Skip to content

Latest commit

 

History

History
51 lines (41 loc) · 2.43 KB

index.md

File metadata and controls

51 lines (41 loc) · 2.43 KB
layout title tags level type pitch
col-sidebar
OWASP Noir
noir owasp-noir sast dast attack-surface endpoint
2
code
An open-source project that identifies attack surfaces to enhance whitebox security testing and security pipelines.

Attack surface detector that identifies endpoints by static analysis.


Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. This includes the capability to discover API endpoints, web endpoints, and other potential entry points within source code for thorough security analysis and DAST. For more information, please visit our documentation page.

Key Features

  • Identify API endpoints and parameters from source code.
  • Support various source code languages and frameworks.
  • Provide analysts with technical information and security issues identified during source code analysis.
  • Friendly pipeline & DevOps integration, offering multiple output formats (JSON, YAML, OAS spec) and compatibility with tools like curl and httpie.
  • Friendly Offensive Security Tools integration, allowing usage with tools such as ZAP and Caido, Burpsuite.
  • Generate elegant and clear output results.

Road Map

We plan to expand the range of supported programming languages and frameworks, and to increase accuracy. Initially conceived as a tool to assist with WhiteBox testing, our goal is to extract and provide endpoints from the source code within the DevSecOps Pipeline, enabling DAST to conduct more accurate and stable scans.

<style> .sub-nav{ display: none !important; } </style>