What is Noir?

안녕! 나는 Noir의 마스코트 학이야. Noir가 어떤 도구인지 소개할게.

Noir is an open-source attack surface detector. It reads your source code and discovers all API endpoints — including shadow APIs and undocumented routes that may not appear in your documentation.

Security teams use Noir to surface what attackers would look for: forgotten endpoints, exposed parameters, and hidden routes that slip past code review. Developers use it to keep API documentation accurate, hand endpoint data to DAST pipelines, and point LLM-based SAST and code auditors at the attacker-reachable code they should actually be reviewing.

What Can Noir Do?

Find what's hidden. Noir statically analyzes source code to extract every endpoint, parameter, header, and cookie — even the ones nobody documented.

Work with any stack. A single binary supports 50+ frameworks across Crystal, Go, Java, JavaScript, Kotlin, PHP, Python, Ruby, Rust, Swift, and more. No plugins or per-language setup needed.

Bring AI to the table. For frameworks Noir doesn't natively support, connect an LLM (OpenAI, Ollama, etc.) and let AI analyze the code for you.

Feed DAST tools. Noir maps endpoints from source code and pipes them straight into ZAP, Burp Suite, or Caido. The crawler stops missing routes that were never linked from a page.

Point AI SAST at the real attack surface. Noir's endpoint inventory — entrypoints, source files, parameters, tags, and (with --include-callee) the 1-hop functions each handler invokes — is exactly the context an LLM-based SAST tool, code auditor, or security agent needs to find attacker-reachable bugs. Hand it the surface Noir already mapped instead of asking the model to scan the whole repository.

Export in any format. Results come out as JSON, YAML, OpenAPI specs, SARIF for CI/CD, cURL commands, HTML reports, or Postman collections — whatever your workflow needs.

How Does It Work?

Point Noir at your source code and it automatically:

1. Detects which languages and frameworks your project uses
2. Analyzes the code to extract endpoints, parameters, and headers
3. Reports results in your preferred format

flowchart LR
    SourceCode:::highlight --> Detectors

    subgraph Detectors
        direction LR
        Detector1 & Detector2 & Detector3 --> |Condition| PassiveScan
    end

    PassiveScan --> |Results| BaseOptimizer

    Detectors --> |Techs| Analyzers

    subgraph Analyzers
        direction LR
        CodeAnalyzers & FileAnalyzer & LLMAnalyzer
        CodeAnalyzers --> |Condition| Minilexer
        CodeAnalyzers --> |Condition| Miniparser
    end
   subgraph Optimizer
       direction LR
       BaseOptimizer[Optimizer] --> LLMOptimizer[LLM Optimizer]
       LLMOptimizer[LLM Optimizer] --> OptimizedResult
       OptimizedResult[Result]
   end

    Analyzers --> |Condition| Deliver
    Analyzers --> |Condition| Tagger
    Deliver --> 3rdParty
    BaseOptimizer --> OptimizedResult
    OptimizedResult --> OutputBuilder
    Tagger --> |Tags| BaseOptimizer
    Analyzers --> |Endpoints| BaseOptimizer
    OutputBuilder --> Report:::highlight

    classDef highlight fill:#000,stroke:#333,stroke-width:4px;

Contributing

Noir is open-source and welcomes contributions. See the Contributing Guide for details.

Contributors

Next: Install Noir