EN KO

Overview

Noir is an attack surface detector that analyzes source code to discover API endpoints, including shadow APIs and undocumented routes. It bridges SAST and DAST by feeding discovered endpoints directly into dynamic testing tools.

Key Capabilities

  • Attack Surface Discovery — Uncovers hidden endpoints, shadow APIs, and undocumented routes from source code
  • Multi-Language — Supports 50+ languages and frameworks with a single tool
  • AI-Powered — Uses LLMs to detect endpoints even in unsupported frameworks
  • SAST-to-DAST Bridge — Feeds results into ZAP, Burp Suite, Caido, and other DAST tools
  • Flexible Output — Exports as JSON, YAML, OpenAPI, SARIF, cURL, and more

GitHub | OWASP Project Page

noir-usage

How It Works

Noir is built with Crystal and processes code through these stages:

  1. Detectors identify technologies in the codebase
  2. Analyzers parse code to extract endpoints and parameters
  3. LLM Analyzer discovers endpoints using AI for unsupported frameworks
  4. Passive Scanner & Tagger identify vulnerabilities and add contextual tags
  5. Deliver sends results to external tools (ZAP, Burp, etc.)
  6. Output Builder generates reports in the desired format

flowchart LR
    SourceCode:::highlight --> Detectors

    subgraph Detectors
        direction LR
        Detector1 & Detector2 & Detector3 --> |Condition| PassiveScan
    end

    PassiveScan --> |Results| BaseOptimizer

    Detectors --> |Techs| Analyzers

    subgraph Analyzers
        direction LR
        CodeAnalyzers & FileAnalyzer & LLMAnalyzer
        CodeAnalyzers --> |Condition| Minilexer
        CodeAnalyzers --> |Condition| Miniparser
    end
   subgraph Optimizer
       direction LR
       BaseOptimizer[Optimizer] --> LLMOptimizer[LLM Optimizer]
       LLMOptimizer[LLM Optimizer] --> OptimizedResult
       OptimizedResult[Result]
   end

    Analyzers --> |Condition| Deliver
    Analyzers --> |Condition| Tagger
    Deliver --> 3rdParty
    BaseOptimizer --> OptimizedResult
    OptimizedResult --> OutputBuilder
    Tagger --> |Tags| BaseOptimizer
    Analyzers --> |Endpoints| BaseOptimizer
    OutputBuilder --> Report:::highlight

    classDef highlight fill:#000,stroke:#333,stroke-width:4px;

Contributing

Noir is open-source and welcomes contributions. See the Contributing Guide for details.

Contributors

Esc