Merge pull request #268 from noir-cr/dev

Release v0.14.0
owasp-noir · Mar 29, 2024 · 1fd7b0c · 1fd7b0c
2 parents 19145d3 + 60e0cf9
commit 1fd7b0c
Show file tree

Hide file tree

Showing 31 changed files with 742 additions and 55 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -29,6 +29,12 @@
     - src/output_builder/**
     - src/models/output_builder.cr
 
+🏷️ tagger:
+- changed-files:
+  - any-glob-to-any-file: 
+    - src/taggers/**
+    - src/models/tag.cr
+
 💊 spec:
 - changed-files:
   - any-glob-to-any-file: spec/**

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
         matrix:
-          crystal-version: ['1.8.0', '1.9.0', '1.10.0', '1.11.0']
+          crystal-version: ['1.10.0', '1.11.0']
     steps:
       - uses: actions/checkout@v3
       - uses: MeilCli/setup-crystal-action@v4

diff --git a/README.md b/README.md
@@ -1,16 +1,36 @@
 <div align="center">
   <img src="https://github.com/noir-cr/noir/assets/13212227/8c4470fe-c8f4-4060-9f12-b038ad211913" alt="" width="500px;">
-  <p>Noir is an attack surface detector that identifies endpoints by static analysis.</p>
+  <p>Attack surface detector that identifies endpoints by static analysis.</p>
 </div>
 
+<p align="center">
+<a href="https://github.com/noir-cr/noir/blob/main/CONTRIBUTING.md">
+<img src="https://img.shields.io/badge/CONTRIBUTIONS-WELCOME-000000?style=for-the-badge&labelColor=black"></a>
+<a href="https://github.com/noir-cr/noir/releases">
+<img src="https://img.shields.io/github/v/release/noir-cr/noir?style=for-the-badge&color=black&labelColor=black&logo=web"></a>
+<a href="https://crystal-lang.org">
+<img src="https://img.shields.io/badge/Crystal-000000?style=for-the-badge&logo=crystal&logoColor=white"></a>
+</p>
+
+<p align="center">
+  <a href="#key-features">Key Features</a> •
+  <a href="#available-support-scope">Available Support Scope</a> •
+  <a href="#installation">Installation</a> •
+  <a href="#usage">Usage</a> •
+  <a href="#contributing">Contributing</a>
+</p>
+
 ## Key Features
 - Automatically identify language and framework from source code.
 - Find API endpoints and web pages through code analysis.
 - Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools.
 - That provides structured data such as JSON and YAML for identified Attack Surfaces to enable seamless interaction with other tools. Also provides command line samples to easily integrate and collaborate with other tools, such as curls or httpie.
 
 ## Available Support Scope
-### Endpoint's Entities
+
+<details>
+  <summary>Endpoint's Entities</summary>
+
 - Path
 - Method
 - Param
@@ -19,7 +39,10 @@
 - Protocol (e.g ws)
 - Details (e.g The origin of the endpoint)
 
-### Languages and Frameworks
+</details>
+
+<details>
+  <summary>Languages and Frameworks</summary>
 
 | Language | Framework   | URL | Method | Param | Header | Cookie | WS |
 |----------|-------------|-----|--------|-------|--------|--------|----|
@@ -45,8 +68,10 @@
 | C#       | ASP.NET MVC | ✅   | X     | X     | X      | X      | X  |
 | JS       | Next        | X    | X     | X     | X      | X      | X  |
 
+</details>
 
-### Specification
+<details>
+  <summary>Specification</summary>
 
 | Specification          | Format  | URL | Method | Param | Header | WS |
 |------------------------|---------|-----|--------|-------|--------|----|
@@ -55,6 +80,9 @@
 | OAS 3.0                | JSON    | ✅  | ✅     | ✅    | ✅     | X  |
 | OAS 3.0                | YAML    | ✅  | ✅     | ✅    | ✅     | X  |
 | RAML                   | YAML    | ✅  | ✅     | ✅    | ✅     | X  |
+| HAR                    | JSON    | ✅  | ✅     | ✅    | ✅     | X  |
+
+</details>
 
 ## Installation
 ### Homebrew (macOS)
@@ -115,6 +143,11 @@ Usage: noir <flags>
     --no-color                       Disable color output
     --no-log                         Displaying only the results
 
+  Tagger:
+    -T, --use-all-taggers            Activates all taggers for full analysis coverage
+    --use-taggers VALUES             Activates specific taggers (e.g., --use-taggers hunt,etc)
+    --list-taggers                   Lists all available taggers
+
   Deliver:
     --send-req                       Send results to a web request
     --send-proxy http://proxy..      Send results to a web request via an HTTP proxy
@@ -140,54 +173,54 @@ Usage: noir <flags>
 
 Example
 ```bash
-noir -b . -u https://testapp.internal.domains
+noir -b . -u https://testapp.internal.domains -T
 ```
 
-![](https://github.com/noir-cr/noir/assets/13212227/40d09acf-e250-4ea9-a84b-d9251a2d5147)
+![](https://github.com/noir-cr/noir/assets/13212227/4e69da04-d585-4745-9cc7-ef6e69e193b0)
 
 JSON Result
 ```
-noir -b . -u https://testapp.internal.domains -f json
+noir -b . -u https://testapp.internal.domains -f json -T
 ```
 
 ```json
-[
-  ...
-  {
-    "headers": [],
+{
+    "url": "https://testapp.internal.domains/query",
     "method": "POST",
     "params": [
       {
-        "name": "article_slug",
-        "param_type": "json",
-        "value": ""
-      },
-      {
-        "name": "X-API-KEY",
-        "value":"",
-        "param_type":"header"
+        "name": "my_auth",
+        "value": "",
+        "param_type": "cookie",
+        "tags": []
       },
       {
-        "name": "auth",
-        "param_type": "cookie",
-        "value": ""
+        "name": "query",
+        "value": "",
+        "param_type": "form",
+        "tags": [
+          {
+            "name": "sqli",
+            "description": "This parameter may be vulnerable to SQL Injection attacks.",
+            "tagger": "Hunt"
+          }
+        ]
       }
     ],
-    "protocol": "http",
-    "url": "https://testapp.internal.domains/comments",
     "details": {
       "code_paths": [
         {
-          "path": "app_source/testapp.cr",
-          "line": 3
+          "path": "spec/functional_test/fixtures/crystal_kemal/src/testapp.cr",
+          "line": 8
         }
       ]
-    }
+    },
+    "protocol": "http",
+    "tags": []
   }
-]
 ```
 
-### Contributing
+## Contributing
 Noir is open-source project and made it with ❤️ 
 if you want contribute this project, please see [CONTRIBUTING.md](./CONTRIBUTING.md) and Pull-Request with cool your contents.
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,21 +1,19 @@
 # Security Policy
 
-## Supported Versions
+## Reporting a Vulnerability
 
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
+Found a security issue? Let us know so we can fix it.
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 5.1.x   | :white_check_mark: |
-| 5.0.x   | :x:                |
-| 4.0.x   | :white_check_mark: |
-| < 4.0   | :x:                |
+### How to Report
 
-## Reporting a Vulnerability
+* **For general security concerns**, please open a [GitHub issue](https://github.com/noir-cr/noir/issues). Use the `🛡️ security` label and describe the issue in as much detail as you can. This helps us to understand and address the problem more effectively.
+* **For sensitive matters**, we encourage you to directly email the [noir team members](https://github.com/orgs/noir-cr/people). Handling these issues discreetly is vital for everyone's safety.
+
+### Our Team
+
+Beyond being passionate open source contributors, we are also seasoned Red Team security engineers. Our dual expertise means we're not only ready but also keen to address any security issues you might identify. Consider us your approachable security allies. Whether you notice something minor or more significant, we encourage you to get in touch. Open dialogue is key to us, and we're here to address any security concerns you might have—together.
 
-Use this section to tell people how to report a vulnerability.
+## Conclusion
+Your vigilance and willingness to report security issues are what help keep our project robust and secure. We appreciate the time and effort you put into making our community a safer place. Remember, no concern is too small; we're here to listen and act. Together, we can ensure a secure environment for all our users and contributors. Thank you for being an essential part of our project's security.
 
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
+Thank you for your support in maintaining the security and integrity of our project!
diff --git a/shard.lock b/shard.lock
@@ -4,6 +4,10 @@ shards:
     git: https://github.com/mamantoha/crest.git
     version: 1.3.11
 
+  har:
+    git: https://github.com/neuralegion/har.git
+    version: 1.2.0
+
   http-client-digest_auth:
     git: https://github.com/mamantoha/http-client-digest_auth.git
     version: 0.6.0

diff --git a/shard.yml b/shard.yml
@@ -1,5 +1,5 @@
 name: noir
-version: 0.13.0
+version: 0.14.0
 
 authors:
   - hahwul <hahwul@gmail.com>
@@ -12,7 +12,9 @@ targets:
 dependencies:
   crest:
     github: mamantoha/crest
+  har:
+    github: NeuraLegion/har
 
-crystal: 1.8.2
+crystal: ~> 1.10
 
 license: MIT
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
@@ -1,10 +1,10 @@
 name: noir
 base: core20
-version: 0.13.0
+version: 0.14.0
 summary: Attack surface detector that identifies endpoints by static analysis.
 description: |
-  Noir is your ally in the quest for digital fortification. 
-  A cutting-edge attack surface detector, it unveils hidden endpoints through meticulous static analysis.
+  Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. 
+  This includes the capability to discover API endpoints, web endpoints, and other potential entry points within source code for thorough security analysis.
 
 grade: stable # must be 'stable' to release into candidate/stable channels
 confinement: strict # use 'strict' once you have the right plugs and slots
@@ -23,7 +23,7 @@ parts:
       curl -fsSL https://crystal-lang.org/install.sh | sudo bash
       snapcraftctl pull
       shards install
-      shards build --release
+      shards build --release --no-debug --production
       cp ./bin/noir $SNAPCRAFT_PART_INSTALL/
       snapcraftctl build
     build-packages:

diff --git a/spec/functional_test/fixtures/crystal_kemal/custom_public/2.html b/spec/functional_test/fixtures/crystal_kemal/custom_public/2.html
diff --git a/spec/functional_test/fixtures/crystal_kemal/public/1.html b/spec/functional_test/fixtures/crystal_kemal/public/1.html
diff --git a/spec/functional_test/fixtures/crystal_kemal/src/testapp.cr b/spec/functional_test/fixtures/crystal_kemal/src/testapp.cr
@@ -10,8 +10,16 @@ post "/query" do
   env.params.body["query"].as(String)
 end
 
+get "/token" do
+  env.params.body["client_id"].as(String)
+  env.params.body["redirect_url"].as(String)
+  env.params.body["grant_type"].as(String)
+end
+
 ws "/socket" do |socket|
   socket.send "Hello from Kemal!"
 end
 
+public_folder "custom_public"
+
 Kemal.run