Show HN: Tailsnitch – A Security Auditor for Tailscale

https://news.ycombinator.com/rss Hits: 21
Summary

Tailsnitch A security auditor for Tailscale configurations. Tailsnitch scans your tailnet for 50+ misconfigurations, overly permissive access controls, and security best practice violations. Quick Start # 1. Set your Tailscale API credentials export TSKEY= " tskey-api-... " # 2. Run audit tailsnitch # 3. See only high-severity findings tailsnitch --severity high # 4. Fix some issues ~interactively~ yolo mode tailsnitch --fix Installation Download Pre-built Binary Download the latest release from GitHub Releases. macOS users: Remove quarantine attribute after download: sudo xattr -rd com.apple.quarantine tailsnitch Install via Go go install github.com/Adversis/tailsnitch@latest Build from Source git clone https://github.com/Adversis/tailsnitch.git cd tailsnitch go build -o tailsnitch . Authentication Tailsnitch supports two authentication methods. OAuth is preferred when both are configured. Option 1: OAuth Client (Recommended) OAuth clients provide scoped, auditable access that doesn't expire when employees leave. export TS_OAUTH_CLIENT_ID= " ... " export TS_OAUTH_CLIENT_SECRET= " tskey-client-... " Create an OAuth client at: https://login.tailscale.com/admin/settings/oauth Required scopes for read-only audit: all:read (simplest), or individually: (simplest), or individually: policy_file:read - ACL policy - ACL policy devices:core:read - Device list - Device list dns:read - DNS configuration - DNS configuration auth_keys:read - Auth keys (for AUTH checks) Additional scopes for fix mode: devices:core - Delete devices, modify tags (requires tag selection) - Delete devices, modify tags (requires tag selection) auth_keys - Delete auth keys Option 2: API Key API keys operate as the user who created them and inherit that user's permissions. export TSKEY= " tskey-api-... " Create an API key at: https://login.tailscale.com/admin/settings/keys Usage Examples Basic Audit # Run full audit tailsnitch # Show passing checks too (verbose) tailsnitch --verbose # Output as JSON for ...

First seen: 2026-01-05 17:25

Last seen: 2026-01-06 13:36

Read Full Article More from this Source
Related News
The Concise TypeScript Book
2026-01-11 · 1 hits
'Bandersnatch': The Works That Inspired the 'Black Mirror' Interactive Feature (2019)
2026-01-11 · 1 hits
I build products to get "unplugged" from the internet
2026-01-11 · 1 hits
CPU Counters on Apple Silicon: article + tool
2026-01-11 · 4 hits
Datadog, Thank You for Blocking Us
2026-01-11 · 5 hits