Back to HomeNetwork Diagnostics Platform

NetDoctor

Deterministic, offline-first network diagnostics for Cisco environments - 27 parsers, 120+ checks, 689 tests, 100% offline.

View Live Demo

14 technologies

28 features

About this project

NetDoctor ingests switch and firewall configurations, detects rogue devices via MAC intelligence, runs deterministic rules and step-by-step playbooks - producing findings with cited evidence. Fully offline, read-only, zero trust in AI.

No arbitrary CLI

Devices are queried only through a fixed catalog of safe, read-only intents. No user-typed command strings ever reach the wire.

Evidence-first

Every finding carries provenance: which artifact, which line, which parsed field, which baseline value. No finding without evidence.

Offline core

The full diagnostic engine runs from uploaded files - no internet, no AI required. AI is an explanation layer, never truth.

Deterministic

Same inputs, same outputs. Rules operate on normalized snapshots and derived facts, not on raw text grep.

Security model

Designed against the things that actually break networks. A single typo in configuration mode can take an enterprise offline. That's why the tool has no configuration mode.

How it works

Five stages, deterministic, evidenced. Ingest, parse, normalize, evaluate, present. Each artifact runs through its dedicated parser. Outputs are dataclasses with explicit fields - never raw strings.

Key features

Ingest & collection

Upload configs, show outputs and zipped bundles via drag-and-drop or paste
Filename detection, content sniffing and gzip storage keep artifacts traceable
Read-only SSH via Scrapli async with parallel collection: baseline, topology, full and troubleshoot profiles
Per-device locks, per-site concurrency caps, per-command retries
WebSocket-streamed SSH output with real-time per-device status and per-command progress

Parsing & analysis

27 structured Cisco IOS/IOS-XE parsers: config, inventory, VLANs, trunks, interfaces, CDP, LLDP, STP, routes, MAC, ARP, PoE, environment and SNMP
Canonical JSON snapshot separating configured vs observed state with consistency flags
Derived facts: role, uplink, stack, gateway and redundancy computed once for all rules
6-layer baseline merge: built-in, global, environment, site, role and device with per-rule overrides

MAC & playbooks

Offline IEEE OUI database, vendor classification and MAC observation tracking
MAC flap detection and rogue device analysis - baseline-driven, not vendor-name-only
8 step-by-step diagnostic playbooks with 69 individual checks
Covers port issues, VLAN, STP, EtherChannel, PoE and AP verification

Topology & UI

Site topology from CDP/LLDP: role-based hierarchy, port-channels, clusters and endpoint classification
Per-device dashboard: summary, findings, interfaces, VLANs, neighbors and raw artifacts
Cross-device findings deduplication with severity and critical-path views
Browse and edit baseline policy in the UI, previewing which layer wins
Sites auto-positioned on a world map from hostname conventions and offline city coordinates

Security & auth

No arbitrary CLI - devices queried only through a fixed catalog of safe, read-only intents
Cisco-aware redactor strips enable secrets, SNMP communities, TACACS keys, PSKs before any export
SSH credentials encrypted at rest with AES-256-GCM, PBKDF2-SHA256 (100k iterations)
JWT auth with 4 scoped roles and per-user granular permission overrides (7 permissions)
Brute-force lockout (5 attempts / 5 min - 15-min lock) with forensic fingerprinting

Operations & admin

7-tab admin dashboard: system health, RBAC, credential vault, backup scheduler, security audit
Cron-based automated SSH collection with hierarchical targeting and 7 presets plus custom cron
Scheduled PostgreSQL backups with gzip compression, configurable retention and one-click manual backup
Full audit trail (who/when/what/where) in PostgreSQL
CSV and JSON exports with Cisco-aware secret redaction

NetDoctor - Network Topology view with device graph, neighbor details, and site-level stats