Release v0.17.0

.github/ISSUE_TEMPLATE/bug_report.md

@@ -23,7 +23,7 @@ If applicable, add screenshots to help explain your problem.
 
 **Versions**
  - OS: [e.g. macos, linux]
- - Version [e.g. v0.16.1]
+ - Version [e.g. v0.17.0]
 
 **Additional context**
 Add any other context about the problem here.

.github/dependabot.yml

@@ -0,0 +1,8 @@
+updates:
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "20:00"
+  open-pull-requests-limit: 10
+  target-branch: "dev"

.github/workflows/ci.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        crystal-version: [1.10.1, 1.11.2, 1.12.2]
+        crystal-version: [1.10.1, 1.11.2, 1.12.2, 1.13.1]
     steps:
       - uses: actions/checkout@v4
       - uses: MeilCli/setup-crystal-action@v4

.github/workflows/jekyll.yml

@@ -0,0 +1,68 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# Sample workflow for building and deploying a Jekyll site to GitHub Pages
+name: Deploy Jekyll site to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["dev"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0
+        with:
+          ruby-version: '3.2' # Not needed with a .ruby-version file
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+          cache-version: 0 # Increment this number if you need to re-download cached gems
+          working-directory: docs # Needed if your Gemfile is not in the root directory
+      - name: Setup Pages
+        id: pages
+        uses: actions/configure-pages@v4
+      - name: Build with Jekyll
+        # Outputs to the './_site' directory by default
+        run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
+        env:
+          JEKYLL_ENV: production
+        working-directory: docs
+      - name: Upload artifact
+        # Automatically uploads an artifact from the './_site' directory by default
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: docs/_site
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.gitignore

@@ -1,7 +1,10 @@
-/docs/
 /lib/
 /bin/
 /.shards/
 *.dwarf
 .DS_Store
 .vscode
+
+# Ignore the public directory for Jekyll
+/docs/_site/
+/docs/.jekyll-cache/

CONTRIBUTING.md

@@ -13,7 +13,24 @@ Thank you for considering contributing to our project! Here are some guidelines
 4. Completion
 - That's it! You're done. Await feedback and further instructions from the maintainers.
 
-![](https://github.com/hahwul/noir/assets/13212227/23989dab-6b4d-4f18-904f-7f5cfd172b04)
+```mermaid
+graph TD
+    subgraph Forked Branches
+        fork1["forked branch 1"]
+        fork2["forked branch 2"]
+        fork3["forked branch 3"]
+    end
+    fork1 --> dev["dev branch"]
+    fork2 --> dev
+    fork3 --> dev
+
+    dev --> main["main branch"]
+    dev --> deployments["documentation deployments (https://owasp-noir.github.io)"]
+
+    main -->|release| homebrew["homebrew"]
+    main -->|release| snapcraft["snapcraft"]
+    main -->|release| docker["docker (ghcr)"]
+```
 
 ## 🛠️ Building and Testing
 ### Clone and Install Dependencies
@@ -59,4 +76,16 @@ ameba --fix
   - models: Contains everything related to models, such as classes and structures.
 - noir.cr: Main file and command-line parser.
 
-Feel free to reach out to us if you have any questions or need further assistance!
+Feel free to reach out to us if you have any questions or need further assistance!
+
+## Documents contributing
+
+Please note that [our web page](https://owasp-noir.github.io/noir/) operates based on the dev branch. If you make any changes, kindly send a Pull Request (PR) to the dev branch. 
+
+To ensure a smooth integration of your contributions, please follow these steps:
+
+* Fork the repository and create your feature branch from dev.
+* Make your changes, ensuring they are thoroughly tested.
+* Submit your PR to the dev branch for review.
+
+By doing so, you'll help us keep our project up-to-date and well-organized. Your efforts are greatly appreciated, and we're excited to see what you'll bring to the project!

README.md

@@ -19,18 +19,21 @@
 </p>
 
 <p align="center">
-  <a href="#key-features">Key Features</a> •
-  <a href="#available-support-scope">Available Support Scope</a> •
   <a href="#installation">Installation</a> •
+  <a href="https://owasp-noir.github.io/noir/">Documentation</a> •
+  <a href="#available-support-scope">Available Support Scope</a> •
   <a href="#usage">Usage</a> •
   <a href="#contributing">Contributing</a>
 </p>
 
 ## Key Features
-- Automatically identify language and framework from source code.
-- Find API endpoints and web pages through code analysis.
-- Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools.
-- That provides structured data such as JSON and YAML for identified Attack Surfaces to enable seamless interaction with other tools. Also provides command line samples to easily integrate and collaborate with other tools, such as curls or httpie.
+
+- Identify API endpoints and parameters from source code.
+- Support various source code languages and frameworks.
+- Provide analysts with technical information and security issues identified during source code analysis.
+- Friendly pipeline & DevOps integration, offering multiple output formats (JSON, YAML, OAS spec) and compatibility with tools like curl and httpie.
+- Friendly Offensive Security Tools integration, allowing usage with tools such as ZAP and Caido, Burpsuite.
+- Generate elegant and clear output results.
 
 ## Available Support Scope
 
@@ -135,70 +138,17 @@ docker pull ghcr.io/owasp-noir/noir:main
 ```
 
 ## Usage
+
 ```bash
 noir -h 
 ```
 
-```
-USAGE: noir <flags>
-
-FLAGS:
-  BASE:
-    -b PATH, --base-path ./app       (Required) Set base path
-    -u URL, --url http://..          Set base url for endpoints
-
-  OUTPUT:
-    -f FORMAT, --format json         Set output format
-                                       * plain yaml json jsonl markdown-table
-                                       * curl httpie oas2 oas3
-                                       * only-url only-param only-header only-cookie
-    -o PATH, --output out.txt        Write result to file
-    --set-pvalue VALUE               Specifies the value of the identified parameter
-    --include-path                   Include file path in the plain result
-    --no-color                       Disable color output
-    --no-log                         Displaying only the results
-
-  TAGGER:
-    -T, --use-all-taggers            Activates all taggers for full analysis coverage
-    --use-taggers VALUES             Activates specific taggers (e.g., --use-taggers hunt,oauth)
-    --list-taggers                   Lists all available taggers
-
-  DELIVER:
-    --send-req                       Send results to a web request
-    --send-proxy http://proxy..      Send results to a web request via an HTTP proxy
-    --send-es http://es..            Send results to Elasticsearch
-    --with-headers X-Header:Value    Add custom headers to be included in the delivery
-    --use-matchers string            Send URLs that match specific conditions to the Deliver
-    --use-filters string             Exclude URLs that match specified conditions and send the rest to Deliver
-
-  DIFF:
-    --diff-path ./app2               Specify the path to the old version of the source code for comparison
-
-  TECHNOLOGIES:
-    -t TECHS, --techs rails,php      Specify the technologies to use
-    --exclude-techs rails,php        Specify the technologies to be excluded
-    --list-techs                     Show all technologies
-
-  CONFIG:
-    --config-file ./config.yaml      Specify the path to a configuration file in YAML format
-    --concurrency 100                Set concurrency
-    --generate-completion zsh        Generate Zsh/Bash completion script
-
-  DEBUG:
-    -d, --debug                      Show debug messages
-    -v, --version                    Show version
-    --build-info                     Show version and Build info
-
-  OTHERS:
-    -h, --help                       Show help
-```
-
 Example
 ```bash
-noir -b . -u https://testapp.internal.domains -T
+noir -b <source_dir>
 ```
 
-![](https://github.com/owasp-noir/noir/assets/13212227/4e69da04-d585-4745-9cc7-ef6e69e193b0)
+![](/docs/images/get_started/basic.png)
 
 JSON Result
 ```
@@ -242,6 +192,8 @@ noir -b . -u https://testapp.internal.domains -f json -T
   }
 ```
 
+For more details, please visit our [documentation](https://owasp-noir.github.io/noir/) page.
+
 ## Contributing
 Noir is open-source project and made it with ❤️ 
 if you want contribute this project, please see [CONTRIBUTING.md](./CONTRIBUTING.md) and Pull-Request with cool your contents.

docs/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+gem "jekyll", "~> 4.3.3" # installed by `gem jekyll`
+# gem "webrick"        # required when using Ruby >= 3 and Jekyll <= 4.2.2
+
+# Theme
+gem "just-the-docs"
+
+# Plugins
+group :jekyll_plugins do
+  gem "jekyll-securitytxt"
+end

docs/Gemfile.lock

@@ -0,0 +1,93 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    colorator (1.1.0)
+    concurrent-ruby (1.3.3)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    eventmachine (1.2.7)
+    ffi (1.17.0-arm64-darwin)
+    ffi (1.17.0-x86_64-linux-gnu)
+    forwardable-extended (2.6.0)
+    google-protobuf (4.26.1-arm64-darwin)
+      rake (>= 13)
+    google-protobuf (4.26.1-x86_64-linux)
+      rake (>= 13)
+    http_parser.rb (0.8.0)
+    i18n (1.14.5)
+      concurrent-ruby (~> 1.0)
+    jekyll (4.3.3)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 1.0)
+      jekyll-sass-converter (>= 2.0, < 4.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 2.3, >= 2.3.1)
+      kramdown-parser-gfm (~> 1.0)
+      liquid (~> 4.0)
+      mercenary (>= 0.3.6, < 0.5)
+      pathutil (~> 0.9)
+      rouge (>= 3.0, < 5.0)
+      safe_yaml (~> 1.0)
+      terminal-table (>= 1.8, < 4.0)
+      webrick (~> 1.7)
+    jekyll-include-cache (0.2.1)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-sass-converter (3.0.0)
+      sass-embedded (~> 1.54)
+    jekyll-securitytxt (1.0.1)
+      jekyll
+    jekyll-seo-tag (2.8.0)
+      jekyll (>= 3.8, < 5.0)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    just-the-docs (0.8.2)
+      jekyll (>= 3.8.5)
+      jekyll-include-cache
+      jekyll-seo-tag (>= 2.0)
+      rake (>= 12.3.1)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    liquid (4.0.4)
+    listen (3.9.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    mercenary (0.4.0)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (6.0.0)
+    rake (13.2.1)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.11.1)
+      ffi (~> 1.0)
+    rexml (3.3.1)
+      strscan
+    rouge (4.2.1)
+    safe_yaml (1.0.5)
+    sass-embedded (1.77.1-arm64-darwin)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.77.1-x86_64-linux-gnu)
+      google-protobuf (>= 3.25, < 5.0)
+    strscan (3.1.0)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.5.0)
+    webrick (1.8.1)
+
+PLATFORMS
+  arm64-darwin
+  x86_64-linux
+
+DEPENDENCIES
+  jekyll (~> 4.3.3)
+  jekyll-securitytxt
+  just-the-docs
+
+BUNDLED WITH
+   2.5.3