noir

What's Changed

• Add Config Home directory
  • Noir now has a home directory under the user's Config directory (e.g., ~/.config/noir).
  • A config.yaml file is automatically created in this directory, allowing you to easily specify configurations that will be persistently applied.
  • Additionally, this directory will be used in the future to store rules for PassiveScan(Tagger).
  • You can change the config home directory by setting the NOIR_HOME environment variable.
• Improve Spring Kotlin Analyzers
  • The Kotlin Spring analyzer now supports parameter analysis similarly to the Java Spring analyzer.
• Add support for generating completions (zsh, bash)
• Add diff mode
• Dependencies Update and Fixed bugs, Improve codes
• Add new flags
  • --diff-path: Specify the path to compare with the base path (-b). The scan results of the base path and the specified path will be compared.
  • --build-info: Display build information, including versions of Crystal, LLVM, and other relevant components.
  • --generate-completion: Generate completion scripts for shells like zsh and bash.

Preview

Config Home

Diff Mode

Full Changelog: https://github.com/noir-cr/noir/compare/v0.15.1...v0.16.0

What's Changed

• Enhanced performance and quality of the analyzer and minilexer, including unit tests.
• Added examples to the help message in CLI and improved formatting of usage
• Fixed bugs #293 and #298.

Full Changelog: https://github.com/noir-cr/noir/compare/v0.15.0...v0.15.1

What's Changed

• Support Restify(JS), Beego(Go) and Rocket(Rust)
• Support arm64 Docker image
• Add new tags: CORS, SOAP, WebSocket
• Improve Java Spring Analyzer (Add support for WebFlux base paths and fix RequestMethod parsing)
• Improve docker image, techs structure and codes
• Fixed bug (#276)

New Contributors

• @Gby56 made their first contribution in https://github.com/noir-cr/noir/pull/273
• @Dyrandy made their first contribution in https://github.com/noir-cr/noir/pull/279

Full Changelog: https://github.com/noir-cr/noir/compare/v0.14.0...v0.15.0

What's Changed

Tagger

Automatically tags identified information during source code analysis to provide valuable insights for security engineers and Dynamic Application Security Testing (DAST) tools.

• Add new flags -T (--use-all-taggers) --use-taggers --list-taggers
• Available taggers: hunt oauth

Tags can be applied either to an Endpoint or to a Parameter within an Endpoint, and each tag includes both the name and description of the information.

Support HAR

We now support the HAR format. The HAR format works closely with the -u argument, identifying and processing as an Endpoint any URLs provided by the user that exist within the HAR data.

This integration with the -u argument is essential, as the HAR file may contain numerous addresses beyond the domain of interest to the analyst.

ETC

• Update project description in snapcraft.yaml by @hahwul in https://github.com/noir-cr/noir/pull/255
• Update SECURITY.md with improved vulnerability reporting instructions by @hahwul in https://github.com/noir-cr/noir/pull/259
• Add public dir process in crystal-kemal by @hahwul in https://github.com/noir-cr/noir/pull/258
• Update Crystal versions in CI workflow and shard.yml by @hahwul in https://github.com/noir-cr/noir/pull/254

Full Changelog: https://github.com/noir-cr/noir/compare/v0.13.0...v0.14.0

What's Changed

• 🎨 Lightweight LexerParser(MiniLexer) has been added for more accurate analysis.
• ⚡️ Improve Analyzers (Java Spring and Golang Fiber, Echo, Gin)
• 🎉 Support snapcraft
• 🐞 Fixed bug

MiniLexer

We've added a Lightweight LexerParser for analyzing the syntax of source code to enable better analysis. It's currently implemented in Java and Golang, and although it's still in its infancy, we believe it will improve over time.

Snapcraft

Now we support installation via snapcraft :D

https://snapcraft.io/noir

Contributors

Thank you so much for contributing to noir ❤️
@k-sau @sm1ee @Dyrandy

Full Changelog: https://github.com/noir-cr/noir/compare/v0.12.2...v0.13.0

What's Changed

• 🍀 Added --config flag for file-based configuration.
• ⚡️ Improve OAS3 Analyzer and optimize_endpoints func
• 🎨 Improve code style and Added Lexer object for better recognition.
• 🐞 Fixed bugs in GitHub workflows

Full Changelog: https://github.com/noir-cr/noir/compare/v0.12.1...v0.12.2

What's Changed

• Add new output formats
  • only-url only-param only-header only-cookie
  • jsonl
  • e.g noir -b my_app -f only-param
• Update help messages

Full Changelog: https://github.com/noir-cr/noir/compare/v0.12.0...v0.12.1

Why was the only-* formats added?

Sometimes, we may want to extract specific values from source code. To facilitate this, we have introduced the only-* format. For example, when analyzing source code for fuzzing, there may be a need to obtain a list of parameters. In such cases, you can easily extract them using the only-param format without the need for additional parsing.

What's Changed

New Features

• FileAnalyzer and Hooks:
  • Introducing a powerful addition to enhance detection capabilities through comprehensive file content analysis.
  • The FileAnalyzer operates independently of the detected language or framework, enabling file-based scans. This feature utilizes Hooks to perform advanced actions such as detecting URLs within strings, Base64 decoding, and more. These Hooks contribute to additional endpoint identification, augmenting the overall analysis.
• go-fiber detector & analyzer: Added support for the go fiber web framework, expanding compatibility.

Enhancements

• --include-path Flag: This flag also reveals the original source code file of detected endpoints when used.
• In JSON/YAML format, the Details section allows you to explore the original source code file of detected endpoints.

--include-path flag

Details in JSON Result

Analyzer Improvements

• JS Express Analyzer: Enhanced for more accurate and insightful results.
• Spring (Java/Kotlin) Analyzer: Improved precision for a better understanding of Spring framework projects.

Removal

• --scope Flag: Deprecated (It was a flag that actually meant nothing.)

Code Quality

• Code Improvements: Refined codebase for better quality. and more test codes

User Experience

• CLI Banner Update: Refreshed for a more appealing appearance.

Full Changelog: https://github.com/noir-cr/noir/compare/v0.11.0...v0.12.0

What's Changed

• 👋🏼 Add new detectors and analyzers
  • Ruby Hanami
  • Elixir Phoenix
  • Crystal Lucky
• 🍪 Add cookie parameter type
• 🖥️ Improve logger
  • It expresses the parameters that exist in the endpoint more beautifully.
    
  • Debug logs have been added to many more.
• 🏁 Enhance detector performance
  • The existing Fiber-based parallel processing has been changed to Fiber+Channel structure.
  • As a result, it has increased stability while maintaining the same speed.
  • Add --concurrency flag
• 🔭 Improve testcodes
• 🐞 Fixed bugs

Full Changelog: https://github.com/noir-cr/noir/compare/v0.10.0...v0.11.0

What's Changed

• Add rust-axum detector/analyzer (#138)
• Add --use-matchers and --use-filters flags for Deliver (#137)
• Fixed bugs & Improve test codes

Full Changelog: https://github.com/hahwul/noir/compare/v0.9.1...v0.10.0

Matchers and Filters for Deliver

Matchers

The --use-matchers flag allows you to specify a condition that must be met for a URL to be delivered.
For example, you could use this flag to deliver only those URLs that include the string "/v1/myapi/".

Filters

The --use-filters flag allows you to specify a condition that must not be met for a URL to be delivered
For example, you could use this flag to exclude all URLs that contain the string "/admin".

Example

noir -b . -u https://www.hahwul.com \
        --send-proxy http://localhost:8090 \
        --use-matchers "/update" \
        --use-matchers "/socket"

What's Changed

• Fixed nil-cast bug in oas2,oas3,raml analyzers (#126 / @exhaustedMutex)
  • Add test code for nil-cast issue (functional_test/fixtures/oas3/nil_cast/)
  • Improve debug logs
• Fixed bug in js-express (#126 / @exhaustedMutex)
• Fixed typo in Deliver initialize (#132 / @HolyBugx)
  • Add test code for header in deliver

Full Changelog: https://github.com/hahwul/noir/compare/v0.9.0...v0.9.1

What's Changed

• FastAPI Detector&Analyzer (by @ksg97031 👍)
  • Support to URL, Method, Param, Header, WebSocket
  • And a thorough test codes
• ElasticSearch Deliver was added. (flag: --send-es)
• YAML has been added to the output format.

Full Changelog: https://github.com/hahwul/noir/compare/v0.8.0...v0.9.0

Showcase

FastAPI Detector & Analyzer

noir -b ./fastapi_app

Flag: --send-es (ES Deliver)

# noir -b <BASE-PATH> --send-es http://<ES-ENDPOINT>/<INDEX>/<TYPE>
noir -b ./app/ --send-es http://localhost:9200/noir/url

ES search result

Flag: -f yaml

noir -b ./kemal -f yaml

What's Changed

• Add new flag
  • Add --with-headers flag for Delivers
• Add new output formats
  • oas2 e.g noir -b . -f oas2
  • oas3 e.g noir -b . -f oas3
• Improve codes
  • Add new type in CodeLocator
    • With the addition of CodeLocator's type inference, more precise code analysis is now possible.
    • In this patch, when there are multiple API Spec documents within the analysis directory, all of them can be processed.
  • The output-related logic has been moved to an object called output_builder from noir model.
    • With this change, adding output type has become easier.
    • Now when using the -o flag to save a file, only the results of output_builder are saved.

Full Changelog: https://github.com/hahwul/noir/compare/v0.7.3...v0.8.0

--with-headers flag

The --with-headers flag supports multiple flags and allowing you to add arbitrary headers in commands like --send-proxy. Any headers added through this flag can override existing header information obtained during source code analysis, using them as new headers.

Single

noir -b ./source --send-proxy http://localhost:8090 --with-headers "X-API-Key: ABCD"

Multiple

noir -b ./source --send-proxy http://localhost:8090 \
    --with-headers "X-API-Key: ABCD" \
    --with-headers "Authentication: ABCD"

What's Changed

• Add ZAP Deliver Model
• Fixed #102 bug in OAS2 Analyzer

Full Changelog: https://github.com/hahwul/noir/compare/v0.7.2...v0.7.3

What's Changed

• Fixed #95 (Add exception of Dir.glob)

Thank you for @fanzige

What's Changed

• Fixed #90

• Support to Kotlin Spring
• Support to Java Armeria
• Support to C# ASP.NET MVC (First step, Only URL Endpoints)
• Improve Analyzers
  • Java Spring
  • Python Django (Add Method / Param / Header)
• Improve code quality and functional/unit test codes
• Fixed bugs

I extend my infinite gratitude to the brilliant developer @ksg97031 . And I am truly thankful to @infosec-au for the great ideas provided!

Summary

• Support to Go Gin
  • Detector
  • Analyzer(Endpoint, Method, Param, Header)
• Support to RAML
  • Detector
  • Analyzer(Endpoint, Method, Param, Header)
• Improve Analyzers
  • Add JSP Analyzer (+With param)
  • Improve Go Echo Analyzer (+Support header param)

Screenshots

Go Gin

RAML

• 🪄 Improve PHP Analyzer
  • Modify to identify POST parameters (bug fix). v0.5.3 / v0.5.4
  • Add identification of Header parameters. v0.5.3
  • Improve code analysis. v0.5.4
• 🪲 Fixed bugs
  • param-type bug v0.5.3

PHP Analyzer

Test fixture

Example App

• 🪄 Improve PHP Analyzers
  • Modify to identify POST parameters (bug fix).
  • Add identification of Header parameters.
  • https://github.com/hahwul/noir/commit/5cb88632e2dc864c9e08131682e990600b2fef15 / #58
• 🪲 Fixed param-type bug