Attack surface detector that identifies endpoints by static analysis.
Installation •
Documentation •
Available Support Scope •
Usage •
Contributing
Key Features
Identify API endpoints and parameters from source code.
Support various source code languages and frameworks.
Provide analysts with technical information and security issues identified during source code analysis.
Friendly pipeline & DevOps integration, offering multiple output formats (JSON, YAML, OAS spec) and compatibility with tools like curl and httpie.
Friendly Offensive Security Tools integration, allowing usage with tools such as ZAP and Caido, Burpsuite.
Generate elegant and clear output results.
Available Support Scope
Endpoint's Entities
- Path
- Method
- Param
- Header
- Cookie
- Protocol (e.g ws)
- Details (e.g The origin of the endpoint)
Languages and Frameworks
| Language | Framework | URL | Method | Param | Header | Cookie | WS |
|----------|-------------|-----|--------|-------|--------|--------|----|
| Crystal | Kemal | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Crystal | Lucky | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Go | Beego | ✅ | ✅ | X | X | X | X |
| Go | Echo | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Go | Gin | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Go | Fiber | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Python | Django | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Python | Flask | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Python | FastAPI | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Ruby | Rails | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Ruby | Sinatra | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Ruby | Hanami | ✅ | ✅ | X | X | X | X |
| Php | | ✅ | ✅ | ✅ | ✅ | X | X |
| Java | Jsp | ✅ | ✅ | ✅ | X | X | X |
| Java | Armeria | ✅ | ✅ | X | X | X | X |
| Java | Spring | ✅ | ✅ | ✅ | ✅ | X | X |
| Kotlin | Spring | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| JS | Express | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| JS | Restify | ✅ | ✅ | ✅ | ✅ | ✅ | X |
| Rust | Axum | ✅ | ✅ | X | X | X | X |
| Rust | Rocket | ✅ | ✅ | X | X | X | X |
| Elixir | Phoenix | ✅ | ✅ | X | X | X | ✅ |
| C# | ASP.NET MVC | ✅ | X | X | X | X | X |
| JS | Next | X | X | X | X | X | X |
Specification
| Specification | Format | URL | Method | Param | Header | WS |
|------------------------|---------|-----|--------|-------|--------|----|
| OAS 2.0 (Swagger 2.0) | JSON | ✅ | ✅ | ✅ | ✅ | X |
| OAS 2.0 (Swagger 2.0) | YAML | ✅ | ✅ | ✅ | ✅ | X |
| OAS 3.0 | JSON | ✅ | ✅ | ✅ | ✅ | X |
| OAS 3.0 | YAML | ✅ | ✅ | ✅ | ✅ | X |
| RAML | YAML | ✅ | ✅ | ✅ | ✅ | X |
| HAR | JSON | ✅ | ✅ | ✅ | ✅ | X |
Installation
Homebrew
brew install noir
# https://formulae.brew.sh/formula/noir
Snapcraft
sudo snap install noir
# https://snapcraft.io/noir
From Sources
# Install Crystal-lang
# https://crystal-lang.org/install/
# Clone this repo
git clone https://github.com/owasp-noir/noir
cd noir
# Install Dependencies
shards install
# Build
shards build --release --no-debug
# Copy binary
cp ./bin/noir /usr/bin/
Docker (GHCR)
docker pull ghcr.io/owasp-noir/noir:main
Usage
noir -h
Example
noir -b <source_dir>
JSON Result
noir -b . -u https://testapp.internal.domains -f json -T
{
"url": "https://testapp.internal.domains/query",
"method": "POST",
"params": [
{
"name": "my_auth",
"value": "",
"param_type": "cookie",
"tags": []
},
{
"name": "query",
"value": "",
"param_type": "form",
"tags": [
{
"name": "sqli",
"description": "This parameter may be vulnerable to SQL Injection attacks.",
"tagger": "Hunt"
}
]
}
],
"details": {
"code_paths": [
{
"path": "spec/functional_test/fixtures/crystal_kemal/src/testapp.cr",
"line": 8
}
]
},
"protocol": "http",
"tags": []
}
For more details, please visit our documentation page.
Contributing
Noir is open-source project and made it with ❤️
if you want contribute this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.