Noir – An Attack Surface Detector Form Source Code

3 years ago

[![](https://blogger.googleusercontent.com/img/a/AVvXsEgm86EROTj0QkjBqdBMUZjqGkI5XBtukHGTiMUH_0Hj3Nu6bjDM1FLxzmJf2aWtsVhsRfTvCZoziH37jeT546gBzyo1mSsz5C1bw93GOXa7O2BvDBYLEQfgyFZsScdA-EKPcyg4792Zycnoam_hln5HcNSkmovTqupJ5CUJFPaOAROa6FOxW1kKvGiznMt6=w640-h266)]()

Noir is an attack surface [detector]( “detector” ) form source code.

## Key Features

* Automatically identify language and framework from source code.
* Find API [endpoints]( “endpoints” ) and web pages through code analysis.
* Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools.
* That provides structured data such as [JSON]( “JSON” ) and HAR for identified Attack Surfaces to enable seamless interaction with other tools. Also provides [command line]( “command line” ) samples to easily integrate and collaborate with other tools, such as curls or httpie.

## Available Support Scope

### Endpoint’s Entities

* Path
* Method
* Param
* Header
* Protocol (e.g ws)

### Languages and Frameworks

Language | Framework | URL | Method | Param | Header | WS
—|—|—|—|—|—|—
Go | Echo |

| â | X | X | X
Python | Django |

| X | X | X | X
Python | Flask | â | X | X | X | X
Ruby | Rails |

| â | X | X
Ruby | Sinatra |

| X | X
Php | |

| X | X
Java | Spring |

| X | X | X
Java | Jsp | X | X | X | X | X
Crystal | Kemal |

| â | X |

JS | Express |

| X | X | X
JS | Next | X | X | X | X | X

### Specification

Specification | Format | URL | Method | Param | Header | WS
—|—|—|—|—|—|—
Swagger | JSON |

| â |

| X | X
Swagger | YAML |

| X | X

## Installation

### Homebrew (macOS)

brew tap hahwul/noir
brew install noir

### From Sources

# Install Crystal-lang
# https://crystal-lang.org/install/

# Clone this repo
git clone https://github.com/hahwul/noir
cd noir

# Install Dependencies
shards install

# Build
shards build –release –no-debug

# Copy binary
cp ./bin/noir /usr/bin/

### Docker (GHCR)

docker pull ghcr.io/hahwul/noir:main

## Usage

Usage: noir
Basic:
-b PATH, –base-path ./app (Required) Set base path
-u URL, –url https://.. Set base url for endpoints
-s SCOPE, –scope url,param Set scope for detection

Output:
-f FORMAT, –format json Set output format [plain/json/markdown-table/curl/httpie]
-o PATH, –output out.txt Write result to file
–set-pvalue VALUE Specifies the value of the identified parameter
–no-color Disable color output
–no-log Displaying only the results

Deliver:
–send-req Send the results to the web request
–send-proxy https://proxy.. Send the results to the web request via http proxy

Technologies:
-t TECHS, –techs rails,php Set technologies to use
–exclude-techs rails,php Specify the technologies to be excluded
–list-techs Show all technologies

Others:
-d, –debug Show debug messages
-v, –version Show version
-h, –help Show help

Example

noir -b . -u https://testapp.internal.domains

[]( “â ï¸ Noir is an attack surface detector form source code. (6)” )[![](https://blogger.googleusercontent.com/img/a/AVvXsEgm86EROTj0QkjBqdBMUZjqGkI5XBtukHGTiMUH_0Hj3Nu6bjDM1FLxzmJf2aWtsVhsRfTvCZoziH37jeT546gBzyo1mSsz5C1bw93GOXa7O2BvDBYLEQfgyFZsScdA-EKPcyg4792Zycnoam_hln5HcNSkmovTqupJ5CUJFPaOAROa6FOxW1kKvGiznMt6=w640-h266)]()

JSON Result

noir -b . -u https://testapp.internal.domains -f json

[
…
{
“headers”: [],
“method”: “POST”,
“params”: [
{
“name”: “article_slug”,
“param_type”: “json”,
“value”: “”
},
{
“name”: “body”,
“param_type”: “json”,
“value”: “”
},
{
“name”: “id”,
“param_type”: “json”,
“value”: “”
}
],
“protocol”: “http”,
“url”: “https://testapp.internal.domains/comments”
}
]

###

**[Download Noir]( “Download Noir” )**Read More