HTML Report
Generate a comprehensive, visual HTML report of your attack surface scan results.
The HTML report format generates a self-contained, interactive HTML file that visualizes the results of your Noir scan. It's designed to be easily shared with stakeholders, used for documentation, or reviewed for a quick overview of the application's attack surface.
Basic Usage
To generate an HTML report, use the -f html flag. You typically want to save the output to a file using -o.
noir -b . -f html -o report.htmlOpen the generated report.html file in any modern web browser to view the results.
Features
The standard HTML report includes:
- Dashboard Summary: A high-level overview of total endpoints, parameters, and passive scan findings.
- Endpoint Details: A list of all discovered endpoints, categorized by HTTP method.
- Parameter Breakdown: Detailed tables showing parameters, their types (query, form, json, etc.), and values.
- Passive Scan Results: If passive scanning is enabled, findings are displayed with descriptions, severity levels, and code snippets.
- Source Code Links: File paths and line numbers pointing to where the endpoints were defined.
Customizing the Template
You can customize the appearance and structure of the HTML report by providing your own template. This is useful for branding, adding custom scripts, or integrating with internal reporting standards.
How it Works
Noir looks for a file named report-template.html in your Noir configuration directory:
- Linux/macOS:
~/.config/noir/report-template.html - Windows:
%APPDATA%\noir\report-template.html - Custom Home: If
NOIR_HOMEis set, it looks in$NOIR_HOME/report-template.html.
If this file exists, Noir will use it as the template instead of the built-in default.
Creating a Template
A template is a standard HTML file that includes specific placeholders. Noir will replace these placeholders with the generated content during report creation.
Available Placeholders
| Placeholder | Description |
|---|---|
<%= noir_head %> | The contents of the <head> tag, including default CSS and metadata. |
<%= noir_header %> | The header section containing the title and logo. |
<%= noir_summary %> | The summary dashboard (cards showing counts). |
<%= noir_endpoints %> | The main section listing all discovered endpoints. |
<%= noir_passive_scans %> | The section listing passive scan results. |
<%= noir_footer %> | The footer section. |
Example Template
Here is a simple example of a custom template that adds a company logo and custom header:
<!DOCTYPE html>
<html lang="en">
<head>
<!-- Include default styles and scripts -->
<%= noir_head %>
<style>
/* Add custom overrides */
body { background-color: #f0f2f5; }
.company-header { padding: 20px; text-align: center; background: #333; color: #fff; }
</style>
</head>
<body>
<div class="company-header">
<h1>My Company Security Report</h1>
</div>
<!-- Original Header -->
<%= noir_header %>
<main class="container">
<!-- Summary Section -->
<%= noir_summary %>
<h2>Detailed Findings</h2>
<!-- Endpoints List -->
<%= noir_endpoints %>
<!-- Passive Scan Results -->
<%= noir_passive_scans %>
</main>
<%= noir_footer %>
</body>
</html>By placing this file at ~/.config/noir/report-template.html, all future HTML reports generated by Noir will use this layout.