Giter VIP home page Giter VIP logo

nuclei-action's Introduction

nuclei

This Nuclei Action makes it easy to orchestrate Nuclei with GitHub Action. Integrate all of your Nuclei Templates into powerful continuous security workflows and make it part of your secure software development life cycle.

Example Usage

Workflow - .github/workflows/nuclei.yml

name: Nuclei - DAST Scan

on:
    schedule:
      - cron: '0 0 * * *'
    workflow_dispatch:

jobs:
  nuclei-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: 1.17

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com

      - name: GitHub Workflow artifacts
        uses: actions/upload-artifact@v2
        with:
          name: nuclei.log
          path: nuclei.log

      - name: GitHub Security Dashboard Alerts update
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: nuclei.sarif

GitHub Action running Nuclei on single URL

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com

GitHub Action running Nuclei with custom templates

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          templates: custom_template_path

As default, all the default nuclei-templates are used for scan.

GitHub Action running Nuclei on multiple URLs

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt

GitHub Action running Nuclei with CLI flags

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt
          flags: "-severity critical,high,medium,low -stats"

GitHub Action running Nuclei with Custom UA

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt
          user-agent: "User-Agent:'Nuclei - DAST Scan (Have a nice day)'"

GitHub Action running Nuclei with Config files

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt
          config: config.yaml
          report-config: issues.yaml

GitHub Example Action running Nuclei with GitHub Issue reporting

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          github-report: true
          github-token: ${{ secrets.GITHUB_TOKEN }}

GitHub Example Action running Nuclei with GitHub Security Dashboard reporting

      - name: Nuclei - DAST Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com

      - name: GitHub Security Dashboard Alerts
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: nuclei.sarif

Available Inputs

Key Description Required
target Target URL to run nuclei scan true
urls List of urls to run nuclei scan false
templates Custom templates directory/file to run nuclei scan false
output File to save output result (default - nuclei.log) false
json Write results in JSON format false
include-rr Include request/response in results false
config Set custom nuclei config file to use false
user-agent Set custom user-agent header false
report-config Issue reporting configuration file false
github-report Set true to generate Github issue with the report false
github-token Set the Github Token false
sarif-export File to export result (default - sarif.nuclei) false
markdown-export Directory to export markdown results false
nuclei-flags More Nuclei CLI flags to use false

nuclei-action's People

Contributors

aminvakil avatar chair6 avatar ehsandeep avatar fadhilthomas avatar fguisso avatar swaphr avatar toufik-airane avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.