Skip to main content

Browser-observed web intelligence platform

Project description

NetBear

NetBear is a browser-observed web exposure intelligence platform for authorized security testing. It uses Playwright-driven crawling to observe pages, requests, responses, JavaScript assets, forms, headers, and generated artifacts so testers can understand a target's exposed surface before deeper manual validation.

NetBear is intended for systems you own or have explicit permission to test.

What NetBear Does

  • Crawls web applications with a real Chromium browser.
  • Reuses authenticated browser state for logged-in scans.
  • Enforces target scope rules before scanning.
  • Captures HAR, cURL replay files, screenshots, JavaScript, JSON/XHR responses, fingerprints, and crawl summaries.
  • Extracts links, forms, GET parameters, endpoint literals, DOM XSS sink hints, auth storage patterns, and backend fingerprint signals.
  • Can run Nuclei after crawling when the external nuclei binary is available.
  • Provides CLI commands for local scans and generated artifacts.
  • Holds the local API/dashboard entrypoint back while the UI is refactored.

Installation

Install from PyPI:

python -m pip install netbear
python -m playwright install chromium
netbear-check

Install from PyPI when validating pre-release builds:

python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check

Installation from PyPI :

python -m pip install --upgrade pip setuptools wheel
python -m pip install netbear
python -m playwright install chromium
netbear-check

Installation from PyPI (pre-release validation):

python -m pip install --upgrade pip setuptools wheel
python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check

Quick Start

Create starter target and scope files:

netbear-init --targets targets.txt --scopes scopes.txt

Edit both files before scanning. targets.txt should contain URLs you are authorized to test. scopes.txt should contain the domains or wildcard domains NetBear is allowed to crawl.

Run a dry run first:

netbear-crawl --targets targets.txt --scopes scopes.txt --dry-run

Run a browser crawl without Nuclei:

netbear-crawl --targets targets.txt --scopes scopes.txt --no-nuclei

List recent crawl runs:

netbear-runs

Inspect the latest run's artifacts:

netbear-artifacts --run latest
netbear-artifacts --run latest --show summary
netbear-artifacts --run latest --show curl-summary

Preview safe replay confirmations from filtered crawl requests:

netbear-replay --run latest
netbear-replay --run latest --limit 20

Send the selected safe replay requests only when you are authorized:

netbear-replay --run latest --execute

Limit crawl size while testing:

netbear-crawl --targets targets.txt --scopes scopes.txt --max-depth 2 --max-pages 15 --delay 1.5 --no-nuclei

The netbear-api and netbear-worker commands are currently present for compatibility, but they exit with clear messages instead of starting the unfinished API/dashboard queue path.

CLI Commands

netbear commands
netbear help netbear-crawl
netbear-check
netbear-init --help
netbear-crawl --help
netbear-runs --help
netbear-artifacts --help
netbear-replay --help
netbear-worker --help

Common Environment Variables

  • NETBEAR_TARGETS_FILE: default target file for CLI crawls.
  • NETBEAR_SCOPES_FILE: default scope file for CLI crawls.
  • NETBEAR_MAX_DEPTH: crawl depth limit.
  • NETBEAR_MAX_PAGES_PER_DOMAIN: page limit per domain.
  • NETBEAR_RATE_LIMIT_SEC: delay between requests/actions.
  • NETBEAR_REPORTS_DIR: output directory for generated reports.
  • NETBEAR_NUCLEI_ENABLED: enable or disable Nuclei integration.
  • NETBEAR_NUCLEI_RUN_AFTER_CRAWL: run Nuclei after crawl completion.

Outputs

NetBear writes run artifacts under the configured reports directory. Typical outputs include:

  • CRAWL_SUMMARY.txt
  • report.txt
  • HAR exports
  • full and filtered cURL replay scripts
  • captured JavaScript files
  • captured JSON/XHR files
  • screenshots
  • backend fingerprint JSON
  • JavaScript structure JSON
  • optional Playwright traces
  • generated fuzzing guidance

License

NetBear open-core releases are licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netbear-0.1.5.tar.gz (122.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netbear-0.1.5-py3-none-any.whl (149.9 kB view details)

Uploaded Python 3

File details

Details for the file netbear-0.1.5.tar.gz.

File metadata

  • Download URL: netbear-0.1.5.tar.gz
  • Upload date:
  • Size: 122.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for netbear-0.1.5.tar.gz
Algorithm Hash digest
SHA256 65bd5e8965d05a1fbb779e4c963cc256052df6469e9da6b485199eebf95d16f7
MD5 289d22062019bac3b5cb87081ac17a2a
BLAKE2b-256 5131b4e169e006d6e511be42e6631e57c0629c5db1fe62bafbe405b5c836e4c2

See more details on using hashes here.

File details

Details for the file netbear-0.1.5-py3-none-any.whl.

File metadata

  • Download URL: netbear-0.1.5-py3-none-any.whl
  • Upload date:
  • Size: 149.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for netbear-0.1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 4456f7d26452f880252608a15555629517e547cef709e911893a01dbc73a0966
MD5 df1fc043842cb2f6e2fa7e25e94267ee
BLAKE2b-256 e93b064505af7db99302f8e0dcbbecbe5144fc5ab362b9633efab475fc6d9439

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page