Offensive Security Tool: Noir
Reading Time: 2 Minutes
Description
Noir by hahwul, is an attack surface detector for source code and it is designed for identifying API endpoints and potential security issues within web applications by analyzing their source code. What is nice about it, it allows various outputs including proxy mode so you can connect it with Burp Suite, Owasp and continue your attack vectors more thoroughly.
Key Features
- Automatically identify language and framework from source code.
- Find API endpoints and web pages through code analysis.
- Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools.
- That provides structured data such as JSON and YAML for identified Attack Surfaces to enable seamless interaction with other tools. Also provides command line samples to easily integrate and collaborate with other tools, such as curls or httpie.
See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course
Available Support Scope
Endpoint’s Entities
- Path
- Method
- Param
- Header
- Protocol (e.g ws)
Languages and Frameworks
| Language | Framework | URL | Method | Param | Header | WS |
|---|---|---|---|---|---|---|
| Crystal | Kemal | ✅ | ✅ | ✅ | ✅ | ✅ |
| Go | Echo | ✅ | ✅ | ✅ | ✅ | X |
| Go | Gin | ✅ | ✅ | ✅ | ✅ | X |
| Python | Django | ✅ | ✅ | ✅ | ✅ | X |
| Python | Flask | ✅ | ✅ | ✅ | ✅ | X |
| Python | FastAPI | ✅ | ✅ | ✅ | ✅ | ✅ |
| Ruby | Rails | ✅ | ✅ | ✅ | ✅ | X |
| Ruby | Sinatra | ✅ | ✅ | ✅ | ✅ | X |
| Php | ✅ | ✅ | ✅ | ✅ | X | |
| Java | Jsp | ✅ | ✅ | ✅ | X | X |
| Java | Armeria | ✅ | ✅ | X | X | X |
| Java | Spring | ✅ | ✅ | X | X | X |
| Kotlin | Spring | ✅ | ✅ | X | X | X |
| JS | Express | ✅ | ✅ | X | X | X |
| C# | ASP.NET MVC | ✅ | X | X | X | X |
| JS | Next | X | X | X | X | X |
Specification
| Specification | Format | URL | Method | Param | Header | WS |
|---|---|---|---|---|---|---|
| OAS 2.0 (Swagger 2.0) | JSON | ✅ | ✅ | ✅ | ✅ | X |
| OAS 2.0 (Swagger 2.0) | YAML | ✅ | ✅ | ✅ | ✅ | X |
| OAS 3.0 | JSON | ✅ | ✅ | ✅ | ✅ | X |
| OAS 3.0 | YAML | ✅ | ✅ | ✅ | ✅ | X |
| RAML | YAML | ✅ | ✅ | ✅ | ✅ | X |
See Also: OSINT Tool: MOSINT
See Also: Offensive Security Tool: XSSRocket
Installation
Homebrew (macOS)
brew tap hahwul/noir
brew install noir
From Sources
Docker (GHCR)
docker pull ghcr.io/hahwul/noir:main
Usage
Example
noir -b . -u https://testapp.internal.domains
JSON Result
noir -b . -u https://testapp.internal.domains -f json
Clone the repo from here: GitHub Link
Recent Tools
Offensive Security Tool: emp3r0r
emp3r0r is a post-exploitation framework designed for both Linux and …Blue Team Tool: Ghostport
Ghostport is a sophisticated port spoofing tool designed to confuse …Red Teaming Tool: avred
Avred is a tool designed for Red Teamers to identify …Recon Tool: emailFinder
emailFinder is a web scraping tool that extracts email addresses …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
