Home

Awesome

<div align="center"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://github.com/owasp-noir/noir/assets/13212227/04aee7d0-c224-481b-8d79-2dbdcf3ad84b" width="500px;"> <source media="(prefers-color-scheme: light)" srcset="https://github.com/owasp-noir/noir/assets/13212227/0577860e-3d7e-4294-8f1f-dc7b87ce2b2b" width="500px;"> <img alt="OWASP Noir Logo" src="https://github.com/owasp-noir/noir/assets/13212227/04aee7d0-c224-481b-8d79-2dbdcf3ad84b" width="500px;"> </picture> <p>Attack surface detector that identifies endpoints by static analysis.</p> </div> <p align="center"> <a href="https://github.com/owasp-noir/noir/blob/main/CONTRIBUTING.md"> <img src="https://img.shields.io/badge/CONTRIBUTIONS-WELCOME-000000?style=for-the-badge&labelColor=black"></a> <a href="https://github.com/owasp-noir/noir/releases"> <img src="https://img.shields.io/github/v/release/owasp-noir/noir?style=for-the-badge&color=black&labelColor=black&logo=web"></a> <a href="https://crystal-lang.org"> <img src="https://img.shields.io/badge/Crystal-000000?style=for-the-badge&logo=crystal&logoColor=white"></a> <a href="https://owasp.org/www-project-noir/"> <img src="https://img.shields.io/badge/OWASP-000000?style=for-the-badge&logo=owasp&logoColor=white"></a> </p> <p align="center"> <a href="https://owasp-noir.github.io/noir/">Documentation</a> • <a href="https://owasp-noir.github.io/noir/get_started/installation/">Installation</a> • <a href="https://owasp-noir.github.io/noir/supported">Available Support Scope</a> • <a href="#usage">Usage</a> • <a href="#contributing">Contributing</a> </p>

OWASP Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. This includes the capability to discover API endpoints, web endpoints, and other potential entry points within source code for thorough security analysis.

Key Features

Usage

noir -h 

Example

noir -b <source_dir>

JSON Result

noir -b . -u https://testapp.internal.domains -f json -T
{
  "endpoints": [
    {
      "url": "https://testapp.internal.domains/query",
      "method": "POST",
      "params": [
        {
          "name": "my_auth",
          "value": "",
          "param_type": "cookie",
          "tags": []
        },
        {
          "name": "query",
          "value": "",
          "param_type": "form",
          "tags": [
            {
              "name": "sqli",
              "description": "This parameter may be vulnerable to SQL Injection attacks.",
              "tagger": "Hunt"
            }
          ]
        }
      ],
      "details": {
        "code_paths": [
          {
            "path": "spec/functional_test/fixtures/crystal_kemal/src/testapp.cr",
            "line": 8
          }
        ]
      },
      "protocol": "http",
      "tags": []
    }
  ]
}

For more details, please visit our documentation page.

Contributing

Noir is open-source project and made it with ❤️ if you want contribute this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.

PassiveScan Rule contributors