noir~owasp-noir

Analyzes source code to find endpoints, expose shadow APIs, and map the attack surface attack-surfaces pentesting security devsecops hacktoberfest owasp owasp-noir endpoints api-security shadow-api

CLI Applications

0.18.1 released over 1 year ago

owasp-noir/noir

1 day ago

1178 106 53

OWASP Noir

CrystalDocs.info Source

Attack surface detector that identifies endpoints by static analysis.

Documentation • Installation • Available Support Scope • Usage • Contributing

OWASP Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. This includes the capability to discover API endpoints, web endpoints, and other potential entry points within source code for thorough security analysis.

Key Features

Identify API endpoints and parameters from source code.
Support various source code languages and frameworks.
Provide analysts with technical information and security issues identified during source code analysis.
Friendly pipeline & DevOps integration, offering multiple output formats (JSON, YAML, OAS spec) and compatibility with tools like curl and httpie.
Friendly Offensive Security Tools integration, allowing usage with tools such as ZAP and Caido, Burpsuite.
Identify security issues within the source code through rule-based passive scanning.
Generate elegant and clear output results.

Usage

noir -h

Example

noir -b <source_dir>

JSON Result

noir -b . -u https://testapp.internal.domains -f json -T

{
  "endpoints": [
    {
      "url": "https://testapp.internal.domains/query",
      "method": "POST",
      "params": [
        {
          "name": "my_auth",
          "value": "",
          "param_type": "cookie",
          "tags": []
        },
        {
          "name": "query",
          "value": "",
          "param_type": "form",
          "tags": [
            {
              "name": "sqli",
              "description": "This parameter may be vulnerable to SQL Injection attacks.",
              "tagger": "Hunt"
            }
          ]
        }
      ],
      "details": {
        "code_paths": [
          {
            "path": "spec/functional_test/fixtures/crystal_kemal/src/testapp.cr",
            "line": 8
          }
        ]
      },
      "protocol": "http",
      "tags": []
    }
  ]
}

For more details, please visit our documentation page.

Contributing

Noir is open-source project and made it with ❤️ if you want contribute this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.

noir:
  github: owasp-noir/noir
  version: ~> 0.18.1

License MIT

Crystal ~> 1.10

Authors

hahwul hahwul@gmail.com
ksg97031 ksg97031@gmail.com

Dependencies 2

crest ~> 1.3.13

{'github' => 'mamantoha/crest', 'version' => '~> 1.3.13'}

har
```
{'github' => 'NeuraLegion/har'}
```

Development Dependencies 0

Dependents 0

Similar shards

Releases

Show all 55 releases

Last synced 1 day ago.

Edit catalog entry ?