Attack surface detector that identifies endpoints by static analysis.

Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. This includes the capability to discover API endpoints, web endpoints, and other potential entry points within source code for thorough security analysis and DAST.

Key Features

  • Automatically identify language and framework from source code.
  • Find API endpoints and web pages through code analysis.
  • Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools.
  • That provides structured data such as JSON and YAML for identified Attack Surfaces to enable seamless interaction with other tools. Also provides command line samples to easily integrate and collaborate with other tools, such as curls or httpie.

Road Map

We plan to expand the range of supported programming languages and frameworks, and to increase accuracy. Initially conceived as a tool to assist with WhiteBox testing, our goal is to extract and provide endpoints from the source code within the DevSecOps Pipeline, enabling DAST to conduct more accurate and stable scans.



brew install noir

# https://formulae.brew.sh/formula/noir


sudo snap install noir

# https://snapcraft.io/noir

From Sources

# Install Crystal-lang
# https://crystal-lang.org/install/

# Clone this repo
git clone https://github.com/owasp-noir/noir
cd noir

# Install Dependencies
shards install

# Build
shards build --release --no-debug

# Copy binary
cp ./bin/noir /usr/bin/

Docker (GHCR)

docker pull ghcr.io/owasp-noir/noir:main