Delivering Results to Other Tools

Send discovered endpoints directly to security tools like Burp Suite, ZAP, or Elasticsearch for further analysis.

Usage

Command-line flags:

• --send-req: Send as web request
• --send-proxy http://proxy...: Send through HTTP proxy
• --send-es http://es...: Send to Elasticsearch
• --with-headers X-Header:Value: Add custom headers
• --use-matchers string: Only send matching endpoints (URL, method, or method:URL)
• --use-filters string: Exclude matching endpoints (URL, method, or method:URL)

Sending to a Proxy

Send all endpoints to proxy (e.g., Burp Suite, ZAP):

noir -b ./source --send-proxy http://localhost:8080

Adding Custom Headers

Add custom headers (e.g., authentication tokens):

noir -b ./source --send-proxy http://localhost:8080 --with-headers "Authorization: Bearer your-token"

Filtering and Matching

Send specific endpoints using matchers and filters:

URL-based Filtering

Send endpoints containing "api":

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "api"

Method-based Filtering

Send only GET requests:

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "GET"

Exclude POST requests:

noir -b ./source --send-proxy http://localhost:8080 --use-filters "POST"

Method and URL Combination

Send POST requests to API endpoints:

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "POST:/api"

Exclude GET requests to admin pages:

noir -b ./source --send-proxy http://localhost:8080 --use-filters "GET:/admin"

Supported HTTP Methods

GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, TRACE, CONNECT (case insensitive)

Multiple Patterns

Use multiple matchers or filters:

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "GET" --use-matchers "POST:/api"