Frequently Asked Questions

Paranoid is a native macOS network security suite that combines device discovery, vulnerability scanning, WiFi and Bluetooth threat monitoring, hidden camera detection, host-based IDS capabilities, and integrated professional security tools in one interface.

It is designed for security professionals, sysadmins, consultants, advanced home users, and anyone who needs full visibility and defensive control over local networks and connected devices.

Yes. Paranoid is built specifically for macOS (Apple Silicon and Intel) to provide deep system integration, native performance, and a consistent user experience.

No. Paranoid wraps advanced scanning and security workflows into a GUI-first experience. Power users can still use advanced settings, but daily use does not require terminal expertise.

Paranoid requires macOS 14+ and is distributed as a universal binary compatible with ARM64 and x86_64. Some advanced operations may require admin approval when enabling privileged capabilities.

The Privileged Helper enables root-level operations (such as deeper scan modes). Core features can work without it, but installing it unlocks the full advanced feature set and improves scan depth. The helper is fully open source — the complete daemon code is published on GitHub so you can audit every line that runs as root on your Mac before installing it.

Yes — 100%. The full source code of the helper daemon is hosted at github.com/andreapianidev/paranoid-macOS-security-helper under the MIT license. We open-sourced it because trusting a closed-source binary with root permissions is exactly what a security-conscious user should refuse. You can read the 23 XPC operations, verify the mutual code-signing model, and reproduce the build from source. Contributors who land a meaningful PR receive a free macOS TestFlight invite to the full Paranoid app — email andreapiani.dev@gmail.com after your first merged PR.

Yes. Core platform modules run without Homebrew. Homebrew is used to install/manage external professional tools inside the integrated Tools section.

Paranoid uses a multi-phase discovery pipeline that combines ARP, service probes, protocol enrichment, and additional host validation instead of relying only on ping-based checks.

Depending on enabled modules, Paranoid can detect suspicious device activity, vulnerability exposures, WiFi attacks (including evil twin indicators), Bluetooth tracker anomalies, unusual traffic patterns, and high-risk open service configurations.

Yes. The vulnerability module correlates detected service information with vulnerability intelligence and scoring logic to help prioritize remediation.

Yes. You can run continuous monitoring and alerting workflows and combine them with automation rules to react faster to changes and suspicious events.

Monitor Mode turns your wireless adapter into a passive 802.11 sensor. Instead of seeing only your own connection, Paranoid can observe nearby WiFi frame activity to support authorized wireless security analysis.

You can analyze access points, probe requests, deauth/disassociation events, handshake-related activity, channel behavior, and client presence. This gives a high-resolution picture of the wireless environment around you.

Yes. Monitor Mode surfaces AP-level details (SSID/BSSID/channel/security/signal) so you can identify suspicious infrastructure patterns such as duplicated SSIDs, weak setups, and unknown nearby APs.

By highlighting abnormal deauth/disassociation bursts, Paranoid helps you detect potential wireless disruption or pre-attack behavior. This is useful when troubleshooting instability and during defensive assessments.

Paranoid tracks handshake-related events for authorized auditing and verification workflows. Captures are organized by session context so you can review channels, involved clients, and timeline information more easily.

Yes. Use fixed channel mode for focused analysis, or channel hopping for broader situational awareness across multiple channels in the same session.

Yes. Paranoid maps observed client activity and AP context to help you understand who is communicating where, which clients are expected, and which ones may be unknown in your environment.

Yes. Session history allows you to compare captures over time, document anomalies, and build incident evidence for audits and follow-up investigations.

It can, depending on hardware/driver behavior and capture strategy. Paranoid explicitly warns about possible temporary connectivity impact so you can run captures safely and intentionally.

Bluetooth Guard continuously scans nearby wireless space to discover, classify, and assess both BLE (Bluetooth Low Energy) and Classic Bluetooth devices. It helps you identify unknown devices, understand what each device exposes, and detect potential privacy/security risks such as suspicious trackers and insecure pairing behavior.

Yes. Paranoid supports dual-mode Bluetooth discovery. This allows it to detect a wide range of devices including earbuds, watches, keyboards, phones, smart home devices, fitness wearables, beacons, and embedded IoT devices that may advertise through different Bluetooth modes.

Distance is estimated using received signal strength (RSSI) and available transmit power data. Devices are grouped into practical proximity bands (for example immediate, near, medium, far) to help you prioritize nearby unknown devices first during investigations.

GATT enumeration inspects advertised Bluetooth services and characteristics to infer what a device can do and what type of data it may expose (for example battery, health metrics, device info, location-related services). This gives much more context than a device name alone and improves risk triage.

Yes. Bluetooth Guard includes tracker-focused detection heuristics to identify likely tracking devices, including known patterns related to AirTag-class devices and other popular tracker ecosystems. Detection is based on Bluetooth identity signals, behavior patterns, and service/manufacturer indicators when available.

You can establish a trusted baseline of known Bluetooth devices. During later scans, newly observed devices outside that baseline are flagged as unknown/rogue so you can quickly focus on changes that matter instead of re-checking known safe devices every time.

Yes. Paranoid evaluates device-level risk factors such as weak/insecure pairing modes, potentially sensitive exposed services, and suspicious behavior signatures. This helps you distinguish harmless nearby devices from those that deserve immediate attention.

Yes. It can be used in repeated or continuous monitoring workflows so that newly appearing devices and tracker-like patterns are detected quickly, rather than only during one-time manual checks.

blueutil is one of the integrated professional tools and supports operational Bluetooth control/inspection workflows from inside Paranoid. Bluetooth Guard combines this integration with native detection logic to provide a practical, GUI-first security workflow.

Yes. Bluetooth findings can be reviewed in the same broader reporting workflow used by Paranoid so you can keep evidence for audits, incident documentation, and follow-up verification.

Paranoid currently integrates 12 professional tools in the application workflow, including Nmap, Masscan, SSLScan, Bettercap, Nikto, Nuclei, Hydra, Gobuster, blueutil, Hashcat, SNMP Walk, and Crunch.

They are integrated in-app with discovery, execution, and output flows so you can launch and manage operations from one interface rather than manually orchestrating separate terminal sessions.

After privileged setup, tools that require elevated operations can run through the helper workflow, reducing repetitive prompt friction while keeping privileged actions controlled.

Three options at checkout: Monthly at €6.99 per month, Annual at €69 per year, and Lifetime at €129 (one-time payment, free updates forever, transferable). All plans unlock every feature. A 7-day free trial runs in the app for everyone after first launch — no credit card required.

Download Paranoid and the 7-day trial starts automatically on first launch — full features unlocked, no payment, no credit card required. After 7 days, the app asks for a license key. Buy any plan (Monthly, Annual, or Lifetime) when you decide to keep using it.

You can cancel any time from the customer portal link included in your purchase email. Monthly and annual subscriptions remain active until the end of the paid period.

Payments are processed by Paddle as Merchant of Record, including billing and taxes where applicable. Paddle accepts cards (Visa, Mastercard, Amex), Apple Pay, Google Pay, PayPal, and SEPA.

You can read full legal documents here: Terms and Conditions, Privacy Policy, Refund Policy, and Cookie Policy.

Send a request to immaginet@pec.it including your order reference, purchase date, and reason. Requests are evaluated according to the Refund Policy and applicable law.

No, not by default. The site is configured without analytics and marketing cookies. Consent storage is used for essential cookie preference recording.

Yes. You can reopen Cookie Preferences at any time from the website footer and update optional consent categories.

The data controller is Immaginet Srl, Via Pelliccerie 10, VAT IT02915190306. Legal/privacy contact: immaginet@pec.it.

Check selected scan profile, network interface, VPN state, and whether deep scan modules are enabled. High thoroughness and large ranges naturally increase runtime.

Confirm the tool is installed, supported on your architecture, and has required privileges. If needed, reinstall from the integrated tool management flow and retry.

For product support, use the dedicated Support page. For legal or privacy requests, contact immaginet@pec.it.