Welcome to the complete NetBear documentation! This index will help you navigate all available resources.
- QUICKSTART.md - Get scanning in 5 minutes
- Installation steps
- Your first scan workflow
- Common workflows (API testing, authenticated, browser capture)
- Understanding results
- Troubleshooting common issues
- COMPLETE_GUIDE.md - Comprehensive user guide (25+ pages)
- Full architecture overview
- Detailed getting started
- Output & reports reference
- Customization fundamentals
- Advanced features
- Performance tips
- Security notes
-
CUSTOMIZATION.md - Deep customization guide
- Crawl parameter tuning
- Nuclei template creation (with examples)
- Endpoint extraction tuning
- Performance optimization
- Authentication setup
- Real-world scenarios & examples
-
TEMPLATES_GUIDE.md - Complete Nuclei template documentation
- What "-direct" templates mean
- Understanding matcher logic (DSL, word, regex, status)
- Deep dive into each template (API Exposure, Auth Bypass, IDOR)
- Creating custom templates (step-by-step)
- Advanced techniques & patterns
- Debugging templates
- Integration with Burp Suite
-
config.py - Central configuration file with inline comments
- General settings (timeout, retry, proxy)
- Netbear crawling parameters (depth, rate limit)
- Nuclei integration settings (timeout, templates, severity)
- NextCloud testing configuration
- Reporting formats
-
nuclei_handler.py - Nuclei scanning orchestration
- Key method:
run_nuclei()- Execute vulnerability scans with detailed comments - Method:
load_targets()- Load and filter targets - Method:
parse_nuclei_output()- Parse results
- Key method:
-
endpoint_extractor.py - API endpoint discovery
- Class-level documentation explaining all extraction sources
- Method:
normalize_endpoints()- With filtering customization guide - Method:
extract_from_js_files()- JS pattern extraction - CUSTOMIZATION comments for adding/removing noise patterns
-
netbear_crawler.py - Main crawler engine
- Function:
load_scopes()- Scope validation setup - Complete module documentation for customization
- Function:
- Previous Implementation Docs (context for fixes applied)
- NUCLEI_FIX_SUMMARY.md - All bugs fixed and solutions applied
- NUCLEI_TEMPLATE_IMPROVEMENTS.md - Template evolution details
- NUCLEI_IMPROVEMENTS_QUICKSTART.md - Quick reference for improvements
- Read: QUICKSTART.md
- Run:
python netbear_crawler.py - Find results in:
reports/run_*/nuclei_output_*/nuclei_results.txt
- Start: COMPLETE_GUIDE.md - Read "Architecture" section
- Review: TEMPLATES_GUIDE.md - Understand matcher logic
- Explore: endpoint_extractor.py - See extraction logic
- Test: Run a scan and review results
- Read: CUSTOMIZATION.md - Pick your scenario
- Edit: config.py - Update settings with clear comments
- Modify: endpoint_extractor.py - Adjust filtering
- Create: Custom YAML templates following TEMPLATES_GUIDE.md
- Test: Run on a test target
- Reference: TEMPLATES_GUIDE.md - Full template guide
- Examples: See all matcher types and patterns
- Copy: Start from existing netbear-*-direct.yaml template
- Test: Use
nuclei -u URL -t template.yaml -v - Register: Add to NUCLEI_TEMPLATES in config.py
- Check: QUICKSTART.md - Troubleshooting section
- Review: COMPLETE_GUIDE.md - Troubleshooting section
- Debug: Run with
-vverbose flag:python netbear_crawler.py - Logs: Check
reports/run_*/nuclei_output_*/nuclei_*.log - Verify: Use
nuclei -validate -t template.yamlfor template errors
- Reference: CUSTOMIZATION.md
- Option A: Use browser HAR capture
- Option B: Use
authenticated_endpoint_crawler.py - Option C: Set credentials in config.py
NETBEAR/
├── QUICKSTART.md ← START HERE for fast setup
├── COMPLETE_GUIDE.md ← Full documentation
├── CUSTOMIZATION.md ← Advanced customization
├── TEMPLATES_GUIDE.md ← Nuclei template reference
├── config.py ← Configuration (with comments)
├── nuclei_handler.py ← Nuclei orchestration (with comments)
├── endpoint_extractor.py ← Endpoint discovery (with comments)
└── netbear_crawler.py ← Main crawler (with comments)
NETBEAR/
├── netbear-api-exposure-direct.yaml ← API key/secret detection
├── netbear-auth-bypass-direct.yaml ← Auth bypass detection
├── netbear-idor-direct.yaml ← IDOR vulnerability detection
└── [your-custom].yaml ← Your custom templates
NETBEAR/
├── authenticated_endpoint_crawler.py ← Test authenticated areas
├── har_endpoint_extractor.py ← Extract from browser HAR files
├── main.py ← Interactive CLI
├── run_nuclei_on_crawl.sh ← Re-run Nuclei on existing crawls
└── nuclei_workflow.sh ← Complete automation wrapper
NETBEAR/
├── targets.txt ← List of URLs to test (one per line)
├── scopes.txt ← Allowed domains (one per line)
└── proxies.txt ← Proxy servers (one per line, optional)
NETBEAR/reports/
└── run_TIMESTAMP/
├── domain_com/
│ ├── report.txt ← Crawl summary
│ ├── nuclei_targets.txt ← Extracted endpoints
│ ├── nuclei_targets_clean.txt ← Filtered endpoints
│ ├── js_structures.json ← API/auth patterns
│ ├── res_*-CRITICAL.js ← High-priority JS files
│ └── res_*-HIGH_INTEREST.js ← Interesting JS findings
├── nuclei_output_TIMESTAMP/
│ ├── nuclei_results.txt ← Vulnerability findings
│ ├── nuclei_results.json ← JSON format findings
│ └── nuclei_*.log ← Debug logs
└── exports/
├── domain.har ← Burp Suite import
├── domain_requests.curl ← cURL commands
└── domain.json ← Raw API calls
- What it does: Crawls websites with Playwright, extracts links/forms/JS
- Configuration: See COMPLETE_GUIDE.md
- Customization: See CUSTOMIZATION.md
- How it works: COMPLETE_GUIDE.md
- What it does: Extracts API endpoints, auth functions, XSS sinks from JS
- Used by: endpoint_extractor.py, crawler outputs
- Reference: See method comments in source file
- What it does: Aggressive extraction from crawl data with noise filtering
- Customization: CUSTOMIZATION.md
- How to modify: Check
normalize_endpoints()method for exclusion patterns - Performance: Processes first 20 largest JS files only
- What it does: Runs Nuclei vulnerability scanner on extracted endpoints
- Configuration: config.py - NUCLEI_* settings
- Templates: All 3 templates documented in TEMPLATES_GUIDE.md
- Troubleshooting: COMPLETE_GUIDE.md
- What it does: Export results as HAR, cURL, JSON
- Formats: HAR (Burp), cURL (replay), JSON (automation)
- Location: reports/run_*/exports/
- What it does: Handle login flows for authenticated testing
- Setup: CUSTOMIZATION.md
- Alternative: HAR extraction for browser-captured traffic
- What it does: Parameter fuzzing and testing
- Advanced feature: See command examples in COMPLETE_GUIDE.md
- What it does: Specialized NextCloud security testing
- Configuration: config.py - NEXTCLOUD_* settings
- Quick start: See COMPLETE_GUIDE.md
| Setting | File | Purpose | Default | When to Change |
|---|---|---|---|---|
NETBEAR_MAX_DEPTH |
config.py | How deep to crawl (1-3) | 2 | Fast (1) vs Thorough (3) |
NUCLEI_ENABLED |
config.py | Enable Nuclei scanning | True | Crawl-only mode (False) |
NUCLEI_TIMEOUT |
config.py | Scan timeout (seconds) | 1800 | 100+ targets (3600) |
NUCLEI_TEMPLATES |
config.py | Which templates to use | 3 direct | Add custom templates |
SCOPES_FILE |
netbear_crawler.py | Allowed domains file | "scopes.txt" | Change filename |
| Setting | Fast | Balanced | Thorough |
|---|---|---|---|
| NETBEAR_MAX_DEPTH | 1 | 2 | 3 |
| NETBEAR_MAX_PAGES | 5 | 15 | 30 |
| NETBEAR_RATE_LIMIT | 0.5s | 1.5s | 3.0s |
| NUCLEI_TIMEOUT | 300s | 1800s | 3600s |
| Time to complete | 5-10m | 15-30m | 45-90m |
See: CUSTOMIZATION.md
python netbear_crawler.py# Edit config.py first, then:
NETBEAR_MAX_DEPTH=2 NUCLEI_TIMEOUT=3600 python netbear_crawler.pypython har_endpoint_extractor.py --har-file traffic.har --output-txt targets.txt
nuclei -l targets.txt -t netbear-*-direct.yamlpython authenticated_endpoint_crawler.py \
--url https://app.example.com \
--username user@example.com \
--password password123./run_nuclei_on_crawl.sh reports/run_20260208_050101/example_com example.com critical,highpython main.pynuclei -u https://api.example.com -t my-custom.yaml -v- Always use
scopes.txtto prevent out-of-scope scanning - Increase rate limit (2-5s) for stealth
- Get written permission before testing
- Store results securely (may contain sensitive data)
- First scan: 15-30 minutes for complete coverage
- Subsequent scans: Use authenticated/HAR extraction for speed
- Large targets (100+ endpoints): Increase NUCLEI_TIMEOUT to 3600s
- Parallel scans: Use background mode for multiple domains
- Start with QUICKSTART.md
- Test on your own app first
- Review results in nuclei_results.txt
- Gradually customize templates for your targets
- Re-run regularly as targets change
- Quick answers: Check relevant section in QUICKSTART.md
- Detailed info: See COMPLETE_GUIDE.md
- Customization: Read CUSTOMIZATION.md + inline code comments
- Templates: Review TEMPLATES_GUIDE.md
- Debugging: Run with
-vflag and check logs inreports/run_*/nuclei_output_*/
This documentation index is current as of the latest version. All files have inline comments for customization guidance:
- ✅ config.py - Detailed setting explanations
- ✅ nuclei_handler.py - Method documentation with customization tips
- ✅ endpoint_extractor.py - Class documentation + customization guide
- ✅ netbear_crawler.py - Module-level documentation for customization
Each Python file includes docstrings explaining what to customize and why.
Last Updated: 2025 For the latest updates and examples, refer to the inline comments in each file.
Happy hunting! 🎯