Skip to main content

Browser-observed web intelligence platform

Project description

NetBear

NetBear is a browser-observed web exposure intelligence platform for authorized security testing. It uses Playwright-driven crawling to observe pages, requests, responses, JavaScript assets, forms, headers, and generated artifacts so testers can understand a target's exposed surface before deeper manual validation.

NetBear is intended for systems you own or have explicit permission to test.

What NetBear Does

  • Crawls web applications with a real Chromium browser.
  • Reuses authenticated browser state for logged-in scans.
  • Enforces target scope rules before scanning.
  • Captures HAR, cURL replay files, screenshots, JavaScript, JSON/XHR responses, fingerprints, and crawl summaries.
  • Extracts links, forms, GET parameters, endpoint literals, DOM XSS sink hints, auth storage patterns, and backend fingerprint signals.
  • Can run Nuclei after crawling when the external nuclei binary is available.
  • Provides CLI commands for local scans and generated artifacts.
  • Holds the local API/dashboard entrypoint back while the UI is refactored.

Installation

Install from PyPI:

python -m pip install netbear
python -m playwright install chromium
netbear-check

Install from PyPI when validating pre-release builds:

python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check

Installation from PyPI :

python -m pip install --upgrade pip setuptools wheel
python -m pip install netbear
python -m playwright install chromium
netbear-check

Installation from PyPI (pre-release validation):

python -m pip install --upgrade pip setuptools wheel
python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check

Quick Start

Create starter target and scope files:

netbear-init --targets targets.txt --scopes scopes.txt

Edit both files before scanning. targets.txt should contain URLs you are authorized to test. scopes.txt should contain the domains or wildcard domains NetBear is allowed to crawl.

Run a dry run first:

netbear-crawl --targets targets.txt --scopes scopes.txt --dry-run

Run a browser crawl without Nuclei:

netbear-crawl --targets targets.txt --scopes scopes.txt --no-nuclei

List recent crawl runs:

netbear-runs

Inspect the latest run's artifacts:

netbear-artifacts --run latest
netbear-artifacts --run latest --show summary
netbear-artifacts --run latest --show curl-summary

Preview safe replay confirmations from filtered crawl requests:

netbear-replay --run latest
netbear-replay --run latest --limit 20

Send the selected safe replay requests only when you are authorized:

netbear-replay --run latest --execute

Limit crawl size while testing:

netbear-crawl --targets targets.txt --scopes scopes.txt --max-depth 2 --max-pages 15 --delay 1.5 --no-nuclei

The netbear-api and netbear-worker commands are currently present for compatibility, but they exit with clear messages instead of starting the unfinished API/dashboard queue path.

CLI Commands

netbear commands
netbear help netbear-crawl
netbear-check
netbear-init --help
netbear-crawl --help
netbear-runs --help
netbear-artifacts --help
netbear-replay --help
netbear-worker --help

Common Environment Variables

  • NETBEAR_TARGETS_FILE: default target file for CLI crawls.
  • NETBEAR_SCOPES_FILE: default scope file for CLI crawls.
  • NETBEAR_MAX_DEPTH: crawl depth limit.
  • NETBEAR_MAX_PAGES_PER_DOMAIN: page limit per domain.
  • NETBEAR_RATE_LIMIT_SEC: delay between requests/actions.
  • NETBEAR_REPORTS_DIR: output directory for generated reports.
  • NETBEAR_NUCLEI_ENABLED: enable or disable Nuclei integration.
  • NETBEAR_NUCLEI_RUN_AFTER_CRAWL: run Nuclei after crawl completion.

Outputs

NetBear writes run artifacts under the configured reports directory. Typical outputs include:

  • CRAWL_SUMMARY.txt
  • report.txt
  • HAR exports
  • full and filtered cURL replay scripts
  • captured JavaScript files
  • captured JSON/XHR files
  • screenshots
  • backend fingerprint JSON
  • JavaScript structure JSON
  • optional Playwright traces
  • generated fuzzing guidance

License

NetBear open-core releases are licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netbear-0.1.3.tar.gz (119.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netbear-0.1.3-py3-none-any.whl (146.5 kB view details)

Uploaded Python 3

File details

Details for the file netbear-0.1.3.tar.gz.

File metadata

  • Download URL: netbear-0.1.3.tar.gz
  • Upload date:
  • Size: 119.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for netbear-0.1.3.tar.gz
Algorithm Hash digest
SHA256 e3e0734a301c83e1ad0eefde3babeb199b157a8b7ec84f121b230b295343d7d8
MD5 f35e7f5dfec1bbec1797ee1c9bee72a8
BLAKE2b-256 1a15a0ec445318679e01727502eba4718866abc15e7f81e6c2d92e251328b52d

See more details on using hashes here.

File details

Details for the file netbear-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: netbear-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 146.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for netbear-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 cd2717843fa8e0b2b791db1216daaefa9b526a002d13cc6b594ee70c3f81cb0f
MD5 3cf1bbb60235dbee12d204e166c6c35b
BLAKE2b-256 ba0980cea675dcc5d8bc7a09b999cef0b8691ff8bbf9de794dead2488e1e4952

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page