Automic VaultAutomic Vault

brew

Install noir with Homebrew

Attack surface detector that identifies endpoints by static analysis. Version 1.1.0 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install noir

local Homebrew formula metadata

overview

Package summary

Attack surface detector that identifies endpoints by static analysis

Commands and aliases

  • noir

history

Project history and usage

OWASP Noir is a Crystal-based SAST tool that reads source code and extracts application endpoints: paths, methods, parameters, headers, cookies, and source-file locations. It is aimed at attack-surface inventory, shadow API discovery, and feeding DAST or AI-assisted review pipelines with a focused route list.

Project history

The Noir README gives a clear project timeline: it started as Hahwul's personal project in August 2023, moved to the `noir-cr` GitHub organization in November 2023, joined OWASP in June 2024, and released v1.0.0 in May 2026. The same README says OWASP membership included renaming the GitHub organization from `noir-cr` to `owasp-noir` and moving to co-leadership with `ksg97031`.

The project scope widened from a WhiteBox testing aid into an inventory consumed by human reviewers, AI auditors, and DAST tools. The README describes support for 50+ frameworks, LLM fallback for unsupported routing patterns, output formats including JSON, YAML, OpenAPI, SARIF, cURL, Postman, and HTML, and direct handoffs to ZAP, Burp Suite, and Caido.

Adoption history

By 2026-07-01, GitHub metadata reported 1345 stars and 140 forks for `owasp-noir/noir`. Homebrew's formula API reported stable version 1.1.0 and 755 installs over 365 days. Those are early-project numbers, but the OWASP project page and the 1.0.0 release milestone show the tool crossing from personal/security-community project into a packaged security tool.

Noir's adoption is tied to a practical gap in API security testing: crawlers and DAST tools miss routes hidden in server code, deprecated handlers, or framework-specific routing conventions. Noir extracts the code-side route inventory so scanners and reviewers start from a better endpoint map.

How it is used

The minimal usage is `noir -b <source_dir>`. Security teams use the output to review attacker-reachable handlers, generate OpenAPI or SARIF artifacts, feed ZAP/Burp/Caido, and provide compact context to LLM-based SAST agents. CI usage is supported through a GitHub Action, SARIF output, and exit codes.

The package-nerd detail is that Noir is source-inventory glue. It is not a replacement for DAST or a general-purpose code scanner; it turns static framework knowledge into endpoint artifacts that downstream tools already understand.

Why package nerds care

Noir is still young enough that its history should stay close to maintainer-provided timelines. The useful enrichment is the OWASP transition, stable 1.x release, supported-output ecosystem, and the exact niche: static endpoint extraction for attack-surface mapping.

Timeline

  • 2023-08: Noir started as Hahwul's personal project, according to the project README.
  • 2023-11: The repository moved to the `noir-cr` GitHub organization.
  • 2024-06: Noir joined OWASP and the organization was renamed to `owasp-noir`.
  • 2026-05-24: GitHub releases list v1.0.0.
  • 2026-06-15: GitHub releases list v1.1.0.
  • 2026-07-01: Homebrew formula API reported stable version 1.1.0.

Related projects

  • OWASP ZAP
  • Burp Suite
  • Caido
  • SARIF
  • OpenAPI

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 5 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
noircliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.1.0
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv1.1.0

https://github.com/owasp-noir/noir

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:noir
Version1.1.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/noir
Homepagehttps://owasp.org/www-project-noir/
Repositoryhttps://github.com/owasp-noir/noir
Upstream docshttps://owasp-noir.github.io/noir
LicenseMIT
Source archivehttps://github.com/owasp-noir/noir/archive/refs/tags/v1.1.0.tar.gz
Last updated2026-06-15T14:49:00Z
Pulseupdated
Dependenciesbdw-gc, libevent, libyaml, openssl@3, pcre2
Build dependenciescrystal, pkgconf
Uses from macOSlibxml2
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenoir
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment