NOIR
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
Essential Features
Discover Noir's essential features for comprehensive attack surface detection and analysis.
Attack Surface Discovery
Analyzes your source code to uncover the complete attack surface of your application, including hidden endpoints, shadow APIs, and other security blind spots.
Multi-Language Support
Supports a wide range of programming languages and frameworks, ensuring broad compatibility across your diverse portfolio of projects.
DevSecOps Ready
Designed for seamless integration into CI/CD pipelines and security workflows, with support for popular tools like cURL, ZAP, Caido, and more.
AI-Powered Analysis
Leverages Large Language Models (LLMs) to detect endpoints in any language or framework—even those not natively supported—ensuring no endpoint goes undetected.
SAST-to-DAST Bridge
Bridges static code analysis and dynamic testing by providing discovered endpoints to DAST tools like ZAP and Burp Suite, enabling more comprehensive security scans.
Flexible Output Formats
Generates clear and actionable results in a variety of formats, including JSON, YAML, and OpenAPI, making it easy to consume the data in other tools.
Built With
Open Source Project
OWASP Noir is an open-source project built with ❤️ by the community. If you would like to contribute, please see our contributing guide and submit a pull request with your awesome changes!
