diff --git a/README.md b/README.md index 713688a..f2dfc24 100644 --- a/README.md +++ b/README.md @@ -11,20 +11,20 @@ Integrate all of your [Nuclei Templates](https://github.com/projectdiscovery/nuc Example Usage ----- -**GitHub Action running nuclei on single URL** +**GitHub Action running Nuclei on single URL** ```yaml - - name: Nuclei Scan - uses: projectdiscovery/nuclei-action@v1.0.1 + - name: Nuclei - DAST Scan + uses: projectdiscovery/nuclei-action@main with: target: https://example.com ``` -**GitHub Action running nuclei with custom templates** +**GitHub Action running Nuclei with custom templates** ```yaml - - name: Nuclei Scan - uses: projectdiscovery/nuclei-action@v1.0.1 + - name: Nuclei - DAST Scan + uses: projectdiscovery/nuclei-action@main with: target: https://example.com templates: custom_template_path @@ -32,32 +32,46 @@ Example Usage As default, all the default [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) are used for scan. -**GitHub Action running nuclei on multiple URLs** +**GitHub Action running Nuclei on multiple URLs** ```yaml - - name: Nuclei Scan - uses: projectdiscovery/nuclei-action@v1.0.1 + - name: Nuclei - DAST Scan + uses: projectdiscovery/nuclei-action@main with: urls: urls.txt ``` -**GitHub Example Action running nuclei with GitHub Issue reporting** +**GitHub Example Action running Nuclei with GitHub Issue reporting** ```yaml - - name: Nuclei Scan - uses: projectdiscovery/nuclei-action@v1.0.1 + - name: Nuclei - DAST Scan + uses: projectdiscovery/nuclei-action@main with: target: https://example.com github-report: true github-token: ${{ secrets.GITHUB_TOKEN }} ``` +**GitHub Example Action running Nuclei with GitHub Security Dashboard reporting** -Workflow - `.github/workflows/nuclei.yml` +```yaml + - name: Nuclei - DAST Scan + uses: projectdiscovery/nuclei-action@main + with: + target: https://example.com + + - name: GitHub Security Dashboard Alerts + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: nuclei.sarif +``` + + +**Workflow** - `.github/workflows/nuclei.yml` ```yaml -name: Nuclei - DAST +name: Nuclei - DAST Scan on: schedule: @@ -73,29 +87,38 @@ jobs: with: go-version: 1.15 - - name: Nuclei Scan - uses: projectdiscovery/nuclei-action@v1.0.1 + - name: Nuclei - DAST Scan + uses: projectdiscovery/nuclei-action@main with: target: https://example.com + - name: GitHub Workflow artifacts - uses: actions/upload-artifact@v2 with: name: nuclei.log path: nuclei.log + + - name: GitHub Security Dashboard Alerts update + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: nuclei.sarif ``` Available Inputs ------ -| Key | Description | Required | -| --------------- | --------------------------------------------------- | -------- | -| `target` | Target URL to run nuclei scan | true | -| `urls` | List of urls to run nuclei scan | false | -| `templates` | Custom templates directory/file to run nuclei scan | false | -| `output` | File to save output result (default - nuclei.log) | false | -| `json` | Write results in JSON format | false | -| `include-rr` | Include request/response in results | false | -| `config` | Set custom nuclei config file to use | false | -| `user-agent` | Set custom user-agent header | false | -| `github-report` | Set `true` to generate Github issue with the report | false | -| `github-token` | Set the Github Token | false | +| Key | Description | Required | +| ----------------- | --------------------------------------------------- | -------- | +| `target` | Target URL to run nuclei scan | true | +| `urls` | List of urls to run nuclei scan | false | +| `templates` | Custom templates directory/file to run nuclei scan | false | +| `output` | File to save output result (default - nuclei.log) | false | +| `json` | Write results in JSON format | false | +| `include-rr` | Include request/response in results | false | +| `config` | Set custom nuclei config file to use | false | +| `user-agent` | Set custom user-agent header | false | +| `github-report` | Set `true` to generate Github issue with the report | false | +| `github-token` | Set the Github Token | false | +| `sarif-export` | File to export result (default - sarif.nuclei) | false | +| `markdown-export` | Directory to export markdown results | false | +| `nuclei-flags` | More Nuclei CLI flags to use | false | \ No newline at end of file diff --git a/action.yml b/action.yml index d9eab7b..49f712f 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: "Nuclei Action" +name: "Nuclei - DAST Scan" description: "Nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL" branding: icon: "activity" @@ -8,42 +8,63 @@ inputs: target: description: "Target to run nuclei scan" required: true + urls: description: "List of urls to run templates" required: false + templates: description: "Templates input file/files to check across hosts" required: false + output: description: "File to save output result" required: false + json: description: "Write nuclei output in JSON format" required: false default: false + include-rr: description: "Write requests/responses for matches in JSON output" required: false default: false + config: description: "Nuclei configuration file" required: false + user-agent: description: "Set a Custom User-Agent header" required: false + github-report: - description: "Nuclei Reporting Module for Github" + description: "Nuclei Reporting Module for Github Issues" required: false default: false + github-token: description: "Github token for Github reporting" required: false - + + sarif-export: + description: "Export nuclei results in SARIF format" + required: false + + markdown-export: + description: "Export nuclei results in Markdown format" + required: false + + nuclei-flags: + description: "Extra nuclei CLI flags to use" + required: false + runs: using: "composite" steps: - run: | - [ ! -x /home/runner/go/bin/nuclei ] && GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei + [ ! -x /home/runner/go/bin/nuclei ] && GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@v2.3.8 echo "/home/runner/go/bin/" >> $GITHUB_PATH shell: bash - run: | @@ -51,10 +72,13 @@ runs: [ ! -z ${{ inputs.urls }} ] && echo "urls=-list ${{ inputs.urls}}" >> $GITHUB_ENV [ ! -z ${{ inputs.templates }} ] && echo "templates=-t ${{ inputs.templates }}" >> $GITHUB_ENV || echo "templates=-t ./nuclei-templates" >> $GITHUB_ENV [ ! -z ${{ inputs.output }} ] && echo "output=-o ${{ inputs.output}}" >> $GITHUB_ENV || echo "output=-o nuclei.log" >> $GITHUB_ENV - ${{ inputs.json }} && echo "json=-json" >> $GITHUB_ENV - ${{ inputs.include-rr }} && echo "includerr=-irr" >> $GITHUB_ENV + [ ! -z ${{ inputs.sarif-export }} ] && echo "sarif-export=-se ${{ inputs.sarif-export}}" >> $GITHUB_ENV || echo "sarif-export=-se nuclei.sarif" >> $GITHUB_ENV + [ ! -z ${{ inputs.markdown-export }} ] && echo "markdown-export=-me ${{ inputs.markdown-export}}" >> $GITHUB_ENV [ ! -z ${{ inputs.config }} ] && cp ${{ inputs.config }} /.config/nuclei/config.yaml [ ! -z "${{ inputs.user-agent }}" ] && echo 'useragent=-H "${{ inputs.user-agent }}"' >> $GITHUB_ENV + [ ! -z "${{ inputs.nuclei-flags }}" ] && echo 'flags="${{ inputs.nuclei-flags }}"' >> $GITHUB_ENV + ${{ inputs.json }} && echo "json=-json" >> $GITHUB_ENV + ${{ inputs.include-rr }} && echo "includerr=-irr" >> $GITHUB_ENV ${{ inputs.github-report }} \ && touch ~/nuclei-github-config.yaml \ && echo -e "github:" >> ~/nuclei-github-config.yaml \ @@ -77,7 +101,10 @@ runs: ${{ env.templates }} \ ${{ env.useragent }} \ ${{ env.output }} \ + ${{ env.sarif-export }} \ + ${{ env.markdown-export }} \ ${{ env.json }} \ + ${{ env.flags }} \ ${{ env.githubconfig }} \ ${{ env.includerr }} shell: bash \ No newline at end of file