v0.5.0

Seems like I've almost reached the initially set modest feature scope. I'll be focusing on enhancing detection rates and coverage of techs for the foreseeable future. Nevertheless, turning great ideas into features is always a blast. If you have any cool improvements or ideas, feel free to drop them anytime through issues or discussions!

Release Note

• OAS 3 Support
• Swagger to OAS 2 Name Transition
  • Improve detection
• Header Identification Now Supported in Crystal-Kemal and Ruby-Sinatra
• Elevating Code Quality

OAS3

Swagger to OAS2

I've aligned the naming similarly to OAS2 with the introduction of OAS3 support.

  oas2
    format: ["JSON", "YAML"]
    similar: ["oas 2.0", "oas_2_0", "swagger 2.0", "swagger_2_0", "swagger"]
  oas3
    format: ["JSON", "YAML"]
    similar: ["oas 3.0", "oas_3_0"]

Header Identifications

Example for Kemal Analyzer / In the default format, headers are displayed in green.

---

And..

I'd like to extend my heartfelt thanks to all the contributors and everyone who provided feedback :D

v0.4.0

Noir now supports Swagger analysis. When Swagger documents are detected in the target source code, the tool analyzes those files to identify and extract endpoints.

Release note

• Support Swagger Analysis
  • Module: Detector, Analyzer
  • Format: JSON, YAML
• Improve codes (Kemal detector, spec codes)
• Using crystal's --production flags in the release process

Swagger Analysis

For Contributors

Now, information can be stored and retrieved through the CodeLocator.instance (singleton instance). It is primarily used for data communication between detectors and analyzers, which helps reduce redundant tasks.

# Code1
locator = CodeLocator.instance
locator.set("swagger-json", filename)
# if filename is 'docs.json'

# Code2
puts locator.get("swagger-json")
# docs.json

v0.3.0

Summary

• Add --exclude-techs flag
• A module for handling similar word processing for tech and managing techs has been added.
• Changed --techs-list to --list-techs for consistency with other flags.

Exclude techs

You can now force the technology to be ignored.

And, Similar languages are also handled.

--exclude-techs Rails
--exclude-techs ruby-rails
--exclude-techs rails

# All of the above flags disable ruby_rails.

Techs

Now, the technology list is managed with additional metadata information included.
So the --list-techs flag has also been modified accordingly.

v0.2.4

• Fixed bugs #18 ( by @ksg97031 )

  • Invalid UTF-8 characters can cause regex to crash (ref: crystal-lang/crystal#13237).
  • Django analyzer's failure to properly append URL prefixes.
  • Spring analyzer can scan non-Java files, which can lead to a crash.
  • Spring analyzer can't identify cases where the path is empty, using the example at https://github.com/ksg97031/spring-demo/blob/main/src/main/java/com/example/demo/controller/TestController2.java#L8-L16.

• Fixed a bug where some techniques were missing from the --techs-list flag

v0.2.3

• Improve spring analyzer #14
• Improve go-echo analyzer 394e1ab

P.S.
In addition to the endpoints defined by the programming language, we intend to trace endpoints by scanning files generated within the source code directory. For instance, utilizing OpenAPI files :D

v0.2.2

• Improve django analyzer (by @ksg97031)
  • Issue: #9
  • PR: #13

Improve django analyzer

v0.2.1

• Improve code structure
• Support param in crystal-kemal, ruby-sinatra
• Add Endpoint Reference Type for Code Analysis

v0.2.0

• Add new endpoint type: ws websocket
• Add new detector and analyzer: crystal-kemal
• Improve analyzers: rails, spring

ws endpoint type

crystal kemal

tested it with xssmaze.

v0.1.0

First release 😎
and I extend my gratitude to the first contributor, nil (@ksg97031)! Thank you for your valuable contribution!