Merge pull request #299 from noir-cr/dev

Release v0.15.1

.github/ISSUE_TEMPLATE/anything.md

@@ -0,0 +1,9 @@
+---
+name: Anything
+about: Anything!
+title: 
+labels: 
+assignees: 
+
+---
+

.github/ISSUE_TEMPLATE/bug_report.md

@@ -23,7 +23,7 @@ If applicable, add screenshots to help explain your problem.
 
 **Versions**
  - OS: [e.g. macos, linux]
- - Version [e.g. v0.15.0]
+ - Version [e.g. v0.15.1]
 
 **Additional context**
 Add any other context about the problem here.

CONTRIBUTING.md

@@ -1,12 +1,23 @@
-## ❤️ Contribute
-1. Write code in forked repo
-2. Make Pull Request to `dev` branch
-3. Finish :D
+# ❤️ Contribution Guidelines
+
+Thank you for considering contributing to our project! Here are some guidelines to help you get started and ensure a smooth contribution process.
+
+1. Fork and Code
+- Begin by forking the repository.
+- Write your code within your forked repository.
+
+3. Pull Request
+- Once your contribution is ready, create a Pull Request (PR) to the dev branch of the main repository.
+- Provide a clear and concise description of your changes in the PR.
+
+4. Completion
+- That's it! You're done. Await feedback and further instructions from the maintainers.
 
 ![](https://github.com/hahwul/noir/assets/13212227/23989dab-6b4d-4f18-904f-7f5cfd172b04)
 
-## 🛠️ How to Build and Test?
+## 🛠️ Building and Testing
 ### Clone and Install Dependencies
+
 ```bash
 # If you've forked this repository, clone to https://github.com/<YOU>/noir
 git clone https://github.com/hahwul/noir
@@ -38,13 +49,14 @@ ameba --fix
 ```
 
 ## 🧭 Code structure
-- spec (for `crystal spec`)
-  - unit_test: unit-test codes
-  - functional_test: functional test codes
-- src
-  - analyzer: Code analyzers for Endpoint URL and Parameter analysis
-  - detector: Codes for language, framework identification 
-  - models: Everything for the model, such as class, structure, etc
-  - utils: Utility codes
-  - etc...
-- noir.cr: main and command-line parser
+
+- spec: 
+  - unit_test: Unit test codes. (for `crystal spec` command)
+  - functional_test: Functional test codes.
+- src: Contains the source code.
+  - analyzer: Code analyzers for Endpoint URL and Parameter analysis.
+  - detector: Codes for language and framework identification.
+  - models: Contains everything related to models, such as classes and structures.
+- noir.cr: Main file and command-line parser.
+
+Feel free to reach out to us if you have any questions or need further assistance!

README.md

@@ -88,15 +88,15 @@
 </details>
 
 ## Installation
-### Homebrew (macOS)
+### Homebrew
 
 ```bash
 brew install noir
 
 # https://formulae.brew.sh/formula/noir
 ```
 
-### Snapcraft (linux)
+### Snapcraft
 
 ```bash
 sudo snap install noir
@@ -125,17 +125,23 @@ cp ./bin/noir /usr/bin/
 
 ### Docker (GHCR)
 ```bash
-docker pull ghcr.io/noir-cr/noir:latest
+docker pull ghcr.io/noir-cr/noir:main
 ```
 
 ## Usage
+```bash
+noir -h 
+```
+
 ```
-Usage: noir <flags>
-  Basic:
+USAGE: noir <flags>
+
+FLAGS:
+  BASE:
     -b PATH, --base-path ./app       (Required) Set base path
     -u URL, --url http://..          Set base url for endpoints
 
-  Output:
+  OUTPUT:
     -f FORMAT, --format json         Set output format
                                        * plain yaml json jsonl markdown-table
                                        * curl httpie oas2 oas3
@@ -146,29 +152,29 @@ Usage: noir <flags>
     --no-color                       Disable color output
     --no-log                         Displaying only the results
 
-  Tagger:
+  TAGGER:
     -T, --use-all-taggers            Activates all taggers for full analysis coverage
-    --use-taggers VALUES             Activates specific taggers (e.g., --use-taggers hunt,etc)
+    --use-taggers VALUES             Activates specific taggers (e.g., --use-taggers hunt,oauth)
     --list-taggers                   Lists all available taggers
 
-  Deliver:
+  DELIVER:
     --send-req                       Send results to a web request
     --send-proxy http://proxy..      Send results to a web request via an HTTP proxy
     --send-es http://es..            Send results to Elasticsearch
     --with-headers X-Header:Value    Add custom headers to be included in the delivery
     --use-matchers string            Send URLs that match specific conditions to the Deliver
     --use-filters string             Exclude URLs that match specified conditions and send the rest to Deliver
 
-  Technologies:
+  TECHNOLOGIES:
     -t TECHS, --techs rails,php      Specify the technologies to use
     --exclude-techs rails,php        Specify the technologies to be excluded
     --list-techs                     Show all technologies
 
-  Config:
+  CONFIG:
     --config-file ./config.yaml      Specify the path to a configuration file in YAML format
     --concurrency 100                Set concurrency
 
-  Others:
+  OTHERS:
     -d, --debug                      Show debug messages
     -v, --version                    Show version
     -h, --help                       Show help

shard.yml

@@ -1,5 +1,5 @@
 name: noir
-version: 0.15.0
+version: 0.15.1
 
 authors:
   - hahwul <[email protected]>

snap/snapcraft.yaml

@@ -1,6 +1,6 @@
 name: noir
 base: core20
-version: 0.15.0
+version: 0.15.1
 summary: Attack surface detector that identifies endpoints by static analysis.
 description: |
   Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline. 

spec/unit_test/detector/detect_crystal_lucky_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Crystal Lucky" do
+  options = default_options()
+  instance = DetectorCrystalLucky.new options
+
+  it "shard.yml" do
+    instance.detect("shard.yml", "luckyframework/lucky").should eq(true)
+  end
+end

spec/unit_test/detector/detect_cs_aspnet_mvc_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect C# ASP.Net MVC" do
+  options = default_options()
+  instance = DetectorCSharpAspNetMvc.new options
+
+  it "packages" do
+    instance.detect("packages.config", "Microsoft.AspNet.Mvc").should eq(true)
+  end
+end

spec/unit_test/detector/detect_elixir_phoenix_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Elixir Phoenix" do
+  options = default_options()
+  instance = DetectorElixirPhoenix.new options
+
+  it "mix" do
+    instance.detect("mix.exs", "ElixirPhoenix").should eq(true)
+  end
+end

spec/unit_test/detector/detect_go_beego_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Go BeegoEcho" do
+  options = default_options()
+  instance = DetectorGoBeego.new options
+
+  it "go.mod" do
+    instance.detect("go.mod", "github.com/beego/beego").should eq(true)
+  end
+end

spec/unit_test/detector/detect_go_fiber_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Go Fiber" do
+  options = default_options()
+  instance = DetectorGoFiber.new options
+
+  it "go.mod" do
+    instance.detect("go.mod", "github.com/gofiber/fiber").should eq(true)
+  end
+end

spec/unit_test/detector/detect_go_gin_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Go Gin" do
+  options = default_options()
+  instance = DetectorGoGin.new options
+
+  it "go.mod" do
+    instance.detect("go.mod", "github.com/gin-gonic/gin").should eq(true)
+  end
+end

spec/unit_test/detector/detect_python_fastapi_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Python FastAPI" do
+  options = default_options()
+  instance = DetectorPythonFastAPI.new options
+
+  it "settings.py" do
+    instance.detect("settings.py", "from fastapi").should eq(true)
+  end
+end

spec/unit_test/detector/detect_raml_spec.cr

@@ -0,0 +1,17 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect RAML" do
+  options = default_options()
+  instance = DetectorRAML.new options
+
+  it "raml" do
+    instance.detect("app.yaml", "#%RAML\nApp: 1").should eq(true)
+  end
+
+  it "code_locator" do
+    locator = CodeLocator.instance
+    locator.clear "raml-spec"
+    instance.detect("app.yaml", "#%RAML\nApp: 1")
+    locator.all("raml-spec").should eq(["app.yaml"])
+  end
+end

spec/unit_test/detector/detect_ruby_hanami_spec.cr

@@ -0,0 +1,13 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Ruby Hanami" do
+  options = default_options()
+  instance = DetectorRubyHanami.new options
+
+  it "gemfile/single_quot" do
+    instance.detect("Gemfile", "gem 'hanami'").should eq(true)
+  end
+  it "gemfile/double_quot" do
+    instance.detect("Gemfile", "gem \"hanami\"").should eq(true)
+  end
+end

spec/unit_test/detector/detect_rust_axum_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Rust Axum" do
+  options = default_options()
+  instance = DetectorRustAxum.new options
+
+  it "Gargo.toml" do
+    instance.detect("Cargo.toml", "[dependencies]\naxum = {}").should eq(true)
+  end
+end

spec/unit_test/detector/detect_rust_rocket_spec.cr

@@ -0,0 +1,10 @@
+require "../../../src/detector/detectors/*"
+
+describe "Detect Rust Rocket" do
+  options = default_options()
+  instance = DetectorRustRocket.new options
+
+  it "Gargo.toml" do
+    instance.detect("Cargo.toml", "[dependencies]\nrocket = {}").should eq(true)
+  end
+end