Attack surface detector that identifies endpoints by static analysis.
Open Source MIT Licensed.
Why Choose OWASP Noir?
OWASP Noir empowers security teams with advanced attack surface detection, uncovering endpoints and vulnerabilities through static analysis. Explore its core features below.
Endpoint Extraction
Extract API and web endpoints along with parameters directly from source code for comprehensive security analysis.
Multi-Language Support
Supports multiple programming languages and frameworks, ensuring broad compatibility for diverse projects.
Security Issue Detection
Perform rule-based passive scanning to identify potential security vulnerabilities with detailed insights.
DevOps Integration
Seamlessly integrate with DevOps tools like curl, ZAP, and Caido to enhance security pipelines.
Flexible Output Formats
Generate clear, actionable results in JSON, YAML, and OAS formats for easy consumption.
AI-Enhanced Discovery
Leverage AI to uncover hidden APIs and endpoints in unfamiliar frameworks.
Visualize OWASP Noir’s Analysis
OWASP Noir provides detailed insights into your application’s attack surface. Compare CLI usage with JSON output to see how Noir delivers actionable results.
