Releases: owasp-noir/noir
v0.11.0
What's Changed
- 👋🏼 Add new detectors and analyzers
- Ruby Hanami
- Elixir Phoenix
- Crystal Lucky
- 🍪 Add cookie parameter type
- 🖥️ Improve logger
- 🏁 Enhance detector performance
- The existing Fiber-based parallel processing has been changed to Fiber+Channel structure.
- As a result, it has increased stability while maintaining the same speed.
- Add
--concurrency
flag
- 🔭 Improve testcodes
- 🐞 Fixed bugs
Full Changelog: v0.10.0...v0.11.0
v0.10.0
What's Changed
- Add rust-axum detector/analyzer (#138)
- Add
--use-matchers
and--use-filters
flags for Deliver (#137) - Fixed bugs & Improve test codes
Full Changelog: v0.9.1...v0.10.0
Matchers and Filters for Deliver
Matchers
The --use-matchers
flag allows you to specify a condition that must be met for a URL to be delivered.
For example, you could use this flag to deliver only those URLs that include the string "/v1/myapi/".
Filters
The --use-filters
flag allows you to specify a condition that must not be met for a URL to be delivered
For example, you could use this flag to exclude all URLs that contain the string "/admin".
Example
noir -b . -u https://www.hahwul.com \
--send-proxy http://localhost:8090 \
--use-matchers "/update" \
--use-matchers "/socket"
v0.9.1
What's Changed
- Fixed nil-cast bug in oas2,oas3,raml analyzers (#126 / @exhaustedMutex)
- Add test code for nil-cast issue (functional_test/fixtures/oas3/nil_cast/)
- Improve debug logs
- Fixed bug in js-express (#126 / @exhaustedMutex)
- Fixed typo in Deliver initialize (#132 / @HolyBugx)
- Add test code for header in deliver
Full Changelog: v0.9.0...v0.9.1
v0.9.0
What's Changed
- FastAPI Detector&Analyzer (by @ksg97031 👍)
- Support to URL, Method, Param, Header, WebSocket
- And a thorough test codes
- ElasticSearch Deliver was added. (flag:
--send-es
) - YAML has been added to the output format.
Full Changelog: v0.8.0...v0.9.0
Showcase
FastAPI Detector & Analyzer
noir -b ./fastapi_app
Flag: --send-es
(ES Deliver)
# noir -b <BASE-PATH> --send-es http://<ES-ENDPOINT>/<INDEX>/<TYPE>
noir -b ./app/ --send-es http://localhost:9200/noir/url
Flag: -f yaml
noir -b ./kemal -f yaml
v0.8.0
What's Changed
- Add new flag
- Add
--with-headers
flag for Delivers
- Add
- Add new output formats
- oas2
e.g noir -b . -f oas2
- oas3
e.g noir -b . -f oas3
- oas2
- Improve codes
- Add new type in CodeLocator
- With the addition of CodeLocator's type inference, more precise code analysis is now possible.
- In this patch, when there are multiple API Spec documents within the analysis directory, all of them can be processed.
- The output-related logic has been moved to an object called
output_builder
from noir model.- With this change, adding output type has become easier.
- Now when using the
-o
flag to save a file, only the results of output_builder are saved.
- Add new type in CodeLocator
Full Changelog: v0.7.3...v0.8.0
--with-headers flag
The --with-headers
flag supports multiple flags and allowing you to add arbitrary headers in commands like --send-proxy
. Any headers added through this flag can override existing header information obtained during source code analysis, using them as new headers.
Single
noir -b ./source --send-proxy http://localhost:8090 --with-headers "X-API-Key: ABCD"
Multiple
noir -b ./source --send-proxy http://localhost:8090 \
--with-headers "X-API-Key: ABCD" \
--with-headers "Authentication: ABCD"
v0.7.3
v0.7.2
v0.7.1
v0.7.0
- Support to Kotlin Spring
- Support to Java Armeria
- Support to C# ASP.NET MVC (First step, Only URL Endpoints)
- Improve Analyzers
- Java Spring
- Python Django (Add Method / Param / Header)
- Improve code quality and functional/unit test codes
- Fixed bugs
I extend my infinite gratitude to the brilliant developer @ksg97031 . And I am truly thankful to @infosec-au for the great ideas provided!