Small tools. Real automation. AI-assisted.
๐ Live: https://netdevops-tools.thebackroom.ai
๐ง Pricing & Updates: https://netdevops.thebackroom.ai/
A micro-SaaS backend + Web UI for generating secure Cisco IOS / IOS XE configurations, performing security analysis (CVE awareness), and network calculations.
This project is built publicly as an engineering-focused product prototype, with emphasis on:
- secure-by-default configuration patterns,
- repeatability via profiles,
- clean API design (FastAPI),
- and gradual evolution toward a SaaS-style architecture.
โ ๏ธ Disclaimer
CVE data included in this project is demo / curated only and must not be treated as a production security authority. Always consult official Cisco advisories for real-world decisions.
As network engineers, we often:
- copy-paste configuration snippets from old devices,
- re-type the same secure baselines again and again,
- rely on ad-hoc scripts with no UI or consistency,
- lack quick visibility into โis this IOS XE version already known-bad?โ
NetDevOps Micro-Tools aims to solve this by providing:
- opinionated but configurable secure defaults,
- reusable device profiles,
- a simple Web UI on top of a versioned API,
- and a clear path toward automation or SaaS deployment.
- Secure defaults, balanced and legacy-compatible modes
- SHA / AES-based configuration
- CLI or one-line output formats
- Primary and secondary servers
- Optional authentication
- Timezone configuration
- TACACS+ with local fallback
- Local-only mode
- Optional source-interface support
- Combine SNMPv3 / NTP / AAA snippets
- Modular baseline sections (Banner, Logging, Security)
- Custom banner text support
- Designed to evolve into compliance / drift detection workflows
- TCP/UDP throughput tests
- Link speeds: 100M / 1G / 10G
- Directions: upload / download / bidirectional
- Multi-platform output: Commands / Bash / PowerShell / Python
- Hints panel with quick reference
- Subnet info (network, broadcast, host range)
- Subnet splitting and supernetting
- CIDR โ Netmask conversion
- Full CIDR reference table (/8 to /32)
- Tunnel overhead calculation
- Supports: GRE, IPSec, VXLAN, MPLS, LISP, GRE over IPSec
- TCP MSS recommendations
- Cisco config suggestions
- Convert timestamps across 12 common timezones
- NATO DTG format (military date-time groups)
- Date picker UI for easy selection
- Batch conversion support
- Parse
show running-configto structured JSON - Extracts: hostname, interfaces, SNMP, NTP, AAA, users, banners
- Summary mode for quick stats
Terminal interface for power users:
pip install click requests
python cli.py snmpv3 --host 10.0.0.1 --user monitoring
python cli.py subnet info 192.168.1.0/24
python cli.py cve --platform "Cisco IOS XE" --version 17.3.1A lightweight CVE awareness engine focused on Cisco platforms with NVD enrichment.
Capabilities:
- Platform + software version matching
- Severity classification (critical / high / medium / low)
- Upgrade recommendations based on known fixed versions
- Security Score (0-100) per device profile
- Export security reports (PDF, JSON, Markdown)
- Real-time NVD API enrichment
Key features:
- Profiles ร CVE โ batch vulnerability checking across all device profiles
- Security Score โ numeric assessment with CVE breakdown and modifiers
- Multi-format Export โ PDF, JSON, and Markdown reports
- File-based cache โ NVD responses cached for 24h (eliminates rate limiting)
The killer feature โ zero competition in this space.
When a critical CVE drops, you need actionable commands NOW, not 10-page advisories.
19 CVEs in database covering:
- Cisco IOS-XE (including CVE-2023-20198, CVSS 10.0)
- ASA/FTD firewalls
- Nexus switches
- WLC controllers
- Small business routers (RV series)
- UCS/IMC servers
For each CVE you get:
- Risk summary (1 sentence)
- Attack vector explanation
- Workaround steps with copy-paste commands
- Detection commands
- Verification commands
- Links to Cisco PSIRT advisories
API Endpoints:
GET /mitigate/cve/{id} # Get mitigation for specific CVE
GET /mitigate/list # List all CVEs with mitigations
GET /mitigate/critical # Critical CVEs only
GET /mitigate/tag/{tag} # Filter by platform tag
โน๏ธ "From CVE to config in 30 seconds" โ built for emergency response scenarios.
Profiles allow you to capture, reuse and reapply configuration intent.
A profile is a named snapshot of:
- SNMPv3 configuration
- NTP configuration
- AAA / TACACS+ configuration
- Save current form values as a profile
- List available profiles
- Load a profile into the Web UI
- Delete profiles you no longer need
GET /profiles/list
GET /profiles/load/{name}
POST /profiles/save
DELETE /profiles/delete/{name}
GET /profiles/vulnerabilities # NEW in v0.3.5
Check all profiles for known vulnerabilities in one call:
curl http://localhost:8000/profiles/vulnerabilitiesResponse includes:
- Per-profile vulnerability status (critical/high/medium/low/clean/unknown)
- CVE count and max CVSS score per profile
- Summary counts across all profiles
Profiles are stored on disk and can be persisted via Docker volumes.
The Web UI provides a clean, modern interface for daily use.
Highlights:
- Grouped Sidebar โ tools organized by category (Config / Security / Network / Profiles)
- Collapsible Navigation โ expand/collapse groups with smooth animations
- Quick Access โ recent tools history (last 3 used)
- Home Page โ landing with all tools as cards
- Dark/Light Mode โ full theme support with persistence
- Category Colors โ visual distinction (blue/red/green/purple)
- CVE Mitigation Advisor with actionable commands
- Profiles management UI (Profiles v2)
- Copy & download buttons for all outputs
- Persistent form state using
localStorage
netdevops-micro-tools/
โโโ api/
โ โโโ main.py # FastAPI app, CORS, routers
โ โโโ routers/
โ โโโ snmpv3.py # POST /generate/snmpv3
โ โโโ ntp.py # POST /generate/ntp
โ โโโ aaa.py # POST /generate/aaa
โ โโโ golden_config.py # POST /generate/golden-config
โ โโโ cve.py # POST /analyze/cve, GET /analyze/cve/{id}
โ โโโ mitigation.py # /mitigate/* endpoints (CVE Mitigation Advisor)
โ โโโ timezone.py # /timezone/* endpoints
โ โโโ profiles.py # /profiles/* endpoints
โโโ services/ # Business logic layer
โ โโโ cve_engine.py # CVE matching engine
โ โโโ cve_sources.py # Providers (Local, NVD, Cisco, Tenable)
โ โโโ http_client.py # HTTP client + error classes
โ โโโ profile_service.py # Profile CRUD
โโโ models/ # Pydantic v2 models
โ โโโ cve_model.py
โ โโโ profile_model.py
โ โโโ meta.py
โโโ cache/
โ โโโ nvd/ # NVD API response cache (24h TTL)
โโโ cve_data/
โ โโโ ios_xe/ # Local CVE database (JSON)
โโโ profiles/ # Saved device profiles
โโโ web/
โ โโโ index.html # SPA entry
โ โโโ app.js # Frontend logic
โ โโโ style.css
โโโ Dockerfile
โโโ .gitignore
โโโ README.md
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
uvicorn api.main:app --reloadSwagger UI:
http://127.0.0.1:8000/docs
docker build -t netdevops-micro-tools .docker run --rm -p 8000:8000 netdevops-micro-toolsdocker run --rm -p 8000:8000 \
-v "$(pwd)/profiles:/app/profiles" \
netdevops-micro-toolsThis ensures that profiles created via /profiles/save
are persisted across container restarts.
- CVE entries are demo-only
- Intended to showcase:
- matching logic
- severity aggregation
- UI presentation
- This tool must not be used as a replacement for official Cisco advisories
v0.5.1 (current): โ LIVE
- 14 production modules (generators, analyzers, calculators)
- CVE Mitigation Advisor โ 19 CVEs with actionable workarounds
- UI/UX Redesign โ grouped sidebar, dark/light mode, quick access
- Multi-format export (PDF, JSON, Markdown)
- Timezone Converter with NATO DTG
- Cloud deployment on custom domain
v0.6.0 (next):
- Authentication & multi-user mode
- Stripe billing integration
- User-scoped profiles and history
Future:
- Cisco PSIRT API integration
- Tenable vulnerability scanner integration
- Config drift detection
- Compliance checking (CIS benchmarks)
See CHANGELOG.md for version history.
MIT
Built as a public engineering project focused on:
- network automation,
- secure configuration practices,
- and SaaS-oriented backend design.
Contributions, feedback and discussion are welcome.