Browser-observed web intelligence platform
Project description
NetBear
NetBear is a browser-observed web exposure intelligence platform for authorized security testing. It uses Playwright-driven crawling to observe pages, requests, responses, JavaScript assets, forms, headers, and generated artifacts so testers can understand a target's exposed surface before deeper manual validation.
NetBear is intended for systems you own or have explicit permission to test.
What NetBear Does
- Crawls web applications with a real Chromium browser.
- Reuses authenticated browser state for logged-in scans.
- Enforces target scope rules before scanning.
- Captures HAR, cURL replay files, screenshots, JavaScript, JSON/XHR responses, fingerprints, and crawl summaries.
- Extracts links, forms, GET parameters, endpoint literals, DOM XSS sink hints, auth storage patterns, and backend fingerprint signals.
- Can run Nuclei after crawling when the external
nucleibinary is available. - Provides CLI commands for local scans and generated artifacts.
- Holds the local API/dashboard entrypoint back while the UI is refactored.
Installation
Install from PyPI:
python -m pip install netbear
python -m playwright install chromium
netbear-check
Install from PyPI when validating pre-release builds:
python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check
Installation from PyPI :
python -m pip install --upgrade pip setuptools wheel
python -m pip install netbear
python -m playwright install chromium
netbear-check
Installation from PyPI (pre-release validation):
python -m pip install --upgrade pip setuptools wheel
python -m pip install --index-url https://pypi.org/simple/ --extra-index-url https://pypi.org/simple/ netbear
python -m playwright install chromium
netbear-check
Quick Start
Create starter target and scope files:
netbear-init --targets targets.txt --scopes scopes.txt
Edit both files before scanning. targets.txt should contain URLs you are
authorized to test. scopes.txt should contain the domains or wildcard domains
NetBear is allowed to crawl.
Run a dry run first:
netbear-crawl --targets targets.txt --scopes scopes.txt --dry-run
Run a browser crawl without Nuclei:
netbear-crawl --targets targets.txt --scopes scopes.txt --no-nuclei
List recent crawl runs:
netbear-runs
Inspect the latest run's artifacts:
netbear-artifacts --run latest
netbear-artifacts --run latest --show summary
netbear-artifacts --run latest --show curl-summary
Preview safe replay confirmations from filtered crawl requests:
netbear-replay --run latest
netbear-replay --run latest --limit 20
Send the selected safe replay requests only when you are authorized:
netbear-replay --run latest --execute
Limit crawl size while testing:
netbear-crawl --targets targets.txt --scopes scopes.txt --max-depth 2 --max-pages 15 --delay 1.5 --no-nuclei
The netbear-api and netbear-worker commands are currently present for
compatibility, but they exit with clear messages instead of starting the
unfinished API/dashboard queue path.
CLI Commands
netbear commands
netbear help netbear-crawl
netbear-check
netbear-init --help
netbear-crawl --help
netbear-runs --help
netbear-artifacts --help
netbear-replay --help
netbear-worker --help
Common Environment Variables
NETBEAR_TARGETS_FILE: default target file for CLI crawls.NETBEAR_SCOPES_FILE: default scope file for CLI crawls.NETBEAR_MAX_DEPTH: crawl depth limit.NETBEAR_MAX_PAGES_PER_DOMAIN: page limit per domain.NETBEAR_RATE_LIMIT_SEC: delay between requests/actions.NETBEAR_REPORTS_DIR: output directory for generated reports.NETBEAR_NUCLEI_ENABLED: enable or disable Nuclei integration.NETBEAR_NUCLEI_RUN_AFTER_CRAWL: run Nuclei after crawl completion.
Outputs
NetBear writes run artifacts under the configured reports directory. Typical outputs include:
CRAWL_SUMMARY.txtreport.txt- HAR exports
- full and filtered cURL replay scripts
- captured JavaScript files
- captured JSON/XHR files
- screenshots
- backend fingerprint JSON
- JavaScript structure JSON
- optional Playwright traces
- generated fuzzing guidance
License
NetBear open-core releases are licensed under the GNU Affero General Public
License v3.0 or later (AGPL-3.0-or-later). See LICENSE for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netbear-0.1.4.tar.gz.
File metadata
- Download URL: netbear-0.1.4.tar.gz
- Upload date:
- Size: 121.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
626caa2797cd98d8b18d1a0cbda927664d18c6dbac07fab773255b51d2ba3e86
|
|
| MD5 |
3c54bb9c31f3581108273f9a5b827754
|
|
| BLAKE2b-256 |
844855c6176a5a301b2fa0f8222d389b7ea337eb3c5fb7c55fcebad0dba0b6de
|
File details
Details for the file netbear-0.1.4-py3-none-any.whl.
File metadata
- Download URL: netbear-0.1.4-py3-none-any.whl
- Upload date:
- Size: 148.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bdb0b61cef15f6689f8847576e2a2d6ffd3ca141ae76082b87515c64abaeeede
|
|
| MD5 |
f26f6fdd02331207912bcb170e9e04d5
|
|
| BLAKE2b-256 |
4bc2b057da5c316657fcc5f101973eb8110984f98cbfd1e98699e39764b6288f
|