The Third Eye of Security
AI-assisted security orchestration that finds vulnerabilities, validates them with AI,
maps to compliance, and generates reports — all in one automated workflow.
Quick Start · Why NETRA · Features · Architecture · Contributing
Security teams waste hours running disconnected tools, manually correlating outputs, and writing reports. NETRA replaces that entire workflow with a single command.
NETRA orchestrates 18 security tools, validates findings with a 4-persona AI engine, maps everything to compliance frameworks, and generates 13 report formats — from executive summaries to technical deep-dives.
One scan → Complete assessment → Audit-ready reports
# Run 18 different tools manually
subfinder -d target.com > subs.txt
amass enum -d target.com >> subs.txt
httpx -l subs.txt > live.txt
nmap -iL live.txt -oN scan.xml
nuclei -l live.txt -o vulns.txt
sqlmap -m live.txt --batch
nikto -h target.com
# ... and 11 more tools
# Then spend hours:
# ❌ Correlating outputs across tools
# ❌ Removing false positives manually
# ❌ Mapping findings to compliance
# ❌ Writing reports from scratchTotal time: 8-10 hours
# One command
netra scan --target target.com --profile standard
# Get everything:
# ✅ All 18 tools orchestrated automatically
# ✅ AI validates findings (60% fewer false positives)
# ✅ Auto-mapped to 6 compliance frameworks
# ✅ 13 report formats ready in minutesTotal time: 2-3 hours (mostly automated)
# One-command install (recommended)
bash <(curl -s https://raw.githubusercontent.com/yashwarrdhangautam/netra/main/install.sh)
# Or use Docker
git clone https://github.com/yashwarrdhangautam/netra.git && cd netra
cp .env.example .env
docker compose up -d# Quick scan (30 min)
netra scan --target scanme.nmap.org --profile quick
# Full VAPT (2-3 hrs)
netra scan --target example.com --profile standard
# View findings
netra findings --scan-id <id> --severity critical
# Generate report
netra report --scan-id <id> --type executiveNETRA runs these tools in an intelligent 6-phase pipeline:
| Phase | Tools | What It Does |
|---|---|---|
| Recon | subfinder, amass | Discovers subdomains and attack surface |
| Probing | httpx, shodan | Identifies live hosts and services |
| Scanning | nmap, nuclei, nikto | Port scans and vulnerability detection |
| Active Testing | sqlmap, dalfox, ffuf, wpscan | SQL injection, XSS, fuzzing, WordPress |
| Code & Cloud | semgrep, gitleaks, trivy, prowler, checkov | SAST, secrets, containers, CSPM |
| AI/LLM | llm_security | OWASP LLM Top 10 testing |
NETRA's 4-persona AI engine doesn't just summarize — it validates:
| Persona | What It Does |
|---|---|
| Attacker | "Can this be exploited? What's the attack path?" |
| Defender | "How do we fix this? What's the effort?" |
| Analyst | "Which compliance controls does this impact?" |
| Skeptic | "Is this a false positive? Show me evidence." |
Result: 3 out of 4 personas must agree for a finding to be confirmed. This reduces false positives by ~60%.
Every finding automatically maps to:
- CIS Benchmarks (150+ controls)
- NIST CSF (85+ subcategories)
- PCI-DSS v4.0 (100+ requirements)
- HIPAA (20+ safeguards)
- SOC2 Type II (60+ criteria)
- ISO 27001 (93+ controls)
Plus 101 CWE mappings for developers.
13 formats so you're never stuck writing reports from scratch:
| Format | Who It's For |
|---|---|
| Executive PDF | Leadership (risk gauge, business impact) |
| Technical PDF | Engineering teams (CVSS, CWE, remediation) |
| Interactive HTML | Developers (searchable, filterable) |
| Word/Excel | Customization and tracking |
| SARIF | GitHub Security tab integration |
| Evidence ZIP | Auditors (raw outputs + chain of custody) |
| Compliance PDF | Compliance teams (framework status) |
| Delta Report | Progress tracking (before/after) |
| Metric | NETRA | Industry Average |
|---|---|---|
| Detection Rate | 91% | 65% |
| False Positives | 8% | 35% |
| Scan Time | 2h 15min | 3h 40min |
| Scan Type | NETRA | Competitor A | Competitor B |
|---|---|---|---|
| Quick | 28 min | 35 min | 42 min |
| Standard | 2h 15min | 3h 40min | 4h 10min |
| Deep | 4h 30min | 7h 15min | 8h 00min |
┌─────────────────────────────────────────────────────────┐
│ NETRA Platform │
├─────────────────────────────────────────────────────────┤
│ CLI │ Dashboard │ REST API │ MCP (Claude) │
│ └────────────────────┬───────────────────────────────┘ │
│ │ │
│ ┌────────▼────────┐ │
│ │ Orchestrator │ │
│ │ (Celery+Redis) │ │
│ └────────┬────────┘ │
│ │ │
│ ┌──────────────┼──────────────┐ │
│ │ │ │ │
│ ┌────▼────┐ ┌─────▼─────┐ ┌────▼────┐ │
│ │Scanners │ │ AI Brain │ │Compliance│ │
│ │ (18) │ │(4-Persona)│ │ Mapper │ │
│ └─────────┘ └───────────┘ └─────────┘ │
│ │ │
│ ┌─────────▼────────┐ │
│ │ PostgreSQL │ │
│ │ (SQLAlchemy 2) │ │
│ └──────────────────┘ │
└─────────────────────────────────────────────────────────┘
- Backend: Python 3.12, FastAPI, SQLAlchemy 2.0, Pydantic 2
- Frontend: React 18, TypeScript, Tailwind CSS, shadcn/ui
- Queue: Celery 5.3 + Redis 7
- Database: PostgreSQL 16 / SQLite
- AI: Anthropic Claude / Ollama (local LLMs)
- Deploy: Docker Compose, multi-stage builds
Choose the right depth for your needs:
| Profile | Time | Best For |
|---|---|---|
quick |
30 min | Pre-deployment checks |
standard |
2-3 hrs | Full VAPT assessments |
deep |
4-6 hrs | Comprehensive audits |
cloud |
3-4 hrs | AWS/Azure/GCP security |
api_only |
1-2 hrs | API endpoint testing |
container |
1-2 hrs | Container/IaC scanning |
ai_llm |
1-2 hrs | LLM security testing |
# Run standard VAPT
netra scan --target target.com --profile standard
# Review critical findings
netra findings --scan-id <id> --severity critical
# Generate client-ready report
netra report --scan-id <id> --type pentest --output ./deliverables# .github/workflows/security.yml
name: Security Scan
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: pip install netra
- run: netra scan --target ${{ github.repository }} --profile quick
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif# AWS security posture assessment
netra scan --target aws --profile cloud \
--aws-profile production \
--regions us-east-1 us-west-2
# View CIS benchmark compliance
netra compliance --framework cis-aws --scan-id <id>- Security consultants delivering client penetration tests
- AppSec teams managing application security programs
- DevSecOps engineers integrating security into CI/CD
- Compliance teams preparing for SOC2, PCI-DSS, HIPAA audits
- MSSPs providing security assessments as a service
| Guide | Link |
|---|---|
| Installation | docs/installation.md |
| Configuration | docs/configuration.md |
| Scan Profiles | docs/profiles.md |
| API Reference | docs/api.md |
| Benchmarks | docs/BENCHMARKS.md |
| Use Cases | docs/USE_CASES.md |
| FAQ | docs/FAQ.md |
| What NETRA Doesn't Do | Alternative |
|---|---|
| Windows native install | Use Docker |
| Mobile app binary scanning | Test backend APIs only |
| Binary exploitation | Manual testing required |
| Social engineering | Out of scope |
| Physical security testing | Out of scope |
NETRA is open-source. Contributions welcome.
git clone https://github.com/yashwarrdhangautam/netra.git
cd netra
poetry install
pytest # Run tests
ruff check src/ # Lint
mypy src/ # Type checkSee CONTRIBUTING.md for guidelines.
Found a vulnerability in NETRA? Report it privately via GitHub Security Advisories. Do not open public issues.
NETRA is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
Built by Yash Wardhan Gautam
Securing the digital world, one scan at a time.