noir
« Back to VersTracker
Description:
Attack surface detector that identifies endpoints by static analysis
Type: Formula  |  Latest Version: 0.25.1@0  |  Tracked Since: Dec 20, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security pentesting static-analysis devsecops api-security
Install: brew install noir
About:
Noir is an open-source tool designed to detect attack surfaces by performing static analysis on source code. It identifies potential API endpoints, parameters, and other web assets without executing the application. This enables security teams to map out their application's exposure and integrate security testing earlier in the development lifecycle.
Key Features:
  • Supports multiple programming languages including Ruby, Python, Java, and JavaScript
  • Detects endpoints, parameters, headers, and cookies from source code
  • Integrates seamlessly with other security tools via standard output formats
  • Fast and lightweight static analysis engine
Use Cases:
  • Generating a comprehensive list of endpoints for penetration testing
  • Integrating into CI/CD pipelines for automated security auditing
  • Mapping API attack surfaces for legacy or undocumented applications
Alternatives:
  • gau – gau fetches known endpoints from public sources, while Noir discovers new ones via static code analysis.
  • arachni – Arachni is a full web application scanner, whereas Noir focuses specifically on endpoint discovery.
Version History
Detected Version Rev Change Commit
Dec 20, 2025 11:13pm 0.25.1 0 VERSION_BUMP 2c45958b
Nov 16, 2025 11:34pm 0 VERSION_BUMP 1680a82b
Nov 16, 2025 2:54pm 0 VERSION_BUMP 4794f3e4
Sep 16, 2025 4:01pm 0 VERSION_BUMP c148c065
Oct 31, 2024 3:16pm 0 VERSION_BUMP 9fda7580
« Back to VersTracker  |  Browse Packages  |  About