Give AI agents and automation systems a browser-backed way to capture screenshots, page evidence, and web intelligence.
snir is a Chrome DevTools Protocol based screenshot and web-intelligence subsystem. It can be used directly by humans, but the project is now designed AI-first: an agent can discover the skill entrypoint, install the binary, choose the right integration mode, run screenshots or batch collection, and persist structured evidence without needing prior Go knowledge.
| Agent need | Use this entry | Best for |
|---|---|---|
| Autonomous operation from a cloned repo | SKILL.md |
Anthropic-compatible Skill Bundle entrypoint with short operating instructions |
| Progressive task references | references/ |
Agents loading only the docs needed for scan workflows, API/SDK usage, and output interpretation |
| One-shot CLI execution | snir scan ... |
Shell-capable agents that need screenshots, HTML, headers, cookies, console logs, or network evidence |
| Language-neutral tool endpoint | snir api |
Agent frameworks, non-Go systems, microservices, and tool adapters calling HTTP |
| Go-native embedding | pkg/sdk |
Go applications that need typed SDK options, results, batching, streaming, and shared pools |
| Shared browser infrastructure | snir provider |
Multi-process agents and workers that should reuse one Chrome/CDP provider |
If the repository is already cloned:
./scripts/install-snir.sh
snir versionOr install the latest release manually:
LATEST=$(curl -s https://api.github.com/repos/cyberspacesec/snir-skills/releases/latest | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
OS=$(uname -s | sed 's/Linux/Linux/;s/Darwin/Darwin/;s/FreeBSD/Freebsd/;s/OpenBSD/Openbsd/;s/NetBSD/Netbsd/')
ARCH=$(uname -m | sed 's/x86_64/x86_64/;s/aarch64/arm64/;s/arm64/arm64/')
curl -L -o snir.tar.gz "https://github.com/cyberspacesec/snir-skills/releases/download/${LATEST}/snir-skills_${OS}_${ARCH}.tar.gz"
tar xzf snir.tar.gz snir && chmod +x snir && sudo mv snir /usr/local/bin/
snir versionRecommended first task:
snir scan example.com --full-page --save-html --save-headers --save-console --write-jsonlmindmap
root((snir AI-native Web Intelligence))
AI Agent Access
Skill Bundle
SKILL.md
references
evals
CLI Tool Calls
single URL
file batch
CIDR expansion
HTTP API
POST screenshot
POST batch
health and stats
Go SDK
typed client
batch streaming
shared pool
CDP Provider
remote Chrome
browser reuse
cross-process workers
Screenshot Capture
viewport screenshot
full page
CSS selector
XPath
PNG or JPEG
file or memory bytes
Page Intelligence
HTML source
HTTP headers
cookies
console logs
network requests
TLS and final URL
status code
technologies
perceptual hash
Browser Control
JavaScript
forms
click input scroll wait
device presets
mobile and touch
custom fingerprint
WebRTC disable
Scale and Reliability
connection pool
auto connect
proxy rotation
retries
blacklist
idle timeout
Outputs
screenshots
JSONL
CSV
SQLite
HTML reports
API response
| Area | Capabilities |
|---|---|
| Screenshot capture | Single page, full-page, element-level CSS selector/XPath, PNG/JPEG quality control, file output, in-memory bytes |
| Web evidence | HTML, HTTP headers, cookies, console logs, network requests, final URL, response code, TLS metadata |
| Agent workflows | Skill Bundle entrypoint, progressive references, install helper, evaluation prompts, copy-paste command patterns |
| Automation interfaces | CLI, HTTP API, Go SDK, shared singleton pool, remote Chrome/CDP provider |
| Browser interaction | JavaScript execution, pre-load JS, form filling, click/type/scroll/wait action sequences |
| Device and fingerprint control | Device presets, viewport, DPR, mobile/touch emulation, User-Agent, language, platform, vendor, WebGL, custom headers, WebRTC disable |
| Scale and reuse | Batch file scans, CIDR expansion, host/IP plus port expansion, concurrency, Chrome connection pools, idle close, auto-discovery |
| Network routing | Single proxy, proxy list, hot-reload proxy file, proxy API, round-robin/random/sequential strategies |
| Cookie workflows | Persistent JSON cookie jar, one-time cookies, Netscape import/export, write-back after capture |
| Persistence and reports | Screenshots, JSONL, CSV, SQLite, stdout, report conversion, merge, HTML reports, local web viewer |
For cyberspace mapping systems, snir works best as the web asset collection, browser evidence, screenshot, fingerprinting, and page-observation layer. See Cyberspace Mapping Assessment for scope boundaries and integration notes.
The repository is structured as a single skill bundle rooted at SKILL.md. Agents should start there, then open deeper references only when needed.
| Resource | Purpose |
|---|---|
SKILL.md |
Canonical AI-agent entrypoint and operating notes |
references/README.md |
Resource map for task-specific references |
references/scan-workflows.md |
CLI scan patterns for single URL, batch, ports, and evidence collection |
references/api-and-sdk.md |
HTTP API, Go SDK, and CDP Provider integration |
references/outputs-and-evidence.md |
Output fields, persistence formats, and evidence interpretation |
scripts/install-snir.sh |
Deterministic release installer helper |
evals/evals.json |
Realistic prompts for validating agent behavior |
# Single URL screenshot
snir scan example.com
# Batch from URL file
snir scan file -f urls.txt --threads 10 --write-jsonl
# Expand bare hosts/IPs by common Web ports
snir scan file -f hosts.txt --ports 80,443,8080,8443 --db --write-jsonl
# CIDR network expansion
snir scan cidr 192.168.1.0/24 --ports 80,443
# Full-page screenshot with evidence collection
snir scan example.com --full-page --save-html --save-headers --save-cookies --save-console --save-networksnir api --host 127.0.0.1 --port 8080 --api-key secretcurl -X POST http://127.0.0.1:8080/screenshot \
-H "X-API-Key: secret" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com","capture_full_page":true,"save_html":true,"save_headers":true}'Use the HTTP API when an agent framework needs a stable tool endpoint instead of shelling out for every capture.
package main
import (
"fmt"
"github.com/cyberspacesec/snir-skills/pkg/sdk"
)
func main() {
client, err := sdk.NewClient(sdk.DefaultClientOptions())
if err != nil {
panic(err)
}
defer client.Close()
result, err := client.Screenshot("https://example.com", nil)
if err != nil {
panic(err)
}
fmt.Println(result.Title, result.Screenshot)
}SDK highlights:
NewClientfor local Chrome pool reuse.NewRemoteClientfor a remote Chrome WebSocket endpoint.AutoConnectClientto prefer configured remote Chrome, discover a local provider, or start local Chrome.CaptureandCaptureBytesfor composableWith...scenario options, including per-request output path, format, and quality.CaptureEvidenceBundle,ScreenshotEvidenceBundle, andBatchScreenshotEvidenceBundlesfor one-call full evidence capture plus portable bundle export.ScreenshotEvidence,ScreenshotHeaders,ScreenshotCookies,ScreenshotConsole,ScreenshotNetwork,ScreenshotElementBytes,ScreenshotXPathBytes,ScreenshotDeviceBytes,ScreenshotViewportBytes,ScreenshotHTML,ScreenshotWithFormatBytes,ScreenshotWithDelayBytes,ScreenshotWithTimeoutBytes,ScreenshotWithActionsBytes,ScreenshotWithFormBytes,ScreenshotWithCookiesBytes, and matching result-returning helpers.ScreenshotWithProxy,ScreenshotWithProxyList,ScreenshotWithProxyFile,ScreenshotWithProxyURL,ScreenshotWithCustomHeaders,ScreenshotWithUserAgent,ScreenshotWithAcceptLanguage,ScreenshotWithFingerprint,ScreenshotWithCookieHeader,ScreenshotWithCookieFile,ScreenshotWithCookieImport,ScreenshotWithCookieExport,ScreenshotWithBlacklist,ScreenshotWithBlacklistFile,ScreenshotWithoutBlacklist,ScreenshotWithRetries, and byte-returning variants for request-profile workflows.ScreenshotWithDeviceEmulation,ScreenshotWithMobileEmulation,ScreenshotWithTouchEmulation,ScreenshotWithIgnoreCertErrors,ScreenshotWithPlugins,ScreenshotWithDisabledWebRTC,ScreenshotWithSpoofedScreen,ScreenshotWithCookieStrings,ScreenshotWithDefaultBlacklist, and byte-returning variants for browser environment and anti-detection workflows.WrapResulthelpers for evidence summaries plus JSON, HTML, screenshot, and evidence-bundle export.- Typed interaction and form builders such as
ActionClick,ActionType,ActionWait,FormInput, andFormWithSubmit. - Per-request proxy rotation, manual mobile/touch emulation, Cookie header injection, persistent JSON Cookie files, Netscape cookie import/export, CookieJar write-back, and blacklist guards.
ScreenshotRequest,BatchScreenshotRequests,BatchScreenshotRequestsBytes,BatchScreenshotRequestsEvidenceBundles, and streaming/callback variants for per-target option matrices.ExpandTarget,ExpandTargets,BatchScreenshotTargets,BatchScreenshotTargetsBytes,BatchScreenshotTargetsStreaming,BatchScreenshotTargetsBytesStreaming,BatchScreenshotTargetsCallback, andBatchScreenshotTargetsBytesCallbackfor host/IP inputs expanded across HTTP/HTTPS and ports.- Batch, streaming, callback, and byte-returning batch APIs for larger workflows.
SharedCapture,SharedCaptureBytes,SharedScreenshotElement,SharedScreenshotDevice,SharedScreenshotWithJS,SharedScreenshotHeaders,SharedScreenshotCookies,SharedScreenshotConsole,SharedScreenshotNetwork,SharedScreenshotWithFormatBytes,SharedScreenshotWithDelayBytes,SharedScreenshotWithTimeoutBytes,SharedScreenshotWithActionsBytes,SharedScreenshotWithCookiesBytes,SharedScreenshotWithProxyListBytes,SharedScreenshotWithDeviceEmulationBytes,SharedScreenshotWithMobileEmulationBytes,SharedScreenshotWithDisabledWebRTCBytes,SharedScreenshotWithCookieStringsBytes,SharedScreenshotWithDefaultBlacklistBytes,SharedScreenshotEvidence, andSharedScreenshotEvidenceBundlefor process-wide Chrome pool reuse without managing a client instance.SharedBatchScreenshot,SharedBatchScreenshotBytes,SharedBatchScreenshotRequests,SharedBatchScreenshotTargets,SharedBatchScreenshotEvidenceBundles, and streaming/callback variants for shared-pool batch workflows without creating a client.
snir provider --port 9223 --idle-timeout 5m
curl http://127.0.0.1:9223/wsUse the provider when multiple agents, services, or workers should share Chrome instead of launching separate browser processes. Other snir entrypoints can connect with --wss ws://host:9222/devtools/browser/..., and Go callers can use sdk.NewRemoteClient(...) or sdk.AutoConnectClient(...).
Download from GitHub Releases.
| Platform | Command |
|---|---|
| Linux x86_64 | curl -L https://github.com/cyberspacesec/snir-skills/releases/latest/download/snir-skills_Linux_x86_64.tar.gz | tar xz snir |
| macOS arm64 | curl -L https://github.com/cyberspacesec/snir-skills/releases/latest/download/snir-skills_Darwin_arm64.tar.gz | tar xz snir |
| Windows x86_64 | Download snir-skills_Windows_x86_64.zip from Releases |
sudo dpkg -i snir_*.deb # Debian/Ubuntu
sudo rpm -i snir-*.rpm # RHEL/Fedora
sudo pacman -U snir-*.pkg.tar.zst # Arch Linuxdocker pull ghcr.io/cyberspacesec/snir:latest
docker run --rm ghcr.io/cyberspacesec/snir:latest scan example.comRequires Go 1.23+.
git clone https://github.com/cyberspacesec/snir-skills.git
cd snir-skills
make build
./snir versionScreenshot capture requires Chrome/Chromium unless --wss points to a remote Chrome or provider.
sudo apt install chromium-browser
brew install --cask google-chrome# Basic capture
snir scan example.com
# Capture all common evidence
snir scan example.com --full-page --save-html --save-headers --save-cookies --save-console --save-network
# Mobile device preset
snir scan example.com --device iphone-15 --full-page
# Element screenshot
snir scan example.com --selector "#dashboard-panel"
# Run JavaScript before capture
snir scan example.com --js "document.querySelectorAll('.popup').forEach(el => el.remove());"
# Proxy rotation
snir scan file -f urls.txt --threads 10 --proxy-file proxies.txt --proxy-strategy random
# Cookie import and write-back
snir scan example.com --cookie-import cookies.txt --cookie-write-back --save-cookies
# Structured downstream evidence
snir scan file -f urls.txt --write-jsonl --db --db-path results.db| Document | Description |
|---|---|
| Skill Bundle Entry | AI-agent entrypoint and concise operating notes |
| Skill Resource Map | Which reference file an agent should open for each task |
| SKILLS Index | Full command map, installation paths, and flag overview |
| Scan Command | CLI screenshot, batch scan, ports, devices, proxies, evidence, and output options |
| HTTP API | API server, auth, endpoints, request and response schema |
| CDP Provider | Shared Chrome/CDP provider setup and reuse patterns |
| Full Capabilities | CLI, Go SDK, HTTP API, and Provider reference |
| Quick Examples | Copy-paste usage examples |
| Usage Examples | Detailed scenario walkthroughs |