Netpicker

About Netpicker

Quick tour

A 5 minute introduction to Netpicker

Feature overview

Configuration management

Netpicker makes device backups and enables you to restore configs

Configuration backup & Restore

Netpicker creates and maintains centralized config backups for devices.

  • Automated Scheduling
    Sets recurring backup schedules (daily, weekly, monthly).
  • Version Control
    Maintains historical versions of each config and tracks changes over time.
  • Rollback
    Enables quick restoration to any previous version of the configuration.

Bulk configuration changes

Allows large-scale changes to be applied consistently across multiple devices.

  • Centralized Change Pushing
    Sets recurring backup schedules (daily, weekly, monthly).
  • Scripting & Templates
    Maintains historical versions of each config and tracks changes over time.
  • Workflow Automation
    Enables quick restoration to any previous version of the configuration.

Baseline & Golden configurations

Ensures devices adhere to known-good states.

  • Defining Known Good States
    Identifies the standard or ‘golden’ configuration for each device or device type.
  • Automated Comparisons
    Continuously compares running config to the defined golden state.
  • Drift Detection
    Alerts when deviations occur; can trigger automated remediation.

Compliance & policy enforcement

Netpicker ensures configurations meet security and operational policies

Pre-built and custom rules

Offers pre-built and custom rules for security and operational compliance.

  • Pre-built Security Standards
    Includes CIS hardening policies and CVE examples.
  • Custom Rule Creation
    Allows creation of organization-specific rules or best practices.

Real-Time Compliance Checks

Monitors device configs in real time and flags violations.

  • Automated Remediation Suggestions
    Provides recommended steps to fix or mitigate non-compliance.
  • Audit trail
    Generates historical compliance records and audit trails.

Audit & Reporting

Generates historical compliance records and audit trails.

  • Regulatory Compliance Reports
    Tracks compliance posture over time for internal or external audits.
  • Historical Compliance Posture
    Compares current vs. past compliance states for trend analysis.

Network automation

Netpicker enables automated workflows, scripting, and external integrations.

Automated workflows

Enables scheduling and orchestration of multi-step network tasks.

  • VLAN Provisioning
    Automates VLAN creation, assignment, and trunk port config steps.
  • Job Scheduling & Batches
    Runs sequential or parallel jobs across multiple devices.

Scripting & Extensibility

Monitors device configs in real time and flags violations.

  • Python Engine
    Allows complex scripting for device queries or configuration tasks.
  • Custom Actions & Triggers
    Automates actions based on specific device events or thresholds.

Integration with External Systems

Coordinates changes with third-party or enterprise management tools.

  • API-Based Integration
    RESTful APIs enable programmatic control and data exchange.
  • Change Management & Ticketing
    Integrates with Netbox, Nautobot, Infoblox, ServiceNow, Remedy, etc., to align changes with ITIL processes.

What you can test

Write your own tests.

Use your Python skills for maximum flexibility.

def cve_2023_20198(configuration):
# Checks CVE-2023-20198, Cisco IOS XE Software Web UI Feature
assert ‘no ip http secure-server’ in configuration
Run
Compliant

Netpicker enables you to run automated Python tests against your device configurations, show command output and real-time data from APIs like Netbox or Slurp’it. We provide libraries in pytest format for CIS hardening, common design validations, CVE checks and many more. You can use any Python code you want to create the test you need for your use case.

Easy to use

Not a coder? No problem.

Use our powerful GUI to get things done.

Type

Command

show arp

Must include the text:

Regular expression?

192.168.60.32

Run

Command output

show arp: Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.60.2 97 000c.292e.36b6 ARPA Ethernet0/3 Internet 192.168.60.32 214 000c.2987.5096 ARPA Ethernet0/3 Internet 192.168.60.101 196 5000.0001.0000 ARPA Ethernet0/3

Compliant

Netpicker is designed for network and NetDevOps engineers. We provide an easy-to-use, graphical interface to check the configs of your devices and run real-time show commands.

Open source

Community-supported libraries.

Included with Netpicker.

Netpicker has an active open-source community on Slack and GitHub. We are constantly adding new vendor modules for our Kopimiko device backup library and adding new CIS and CVE tests to our pytest-for-networking repository. We invite you to join our community on Slack and contribute to the project.

Integration

Engineer-friendly REST API.

For all your automation desires.

Devices

GET /api/v1/devices/{tenant}/ Get all devices

GET /api/v1/devices/{tenant}/{device} Get device

PATCH /api/v1/devices/{tenant}/ Edit device

DELETE /api/v1/devices/{tenant}/ Delete device

POST /api/v1/devices/{tenant}/ Create device

Netpicker provides a REST API to manage your devices, backups and tests. You can run CLI show commands, run tests, and restore backups from the API. The API is documented with Swagger / OpenAPI and you can try it out in our sandbox environment.

For some example use cases, check out our Use Cases page or Get started with Netpicker right away!