Tailsnitch is a security auditing tool designed for Tailscale configurations, scanning your tailnet for over 50 potential misconfigurations and security issues. Setting it up requires your Tailscale API credentials, after which you can run a full audit with a simple command. The tool allows you to filter results by severity — focusing on high-severity issues — and even offers an interactive fix mode to address problems directly through the Tailscale API. Users can generate evidence reports for SOC 2 audits in both JSON and CSV formats, providing detailed results for each resource tested. The tool supports OAuth for authentication, which is more secure than traditional API keys. OAuth clients can be set up to allow scoped access, minimizing risk when employees leave the organization. Key checks include identifying overly permissive access controls, default allow policies, and the presence of reusable authentication keys, which can lead to significant security vulnerabilities. Tailsnitch performs checks across various categories, including access control, authentication, device security, and network exposure. For users needing customization, Tailsnitch allows the creation of an ignore file to suppress known risks. The audit provides detailed output that can be tailored for specific needs, including showing passing checks or filtering by categories like access or network security. The ability to run specific checks or preview fixes before executing them adds an extra layer of control for administrators. Overall, Tailsnitch offers a comprehensive approach to enhance security within Tailscale environments.