Merge pull request #449 from owasp-noir/dev

Release v0.18.2

Author: hahwul

.github/ISSUE_TEMPLATE/bug_report.md

@@ -23,7 +23,7 @@ If applicable, add screenshots to help explain your problem.
 
 **Versions**
  - OS: [e.g. macos, linux]
- - Version [e.g. v0.18.1]
+ - Version [e.g. v0.18.2]
 
 **Additional context**
 Add any other context about the problem here.

README.md

@@ -105,3 +105,7 @@ Noir is open-source project and made it with ❤️
 if you want contribute this project, please see [CONTRIBUTING.md](./CONTRIBUTING.md) and Pull-Request with cool your contents.
 
 [![](./CONTRIBUTORS.svg)](https://github.com/owasp-noir/noir/graphs/contributors)
+
+*PassiveScan Rule contributors*
+
+[![](https://raw.githubusercontent.com/owasp-noir/noir-passive-rules/refs/heads/main/CONTRIBUTORS.svg)](https://github.com/owasp-noir/noir-passive-rules/graphs/contributors)

docs/_advanced/tips/community-articles.md

@@ -7,4 +7,5 @@ layout: page
 ---
 
 * [Hello Noir 👋🏼 by HAHWUL](https://www.hahwul.com/2023/08/03/hello-noir/)
-* [API Attack Surface Detection using Noir by DANA EPP](https://danaepp.com/api-attack-surface-detection-using-noir)
+* [API Attack Surface Detection using Noir by DANA EPP](https://danaepp.com/api-attack-surface-detection-using-noir)
+* [Exploring OWASP Noir's PassiveScan by HAHWUL](https://www.hahwul.com/2024/11/03/passivescan-in-owasp-noir/)

docs/index.md

@@ -82,6 +82,10 @@ Happy contributing!
 
 ![](https://raw.githubusercontent.com/owasp-noir/noir/refs/heads/main/CONTRIBUTORS.svg)
 
+*PassiveScan Rule contributors*
+
+[![](https://raw.githubusercontent.com/owasp-noir/noir-passive-rules/refs/heads/main/CONTRIBUTORS.svg)](https://github.com/owasp-noir/noir-passive-rules/graphs/contributors)
+
 ### Code of Conduct
 OWASP Noir is committed to fostering a welcoming community.
 

shard.yml

@@ -1,6 +1,6 @@
 # Project Metadata
 name: noir
-version: 0.18.1
+version: 0.18.2
 authors:
   - hahwul <hahwul@gmail.com>
   - ksg97031 <ksg97031@gmail.com>

snap/snapcraft.yaml

@@ -1,6 +1,6 @@
 name: noir
 base: core20
-version: 0.18.1
+version: 0.18.2
 summary: Attack surface detector that identifies endpoints by static analysis.
 description: |
   Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. 

spec/functional_test/fixtures/ruby/rails/config/routes.rb

@@ -1,7 +1,10 @@
 Rails.application.routes.draw do
     resources :posts
     # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
-  
+
     # Defines the root path route ("/")
     # root "articles#index"
-  end
+    get "up" => "rails/health#show", as: :rails_health_check
+    get "service-worker" => "rails/pwa#service_worker", as: :pwa_service_worker
+    get "manifest" => "rails/pwa#manifest", as: :pwa_manifest
+  end

spec/functional_test/testers/ruby/rails_spec.cr

@@ -22,6 +22,9 @@ extected_endpoints = [
     Param.new("X-API-KEY", "", "header"),
   ]),
   Endpoint.new("/posts/1", "DELETE"),
+  Endpoint.new("/up", "GET"),
+  Endpoint.new("/service-worker", "GET"),
+  Endpoint.new("/manifest", "GET"),
 ]
 
 FunctionalTester.new("fixtures/ruby/rails/", {

src/completions.cr

@@ -5,7 +5,7 @@ def generate_zsh_completion_script
 _arguments \\
   '-b[Set base path]:path:_files' \\
   '-u[Set base URL for endpoints]:URL:_urls' \\
-  '-f[Set output format]:format:(plain yaml json jsonl markdown-table curl httpie oas2 oas3 only-url only-param only-header only-cookie)' \\
+  '-f[Set output format]:format:(plain yaml json jsonl markdown-table curl httpie oas2 oas3 only-url only-param only-header only-cookie only-tag)' \\
   '-o[Write result to file]:path:_files' \\
   '--set-pvalue[Specifies the value of the identified parameter]:value:' \\
   '--set-pvalue-header[Specifies the value of the identified parameter for headers]:value:' \\
@@ -19,6 +19,8 @@ _arguments \\
   '--include-path[Include file path in the plain result]' \\
   '--no-color[Disable color output]' \\
   '--no-log[Displaying only the results]' \\
+  '-P[Perform a passive scan for security issues using rules from the specified path]' \\
+  '--passive-scan-path[Specify the path for the rules used in the passive security scan]:path:_files' \\
   '-T[Activates all taggers for full analysis coverage]' \\
   '--use-taggers[Activates specific taggers]:values:' \\
   '--list-taggers[Lists all available taggers]' \\
@@ -34,6 +36,7 @@ _arguments \\
   '--list-techs[Show all technologies]' \\
   '--config-file[Specify the path to a configuration file in YAML format]:path:_files' \\
   '--concurrency[Set concurrency]:concurrency:' \\
+  '--generate-completion[Generate Zsh/Bash/Fish completion script]:completion:(zsh bash fish)' \\
   '-d[Show debug messages]' \\
   '-v[Show version]' \\
   '--build-info[Show version and Build info]' \\
@@ -65,6 +68,8 @@ _noir_completions() {
         --include-path
         --no-color
         --no-log
+        -P --passive-scan
+        --passive-scan-path
         -T --use-all-taggers
         --use-taggers
         --list-taggers
@@ -80,6 +85,7 @@ _noir_completions() {
         --list-techs
         --config-file
         --concurrency
+        --generate-completion
         -d --debug
         -v --version
         --build-info
@@ -88,13 +94,17 @@ _noir_completions() {
 
     case "${prev}" in
         -f|--format)
-            COMPREPLY=( $(compgen -W "plain yaml json jsonl markdown-table curl httpie oas2 oas3 only-url only-param only-header only-cookie" -- "${cur}") )
+            COMPREPLY=( $(compgen -W "plain yaml json jsonl markdown-table curl httpie oas2 oas3 only-url only-param only-header only-cookie only-tag" -- "${cur}") )
             return 0
             ;;
         --send-proxy|--send-es|--with-headers|--use-matchers|--use-filters|--diff-path|--config-file|--set-pvalue|--techs|--exclude-techs|-o|-b|-u)
             COMPREPLY=( $(compgen -f -- "${cur}") )
             return 0
             ;;
+        --generate-completion)
+            COMPREPLY=( $(compgen -W "zsh bash fish" -- "${cur}") )
+            return 0
+            ;;
         *)
             ;;
     esac
@@ -133,6 +143,8 @@ complete -c noir -n '__fish_noir_needs_command' -a '--exclude-codes' -d 'Exclude
 complete -c noir -n '__fish_noir_needs_command' -a '--include-path' -d 'Include file path in the plain result'
 complete -c noir -n '__fish_noir_needs_command' -a '--no-color' -d 'Disable color output'
 complete -c noir -n '__fish_noir_needs_command' -a '--no-log' -d 'Displaying only the results'
+complete -c noir -n '__fish_noir_needs_command' -a '-P' -d 'Perform a passive scan for security issues using rules from the specified path'
+complete -c noir -n '__fish_noir_needs_command' -a '--passive-scan-path' -d 'Specify the path for the rules used in the passive security scan'
 complete -c noir -n '__fish_noir_needs_command' -a '-T' -d 'Activates all taggers for full analysis coverage'
 complete -c noir -n '__fish_noir_needs_command' -a '--use-taggers' -d 'Activates specific taggers'
 complete -c noir -n '__fish_noir_needs_command' -a '--list-taggers' -d 'Lists all available taggers'
@@ -148,6 +160,7 @@ complete -c noir -n '__fish_noir_needs_command' -a '--exclude-techs' -d 'Specify
 complete -c noir -n '__fish_noir_needs_command' -a '--list-techs' -d 'Show all technologies'
 complete -c noir -n '__fish_noir_needs_command' -a '--config-file' -d 'Specify the path to a configuration file in YAML format'
 complete -c noir -n '__fish_noir_needs_command' -a '--concurrency' -d 'Set concurrency'
+complete -c noir -n '__fish_noir_needs_command' -a '--generate-completion' -d 'Generate Zsh/Bash/Fish completion script'
 complete -c noir -n '__fish_noir_needs_command' -a '-d' -d 'Show debug messages'
 complete -c noir -n '__fish_noir_needs_command' -a '-v' -d 'Show version'
 complete -c noir -n '__fish_noir_needs_command' -a '--build-info' -d 'Show version and Build info'

src/models/logger.cr

@@ -16,6 +16,10 @@ class NoirLogger
   end
 
   def heading(message)
+    if @no_log
+      return
+    end
+
     prefix = "★".colorize(:yellow).toggle(@color_mode)
     STDERR.puts "#{prefix} #{message}"
   end

src/models/noir.cr

@@ -139,6 +139,8 @@ class NoirRunner
 
     @endpoints.each do |endpoint|
       tiny_tmp = endpoint
+
+      # Remove space in param name
       if endpoint.params.size > 0
         tiny_tmp.params = [] of Param
         endpoint.params.each do |param|
@@ -149,6 +151,15 @@ class NoirRunner
         end
       end
 
+      # Check start with slash
+      if tiny_tmp.url[0] != "/"
+        tiny_tmp.url = "/#{tiny_tmp.url}"
+      end
+
+      # Check double slash
+      tiny_tmp.url = tiny_tmp.url.gsub_repeatedly("//", "/")
+
+      # Duplicate check
       if tiny_tmp.url != ""
         is_new = true
         final.each do |dup|

src/noir.cr

@@ -6,7 +6,7 @@ require "./options.cr"
 require "./techs/techs.cr"
 
 module Noir
-  VERSION = "0.18.1"
+  VERSION = "0.18.2"
 end
 
 # Run options parser
@@ -54,7 +54,10 @@ if noir_options["exclude_codes"] != ""
 end
 
 # Run Noir
-banner()
+if noir_options["nolog"] == false
+  banner()
+end
+
 app = NoirRunner.new noir_options
 start_time = Time.monotonic