v0.21.0

OWASP Noir Logo

Attack surface detector that identifies endpoints by static analysis.

Open Source MIT Licensed.

OWASP Noir Logo

Why Choose OWASP Noir?

OWASP Noir empowers security teams with advanced attack surface detection, uncovering endpoints and vulnerabilities through static analysis. Explore its core features below.

api

Endpoint Extraction

Extract API and web endpoints along with parameters directly from source code for comprehensive security analysis.

code

Multi-Language Support

Supports multiple programming languages and frameworks, ensuring broad compatibility for diverse projects.

security

Security Issue Detection

Perform rule-based passive scanning to identify potential security vulnerabilities with detailed insights.

code

DevOps Integration

Seamlessly integrate with DevOps tools like curl, ZAP, and Caido to enhance security pipelines.

file_download

Flexible Output Formats

Generate clear, actionable results in JSON, YAML, and OAS formats for easy consumption.

auto_awesome

AI-Enhanced Discovery

Leverage AI to uncover hidden APIs and endpoints in unfamiliar frameworks.

Visualize OWASP Noir’s Analysis

OWASP Noir provides detailed insights into your application’s attack surface. Compare CLI usage with JSON output to see how Noir delivers actionable results.

/images/screenshots/plain.png /images/screenshots/json.png