noir v0.13 releases: attack surface detector from source code
Noir
Noir is an attack surface detector from source code.
Key Features
- Automatically identify language and framework from source code.
- Find API endpoints and web pages through code analysis.
- Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido, and More Proxy tools.
- That provides structured data such as JSON and HAR for identified Attack Surfaces to enable seamless interaction with other tools. Also provides command line samples to easily integrate and collaborate with other tools, such as curls or httpie.
Available Support Scope
Endpoint’s Entities
- Path
- Method
- Param
- Header
- Protocol (e.g ws)
Languages and Frameworks
Language | Framework | URL | Method | Param | Header | WS |
---|---|---|---|---|---|---|
Go | Echo | ✅ | ✅ | X | X | X |
Python | Django | ✅ | X | X | X | X |
Python | Flask | ✅ | X | X | X | X |
Ruby | Rails | ✅ | ✅ | ✅ | X | X |
Ruby | Sinatra | ✅ | ✅ | ✅ | X | X |
Php | ✅ | ✅ | ✅ | X | X | |
Java | Spring | ✅ | ✅ | X | X | X |
Java | Jsp | X | X | X | X | X |
Crystal | Kemal | ✅ | ✅ | ✅ | X | ✅ |
JS | Express | ✅ | ✅ | X | X | X |
JS | Next | X | X | X | X | X |
Specification
Specification | Format | URL | Method | Param | Header | WS |
---|---|---|---|---|---|---|
Swagger | JSON | ✅ | ✅ | ✅ | X | X |
Swagger | YAML | ✅ | ✅ | ✅ | X | X |
Changelog v0.13
What’s Changed
- 🎨 Lightweight LexerParser(MiniLexer) has been added for more accurate analysis.
- ⚡️ Improve Analyzers (Java Spring and Golang Fiber, Echo, Gin)
- 🎉 Support snapcraft
- 🐞 Fixed bug
MiniLexer
We’ve added a Lightweight LexerParser for analyzing the syntax of source code to enable better analysis. It’s currently implemented in Java and Golang, and although it’s still in its infancy, we believe it will improve over time.
Install & Use
Copyright © 2022 HAHWUL