Great idea, Chad! Building on that - how about you don't pick the profile right then, but rather the profile keys off either the IP address or the host name or, probably best, a parameter to the URL. The server could also figure out the client's operating system automatically based on the User-Agent header, and generate either the .sh or the .vbs as appropriate.
With such a mechanism, the actual audit script could be as simple as (Linux example, Windows would be similar):
wget -O /tmp/audit_script.sh
http://myserver/openaudit/get_audit_script.phpchmod +x /tmp/audit_script.sh
/tmp/audit_script.sh
rm /tmp/audit_script.sh
Or with a non-default profile:
wget -O /tmp/audit_script.sh
http://myserver/openaudit/get_audit_scr ... =MyProfilechmod +x /tmp/audit_script.sh
/tmp/audit_script.sh
rm /tmp/audit_script.sh