NETRA v2 - AI-Native Asset Discovery Engine

Status: v2.2 (Newspaper Edition 📰) Stack: Python 3.10, FastAPI (Serving Static HTML + Alpine.js), Neo4j, Redis Streams, MinIO, Docker Compose

NETRA is an Applied ML Systems research platform designed to demonstrate advanced concepts in distributed cybersecurity. It continuously discovers assets, maps them in a Knowledge Graph, and uses machine learning to predict risks.

Features

• Cyber-AI Neural Terminal: Sarcastic, intelligent commentary on security findings using NLP.
• Zombie API Detection: Hybrid Ruby/Python engine to detect Shadow APIs using TinyLLM.
• Dynamic Knowledge Graph: Real-time asset visualization with Neo4j.
• Automated Recon: Full-stack scanning (Ports, Subdomains, Cloud Buckets).
• Data Lake Architecture: MinIO integration for long-term data storage.
• Modern UI: "Newspaper" style dashboard with D3.js visualizations.

• Distributed Architecture: Fully event-driven pipeline using Redis Streams to decouple Ingestion (I/O) from Analysis (CPU).

---

What is Cooking Now? 🍳 (v2.2 Update)

The kitchen is busy! We are currently baking Phase 3 & 4 (Intelligence Layers) into the core platform:

• Sprint 3: The Guard (Rust) 🦀: LogCruncher is now live! A high-performance Rust binary that detects SQLi/XSS in server logs with zero-copy parsing.
• Sprint 2: The Scout (Go) 🐹: Integrated TurboScan, a headless Chrome crawler written in Go for lightning-fast SPA analysis.
• Neural Grid V2: The Knowledge Graph is now fully interactive (D3.js + Neo4j) with "Shadow Link" prediction and manual asset tagging.
• ML Risk Scoring: A Random Forest model now automatically assigns risk scores to assets based on open ports and vulnerability density.
• Coming Next: Phase 4 (Software 2.0) — Replacing regex-based API detection with LLM-powered "Zombie API" hunters.

---

Architecture: "The ML Systems Approach"

Netra v2 departs from the monolithic scanner model to a distributed, event-driven architecture optimized for High-Throughput I/O and CPU-bound Inference.

graph TD
    User([User]) -->|HTTP| UI[React UI]
    User -->|HTTP| API[FastAPI Gateway]
    
    API -->|Push Event| Redis{Redis Stream: netra:events}
    
    subgraph "Workload Isolation"
        WorkerIO["Worker Ingest (I/O Bound)"]
        WorkerML["Worker ML (CPU Bound)"]
    end
    
    Redis -->|Consume| WorkerIO
    WorkerIO -->|Raw Data| RedisRaw{Redis Stream: netra:raw}
    RedisRaw -->|Consume| WorkerML
    
    WorkerIO -->|Legacy Scans| Ruby[Ruby Bridge]
    
    WorkerML -->|Update| Graph[(Neo4j Graph)]
    WorkerML -->|Store Artifacts| S3[(MinIO Object Store)]

Loading

Key Components

1. UI/API: FastAPI serving static HTML/JS dashboard on Port 8000.
2. The "Bus": Redis Streams for strictly ordered event processing.
3. Ingestion Worker: Lightweight, I/O-bound process for DNS resolution and Port Scanning. Includes a Ruby Bridge to execute legacy scripts.
4. ML Worker: Resource-intensive process for False Positive reduction and future model inference.
5. Knowledge Graph: Neo4j stores the "World State" (e.g., Domain -> RESOLVES_TO -> IP).

---

Quick Start (Docker)

Netra v2 is designed to run locally with a single command.

Prerequisites

• Docker & Docker Compose

Setup

1. Clone & Start:

   git clone https://github.com/PoojasPatel013/Netra.git
   cd Netra
   # IMPORTANT: Use --build to ensure all UI changes are baked in
   docker compose up --build -d

2. Access the Platform:

   Service	URL
   Netra UI	http://localhost:8000
   Redis Commander	http://localhost:8081
   Neo4j	http://localhost:7474
   MinIO	http://localhost:9001

Platform Screenshots

Yet to be added...

Development Workflow

1. Trigger a Scan

Use the UI "Newspaper" Dashboard or API to push a target.

curl -X POST http://localhost:8000/api/scan \
  -H "Content-Type: application/json" \
  -d '{"target": "example.com", "options": {"Cloud": true}}'

2. Watch it Flow

Open Redis Commander (http://localhost:8081).

1. See event appear in netra:events:ingest.
2. Watch netra-ingest worker consume it.
3. See result appear in netra:data:raw.
4. Watch netra-ml worker process it.

3. Verify Graph

Open Neo4j (http://localhost:7474) and run:

MATCH (n) RETURN n

You should see nodes for the Domain and its resolved IPs.

---

Directory Structure

Vortex/
├── .github/            # Workflows & Labeler Config
├── deploy/             # Infrastructure scripts
├── netra/
│   ├── api/            # FastAPI Application
│   ├── core/           # Worker Logic
│   │   ├── discovery/  # DNS, Port Scanners
│   │   ├── analysis/   # Ruby Bridge, ML Models
│   │   └── orchestration/ # Redis Messaging
│   ├── ui/             # React Frontend (Newspaper Theme)
│   └── workers/        # Worker Entrypoints
├── docker-compose.yml  # Main Orchestration File
└── README.md

🤝 Community & Support

We want to build a robust security platform, and we welcome your input!

• Discussions: Have a question or idea? Join the GitHub Discussions.
• Wiki: Check out our Wiki for detailed architectural docs and guides.
• Issues: Found a bug? Open an Issue!

👩‍💻 Contributing

Netra is Open Source!

We follow an Open Core model:

• Netra Core: Apache 2.0 License.
• Netra Boundaries: Proprietary modules (Advanced ML, SSO, Reporting) will be closed-source extensions.

We actively encourage contributions to the Core engine!

1. Bug Reports: Found a vulnerability in the scanner? Fix it!
2. New Scanners: Add Python/Ruby modules for new CVEs.
3. Docs: Improve the Wiki.

Please read our CONTRIBUTING.md for our Code of Conduct.

📜 License

Open Source (Apache 2.0)

The Core Engine is free to use and modify under the Apache 2.0 License. See LICENSE.md.

Proprietary Boundaries will be licensed separately.

Copyright © 2026 Netra.