Delivering Results to Other Tools

Learn how to use Noir's 'Deliver' feature to send discovered endpoints to other tools like Burp Suite, ZAP, or Elasticsearch for further analysis and security testing.

Send discovered endpoints directly to security tools like Burp Suite, ZAP, or Elasticsearch for further analysis.

Usage

Command-line flags:

--send-req: Send as web request
--send-proxy http://proxy...: Send through HTTP proxy
--send-es http://es...: Send to Elasticsearch
--with-headers X-Header:Value: Add custom headers
--use-matchers string: Only send matching endpoints (URL, method, or method:URL)
--use-filters string: Exclude matching endpoints (URL, method, or method:URL)

Sending to a Proxy

Send all endpoints to proxy (e.g., Burp Suite, ZAP):

noir -b ./source --send-proxy http://localhost:8080

Adding Custom Headers

Add custom headers (e.g., authentication tokens):

noir -b ./source --send-proxy http://localhost:8080 --with-headers "Authorization: Bearer your-token"

Filtering and Matching

Send specific endpoints using matchers and filters:

URL-based Filtering

Send endpoints containing "api":

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "api"

Method-based Filtering

Send only GET requests:

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "GET"

Exclude POST requests:

noir -b ./source --send-proxy http://localhost:8080 --use-filters "POST"

Method and URL Combination

Send POST requests to API endpoints:

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "POST:/api"

Exclude GET requests to admin pages:

noir -b ./source --send-proxy http://localhost:8080 --use-filters "GET:/admin"

Supported HTTP Methods

GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, TRACE, CONNECT (case insensitive)

Multiple Patterns

Use multiple matchers or filters:

noir -b ./source --send-proxy http://localhost:8080 --use-matchers "GET" --use-matchers "POST:/api"