NOIR
Noir is an attack surface detector that enhances white-box security testing and streamlines security pipelines by discovering endpoints and potential vulnerabilities through static analysis.
Endpoint Discovery
Extracts API and web endpoints, along with their parameters, directly from your source code for a comprehensive analysis of your application's attack surface.
Multi-Language Support
Supports a wide range of programming languages and frameworks, ensuring broad compatibility across your diverse portfolio of projects.
Vulnerability Detection
Performs rule-based passive scanning to identify potential security vulnerabilities and provides detailed insights to help you remediate them quickly.
DevOps Integration
Seamlessly integrates with popular DevOps and security tools like cURL, ZAP, and Caido to enhance your existing security pipelines.
Flexible Output Formats
Generates clear and actionable results in a variety of formats, including JSON, YAML, and OpenAPI, making it easy to consume the data in other tools.
AI-Powered Analysis
Leverages the power of AI and Large Language Models (LLMs) to uncover hidden APIs and endpoints in unfamiliar or unsupported frameworks.
Built With
Open Source Project
OWASP Noir is an open-source project built with ❤️ by the community. If you would like to contribute, please see our contributing guide and submit a pull request with your awesome changes!
View Contributing Guide