM provides continuous monitoring, automated remediation, Zero Trust Access, and a full audit trail across your entire infrastructure.
Need continuous protection?
OnePAM monitors, remediates, and enforces Zero Trust across your entire infrastructure.