Skip to main content

Browser-observed web intelligence platform

Project description

NetBear

NetBear is a browser-observed web exposure intelligence platform for authorized security testing. It uses Playwright-driven crawling to observe pages, requests, responses, JavaScript assets, forms, headers, and generated artifacts so testers can understand a target's exposed surface before deeper manual validation.

NetBear is intended for systems you own or have explicit permission to test.

What NetBear Does

  • Crawls web applications with a real Chromium browser.
  • Reuses authenticated browser state for logged-in scans.
  • Enforces target scope rules before scanning.
  • Captures HAR, cURL replay files, screenshots, JavaScript, JSON/XHR responses, fingerprints, and crawl summaries.
  • Extracts links, forms, GET parameters, endpoint literals, DOM XSS sink hints, auth storage patterns, and backend fingerprint signals.
  • Can run Nuclei after crawling when the external nuclei binary is available.
  • Provides CLI commands for local scans and generated artifacts.
  • Holds the local API/dashboard entrypoint back while the UI is refactored.

Installation

Install from PyPI:

python -m pip install netbear
python -m playwright install chromium
netbear-check

Install from PyPI when validating pre-release builds:

python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check

Installation from PyPI :

python -m pip install --upgrade pip setuptools wheel
python -m pip install netbear
python -m playwright install chromium
netbear-check

Installation from PyPI (pre-release validation):

python -m pip install --upgrade pip setuptools wheel
python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check

Quick Start

Create starter target and scope files:

netbear-init --targets targets.txt --scopes scopes.txt

Edit both files before scanning. targets.txt should contain URLs you are authorized to test. scopes.txt should contain the domains or wildcard domains NetBear is allowed to crawl.

Run a dry run first:

netbear-crawl --targets targets.txt --scopes scopes.txt --dry-run

Run a browser crawl without Nuclei:

netbear-crawl --targets targets.txt --scopes scopes.txt --no-nuclei

List recent crawl runs:

netbear-runs

Inspect the latest run's artifacts:

netbear-artifacts --run latest
netbear-artifacts --run latest --show summary
netbear-artifacts --run latest --show curl-summary

Preview safe replay confirmations from filtered crawl requests:

netbear-replay --run latest
netbear-replay --run latest --limit 20

Send the selected safe replay requests only when you are authorized:

netbear-replay --run latest --execute

Limit crawl size while testing:

netbear-crawl --targets targets.txt --scopes scopes.txt --max-depth 2 --max-pages 15 --delay 1.5 --no-nuclei

The netbear-api and netbear-worker commands are currently present for compatibility, but they exit with clear messages instead of starting the unfinished API/dashboard queue path.

CLI Commands

netbear commands
netbear help netbear-crawl
netbear-check
netbear-init --help
netbear-crawl --help
netbear-runs --help
netbear-artifacts --help
netbear-replay --help
netbear-worker --help

Common Environment Variables

  • NETBEAR_TARGETS_FILE: default target file for CLI crawls.
  • NETBEAR_SCOPES_FILE: default scope file for CLI crawls.
  • NETBEAR_MAX_DEPTH: crawl depth limit.
  • NETBEAR_MAX_PAGES_PER_DOMAIN: page limit per domain.
  • NETBEAR_RATE_LIMIT_SEC: delay between requests/actions.
  • NETBEAR_REPORTS_DIR: output directory for generated reports.
  • NETBEAR_NUCLEI_ENABLED: enable or disable Nuclei integration.
  • NETBEAR_NUCLEI_RUN_AFTER_CRAWL: run Nuclei after crawl completion.

Outputs

NetBear writes run artifacts under the configured reports directory. Typical outputs include:

  • CRAWL_SUMMARY.txt
  • report.txt
  • HAR exports
  • full and filtered cURL replay scripts
  • captured JavaScript files
  • captured JSON/XHR files
  • screenshots
  • backend fingerprint JSON
  • JavaScript structure JSON
  • optional Playwright traces
  • generated fuzzing guidance

License

NetBear open-core releases are licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netbear-0.1.4.tar.gz (121.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netbear-0.1.4-py3-none-any.whl (148.6 kB view details)

Uploaded Python 3

File details

Details for the file netbear-0.1.4.tar.gz.

File metadata

  • Download URL: netbear-0.1.4.tar.gz
  • Upload date:
  • Size: 121.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for netbear-0.1.4.tar.gz
Algorithm Hash digest
SHA256 626caa2797cd98d8b18d1a0cbda927664d18c6dbac07fab773255b51d2ba3e86
MD5 3c54bb9c31f3581108273f9a5b827754
BLAKE2b-256 844855c6176a5a301b2fa0f8222d389b7ea337eb3c5fb7c55fcebad0dba0b6de

See more details on using hashes here.

File details

Details for the file netbear-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: netbear-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 148.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for netbear-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 bdb0b61cef15f6689f8847576e2a2d6ffd3ca141ae76082b87515c64abaeeede
MD5 f26f6fdd02331207912bcb170e9e04d5
BLAKE2b-256 4bc2b057da5c316657fcc5f101973eb8110984f98cbfd1e98699e39764b6288f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page