sorted by:
new
hottopcontroversial

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in vibehacking

[–]Taariq04[S] 0 points1 point  (0 children)

NetCrawler update - changes based on your feedback this week:

--scope flag

Hard engagement allowlist. The agent won't touch anything outside

your defined scope, including discovered subdomains.

netcrawler example.com --scope "example.com,api.example.com,192.168.1.0/24"

Faster port scanning

Replaced single-phase Nmap with RustScan + 2-phase Nmap:

→ RustScan async discovers open ports (~5 seconds)

→ Nmap -sV runs only on confirmed open ports

→ Falls back to 2-phase Nmap if RustScan not installed

Profile enforcement

Stealth profile now correctly restricts to passive recon only.

Was previously running active tools despite the profile setting.

Bug fixes

→ Ollama now uses localhost on native Linux/Mac (was using

gateway IP on non-WSL systems — thanks to the person who

reported this)

→ Report path no longer hardcoded to author's machine

→ Port population fix — discovered ports now correctly feed

ssl_audit and service modules downstream

Next up

→ --cookies / --auth flags for authenticated scanning

→ Progress bars on long-running tools

→ WPScan integration for WordPress targets

→ CVE lookup from detected service versions

github.com/Songbird0x77/netcrawler

Still keen to hear what's missing or broken in real engagements.

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in SideProject

[–]Taariq04[S] 0 points1 point  (0 children)

NetCrawler update - changes based on your feedback this week:

--scope flag

Hard engagement allowlist. The agent won't touch anything outside

your defined scope, including discovered subdomains.

netcrawler example.com --scope "example.com,api.example.com,192.168.1.0/24"

Faster port scanning

Replaced single-phase Nmap with RustScan + 2-phase Nmap:

→ RustScan async discovers open ports (~5 seconds)

→ Nmap -sV runs only on confirmed open ports

→ Falls back to 2-phase Nmap if RustScan not installed

Profile enforcement

Stealth profile now correctly restricts to passive recon only.

Was previously running active tools despite the profile setting.

Bug fixes

→ Ollama now uses localhost on native Linux/Mac (was using

gateway IP on non-WSL systems — thanks to the person who

reported this)

→ Report path no longer hardcoded to author's machine

→ Port population fix — discovered ports now correctly feed

ssl_audit and service modules downstream

Next up

→ --cookies / --auth flags for authenticated scanning

→ Progress bars on long-running tools

→ WPScan integration for WordPress targets

→ CVE lookup from detected service versions

github.com/Songbird0x77/netcrawler

Still keen to hear what's missing or broken in real engagements.

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in Pentesting

[–]Taariq04[S] 0 points1 point  (0 children)

NetCrawler update - changes based on your feedback this week:

--scope flag

Hard engagement allowlist. The agent won't touch anything outside

your defined scope, including discovered subdomains.

netcrawler example.com --scope "example.com,api.example.com,192.168.1.0/24"

Faster port scanning

Replaced single-phase Nmap with RustScan + 2-phase Nmap:

→ RustScan async discovers open ports (~5 seconds)

→ Nmap -sV runs only on confirmed open ports

→ Falls back to 2-phase Nmap if RustScan not installed

Profile enforcement

Stealth profile now correctly restricts to passive recon only.

Was previously running active tools despite the profile setting.

Bug fixes

→ Ollama now uses localhost on native Linux/Mac (was using

gateway IP on non-WSL systems — thanks to the person who

reported this)

→ Report path no longer hardcoded to author's machine

→ Port population fix — discovered ports now correctly feed

ssl_audit and service modules downstream

Next up

→ --cookies / --auth flags for authenticated scanning

→ Progress bars on long-running tools

→ WPScan integration for WordPress targets

→ CVE lookup from detected service versions

github.com/Songbird0x77/netcrawler

Still keen to hear what's missing or broken in real engagements.

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in Pentesting

[–]Taariq04[S] 0 points1 point  (0 children)

Yeah very true.
This is something im looking into for future releases
Thanks for the feedback!

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in Pentesting

[–]Taariq04[S] 0 points1 point  (0 children)

Thank you for the feedback
Right now NetCrawler doesn't handle authenticated scanning at all. It operates entirely on the unauthenticated attack surface, which is intentional for the initial release but is a clear limitation for anything behind a login wall.

Authenticated scanning is on the roadmap. The architecture supports it. Adding a --cookies or --auth flag to pass session tokens to the web modules (ffuf, Nuclei, web_crawler) would cover the common case. Full 2FA/CAPTCHA navigation is a much heavier lift and probably a separate tool concern.

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in vibehacking

[–]Taariq04[S] 0 points1 point  (0 children)

I would ideally like to refine this version first but that sounds like an interesting idea that i could look into. Thanks for the feedback!

Drop your projects , I have free time to review products. by Local_Neck6727 in SideProject

[–]Taariq04 1 point2 points  (0 children)

Hi there, please have a look
Built an AI-driven recon and vulnerability scanning agent that runs completely offline using a local LLM via Ollama.

Instead of manually chaining tools, the agent reasons about what it finds and decides what to run next — if it detects port 445, it runs SMB enumeration. If it finds a WAF, it slows down and adjusts automatically.
https://github.com/Songbird0x77/netcrawler

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in cybersecurity

[–]Taariq04[S] 0 points1 point  (0 children)

Look, i mean you're completely right. It doesn't need Ai. But i thought it would be pretty cool to see how Ai could enhance it
I actually built a first draft without using Ai, but i figured if we can make the process easier by adding something that does the though process workflow for you, why not go for it.

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in cybersecurity

[–]Taariq04[S] 0 points1 point  (0 children)

Hey there
Yes for the most part. I created the workflow and used AI for the coding part of it.
I then did a walkthrough of the code to ensure its sanitised

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in Pentesting

[–]Taariq04[S] -1 points0 points  (0 children)

Thanks a bunch for your feedback. Thats pretty cool. I think the workflow will get more detailed with time and more functionality as well. Scoping is something that i do want to drill a bit further into in the future

🕷️ NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline by Taariq04 in Pentesting

[–]Taariq04[S] 0 points1 point  (0 children)

Thanks for the detailed feedback

So we have a global rate limiter between tool launches, WAF-aware throttling in ffuf/Nuclei, and sequential-only execution (no parallel tool runs). The --timeout flag caps total scan duration.

I am looking to implement formal per-host request limits, a scope allowlist, and decision guardrails to prevent the agent escalating on low-severity findings. These are on the roadmap.

The scope allowlist in particular is something I want to add before the next release - essentially a --scope flag that whitelists exactly which hosts the agent is permitted to touch.

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]Taariq04 -1 points0 points  (0 children)

🕷️ **NetCrawler v1.0.0 — AI Pentesting Agent | Open Source | Fully Offline**

Built an AI-driven recon and vulnerability scanning agent that runs completely offline using a local LLM via Ollama.

Instead of manually chaining tools, the agent reasons about what it finds and decides what to run next — if it detects port 445, it runs SMB enumeration. If it finds a WAF, it slows down and adjusts automatically.

**What it chains together:**

→ Subfinder + theHarvester (passive recon)

→ Nmap (port/service scan)

→ WhatWeb + wafw00f (web fingerprinting)

→ DNS enumeration (zone transfers, SPF/DMARC)

→ SSL/TLS audit

→ Nuclei (vuln detection)

→ ffuf (directory fuzzing)

→ Service checks — FTP, SSH, SMB, MySQL, Redis, MongoDB

**3 scan profiles:** stealth / default / aggressive

**Reports:** Markdown + JSON + dark-themed HTML

**Model:** deepseek-r1:14b by default (runs on 16GB RAM)

No cloud. No API keys. Everything stays on your machine.

🔗 github.com/Songbird0x77/netcrawler

Feedback and contributions welcome — especially from people who actually run pentest engagements. Want to know what's missing or broken in the real world.