v1.0.3 (#12)

* More feature additions (#10) * Adding sarif and markdown support * misc changes * Version lock * Example updates * misc changes * support to use any nuclei flag as extra argument * Example branch update (#11) * Adding sarif and markdown support * misc changes * Version lock * Example updates * misc changes * support to use any nuclei flag as extra argument * branch update As latest tag will always in sync with main
projectdiscovery · Jun 12, 2021 · 18eec9a · 18eec9a
1 parent 626a759
commit 18eec9a
Show file tree

Hide file tree

Showing 2 changed files with 84 additions and 34 deletions.
diff --git a/README.md b/README.md
@@ -11,53 +11,67 @@ Integrate all of your [Nuclei Templates](https://github.com/projectdiscovery/nuc
 Example Usage
 -----
 
-**GitHub Action running nuclei on single URL**
+**GitHub Action running Nuclei on single URL**
 
 ```yaml
-      - name: Nuclei Scan
-        uses: projectdiscovery/nuclei-action@v1.0.1
+      - name: Nuclei - DAST Scan
+        uses: projectdiscovery/nuclei-action@main
         with:
           target: https://example.com
 ```
 
-**GitHub Action running nuclei with custom templates**
+**GitHub Action running Nuclei with custom templates**
 
 ```yaml
-      - name: Nuclei Scan
-        uses: projectdiscovery/nuclei-action@v1.0.1
+      - name: Nuclei - DAST Scan
+        uses: projectdiscovery/nuclei-action@main
         with:
           target: https://example.com
           templates: custom_template_path
 ```
 
 <ins>As default, all the default [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) are used for scan.</ins>
 
-**GitHub Action running nuclei on multiple URLs**
+**GitHub Action running Nuclei on multiple URLs**
 
 ```yaml
-      - name: Nuclei Scan
-        uses: projectdiscovery/nuclei-action@v1.0.1
+      - name: Nuclei - DAST Scan
+        uses: projectdiscovery/nuclei-action@main
         with:
           urls: urls.txt
 ```
 
-**GitHub Example Action running nuclei with GitHub Issue reporting**
+**GitHub Example Action running Nuclei with GitHub Issue reporting**
 
 ```yaml
-      - name: Nuclei Scan
-        uses: projectdiscovery/nuclei-action@v1.0.1
+      - name: Nuclei - DAST Scan
+        uses: projectdiscovery/nuclei-action@main
         with:
           target: https://example.com
           github-report: true
           github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
+**GitHub Example Action running Nuclei with GitHub Security Dashboard reporting**
 
-Workflow - `.github/workflows/nuclei.yml`
+```yaml
+      - name: Nuclei - DAST Scan
+        uses: projectdiscovery/nuclei-action@main
+        with:
+          target: https://example.com
+
+      - name: GitHub Security Dashboard Alerts
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: nuclei.sarif
+```
+
+
+**Workflow** - `.github/workflows/nuclei.yml`
 
 
 ```yaml
-name: Nuclei - DAST
+name: Nuclei - DAST Scan
 
 on:
     schedule:
@@ -73,29 +87,38 @@ jobs:
         with:
           go-version: 1.15
 
-      - name: Nuclei Scan
-        uses: projectdiscovery/nuclei-action@v1.0.1
+      - name: Nuclei - DAST Scan
+        uses: projectdiscovery/nuclei-action@main
         with:
           target: https://example.com
 
+      - name: GitHub Workflow artifacts
       - uses: actions/upload-artifact@v2
         with:
           name: nuclei.log
           path: nuclei.log
+
+      - name: GitHub Security Dashboard Alerts update
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: nuclei.sarif
 ```
 
 Available Inputs
 ------
 
-| Key             | Description                                         | Required |
-| --------------- | --------------------------------------------------- | -------- |
-| `target`        | Target URL to run nuclei scan                       | true     |
-| `urls`          | List of urls to run nuclei scan                     | false    |
-| `templates`     | Custom templates directory/file to run nuclei scan  | false    |
-| `output`        | File to save output result (default - nuclei.log)   | false    |
-| `json`          | Write results in JSON format                        | false    |
-| `include-rr`    | Include request/response in results                 | false    |
-| `config`        | Set custom nuclei config file to use                | false    |
-| `user-agent`    | Set custom user-agent header                        | false    |
-| `github-report` | Set `true` to generate Github issue with the report | false    |
-| `github-token`  | Set the Github Token                                | false    |
+| Key               | Description                                         | Required |
+| ----------------- | --------------------------------------------------- | -------- |
+| `target`          | Target URL to run nuclei scan                       | true     |
+| `urls`            | List of urls to run nuclei scan                     | false    |
+| `templates`       | Custom templates directory/file to run nuclei scan  | false    |
+| `output`          | File to save output result (default - nuclei.log)   | false    |
+| `json`            | Write results in JSON format                        | false    |
+| `include-rr`      | Include request/response in results                 | false    |
+| `config`          | Set custom nuclei config file to use                | false    |
+| `user-agent`      | Set custom user-agent header                        | false    |
+| `github-report`   | Set `true` to generate Github issue with the report | false    |
+| `github-token`    | Set the Github Token                                | false    |
+| `sarif-export`    | File to export result (default - sarif.nuclei)      | false    |
+| `markdown-export` | Directory to export markdown results                | false    |
+| `nuclei-flags`    | More Nuclei CLI flags to use                        | false    |
diff --git a/action.yml b/action.yml
@@ -1,4 +1,4 @@
-name: "Nuclei Action"
+name: "Nuclei - DAST Scan"
 description: "Nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL"
 branding:
   icon: "activity"
@@ -8,53 +8,77 @@ inputs:
   target:
     description: "Target to run nuclei scan"
     required: true
+
   urls:
     description: "List of urls to run templates"
     required: false
+
   templates:
     description: "Templates input file/files to check across hosts"
     required: false
+
   output:
     description: "File to save output result"
     required: false
+
   json:
     description: "Write nuclei output in JSON format"
     required: false
     default: false
+
   include-rr:
     description: "Write requests/responses for matches in JSON output"
     required: false
     default: false
+
   config:
     description: "Nuclei configuration file"
     required: false
+
   user-agent:
     description: "Set a Custom User-Agent header"
     required: false
+
   github-report:
-    description: "Nuclei Reporting Module for Github"
+    description: "Nuclei Reporting Module for Github Issues"
     required: false
     default: false
+
   github-token:
     description: "Github token for Github reporting"
     required: false
-
+
+  sarif-export:
+    description: "Export nuclei results in SARIF format"
+    required: false
+
+  markdown-export:
+    description: "Export nuclei results in Markdown format"
+    required: false
+
+  nuclei-flags:
+    description: "Extra nuclei CLI flags to use"
+    required: false
+
 runs:
   using: "composite"
   steps:
     - run: |
-        [ ! -x /home/runner/go/bin/nuclei ] && GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
+        [ ! -x /home/runner/go/bin/nuclei ] && GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@v2.3.8
         echo "/home/runner/go/bin/" >> $GITHUB_PATH
       shell: bash
     - run: |
         [ ! -z ${{ inputs.target }} ] && echo "target=-target ${{ inputs.target}}" >> $GITHUB_ENV
         [ ! -z ${{ inputs.urls }} ] && echo "urls=-list ${{ inputs.urls}}" >> $GITHUB_ENV
         [ ! -z ${{ inputs.templates }} ] && echo "templates=-t ${{ inputs.templates }}" >> $GITHUB_ENV || echo "templates=-t ./nuclei-templates" >> $GITHUB_ENV
         [ ! -z ${{ inputs.output }} ] && echo "output=-o ${{ inputs.output}}" >> $GITHUB_ENV || echo "output=-o nuclei.log" >> $GITHUB_ENV
-        ${{ inputs.json }} && echo "json=-json" >> $GITHUB_ENV
-        ${{ inputs.include-rr }} && echo "includerr=-irr" >> $GITHUB_ENV
+        [ ! -z ${{ inputs.sarif-export }} ] && echo "sarif-export=-se ${{ inputs.sarif-export}}" >> $GITHUB_ENV || echo "sarif-export=-se nuclei.sarif" >> $GITHUB_ENV
+        [ ! -z ${{ inputs.markdown-export }} ] && echo "markdown-export=-me ${{ inputs.markdown-export}}" >> $GITHUB_ENV
         [ ! -z ${{ inputs.config }} ] && cp ${{ inputs.config }} /.config/nuclei/config.yaml
         [ ! -z "${{ inputs.user-agent }}" ] && echo 'useragent=-H "${{ inputs.user-agent }}"' >> $GITHUB_ENV
+        [ ! -z "${{ inputs.nuclei-flags }}" ] && echo 'flags="${{ inputs.nuclei-flags }}"' >> $GITHUB_ENV
+        ${{ inputs.json }} && echo "json=-json" >> $GITHUB_ENV
+        ${{ inputs.include-rr }} && echo "includerr=-irr" >> $GITHUB_ENV
         ${{ inputs.github-report }} \
         && touch ~/nuclei-github-config.yaml \
         && echo -e "github:" >> ~/nuclei-github-config.yaml \
@@ -77,7 +101,10 @@ runs:
           ${{ env.templates }} \
           ${{ env.useragent }} \
           ${{ env.output }} \
+          ${{ env.sarif-export }} \
+          ${{ env.markdown-export }} \
           ${{ env.json }} \
+          ${{ env.flags }} \
           ${{ env.githubconfig }} \
           ${{ env.includerr }}
       shell: bash