FAQ

What is OWASP Noir?

An open-source static analysis tool that discovers API endpoints, web pages, and other attack surface entry points from source code.

How do I install Noir?

Via Homebrew, Snapcraft, Docker, and more. See the Installation page.

What languages and frameworks does Noir support?

See the full list on the Supported Languages and Frameworks page.

How can I contribute to Noir?

Read the Contributing Guide to get started.

Is Noir free?

Yes, Noir is free and open-source under the MIT license. You can use it freely for commercial purposes.

How do I integrate with other security tools?

You can integrate with ZAP, Burp Suite, Caido, and more. See the Pipeline for DAST guide.

How do I export results?

Noir supports JSON, YAML, OpenAPI Specification, cURL, and many more formats. See the Output Formats section.

How do I report bugs or request features?

Open a GitHub Issue to report bugs or request features.