Update nuclei flags and broken nuclei-templates (#6)

* action: refac and update to new nuclei version - remove some default values, set a default value for a not required input cause scripts to every run the rule with value. - fix nuclei templates directory - remove user-agent flag for default - add options to include-rr and report-config * readme: add github issues example
projectdiscovery · Apr 15, 2021 · 710097a · 710097a
1 parent 8130238
commit 710097a
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -42,6 +42,34 @@ jobs:
           path: nuclei.log
 ```
 
+Example with nuclei generating an ISSUE with the report:
+
+*.github/workflows/nuclei.yml* 
+```
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 10 * * *"
+
+jobs:
+  worker:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/cache@v2
+        id: cache
+        with:
+          path: /home/runner/go/bin/nuclei
+          key: ${{ runner.os }}-${{ hashFiles('/home/runner/go/bin/nuclei') }}
+
+      - uses: projectdiscovery/nuclei-action@main
+        with:
+          urls: "urls.txt"
+          github-report: true
+          report-token: ${{ secrets.GITHUB_TOKEN }}
+```
+
 Inputs
 ------
 
@@ -50,5 +78,8 @@ Inputs
 | `urls` | List of urls to run templates | true
 | `templates` | Templates input file/files to check across hosts | false
 | `output` | File to save output result | false
+| `include-rr` | Include request/response in log | false
 | `nuclei-ignore` | Define templates that will be blocked from execution | false
-| `user-agent` | Set a User-Agent header | false
+| `user-agent` | Set a User-Agent header | false
+| `github-report` | Set `true` for generate an issue with the report | false
+| `report-token` | Set the Github Token | false
diff --git a/action.yml b/action.yml
@@ -9,42 +9,62 @@ inputs:
   templates:
     description: "Templates input file/files to check across hosts"
     required: false
-    default: "nuclei-templates"
   output:
     description: "File to save output result"
     required: false
     default: "nuclei.log"
+  include-rr:
+    description: "Write requests/responses for matches in JSON output"
+    required: false
+    default: false
   nuclei-ignore:
     description: "define templates that will be blocked from execution"
     required: false
-    default: ".nuclei-ignore"
   user-agent:
     description: "Set a User-Agent header"
     required: false
-    default: "Nuclei - Open-source project (github.com/projectdiscovery/nuclei)"
-
+  github-report:
+    description: "Active Nuclei Reporting Module for Github"
+    required: false
+    default: false
+  report-token:
+    description: "Github token for create issues"
+    required: false
+
 runs:
   using: "composite"
   steps:
     - run: |
         [ ! -x /home/runner/go/bin/nuclei ] && GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
         echo "/home/runner/go/bin/" >> $GITHUB_PATH
       shell: bash
-
     - run: |
+        [ ! -z ${{ inputs.nuclei-ignore }} ] && cp ${{ inputs.nuclei-ignore }} /nuclei-templates/.nuclei-ignore
+        [ ! -z "${{ inputs.user-agent }}" ] && echo 'useragent=-H "User-Agent: ${{ inputs.user-agent }}"' >> $GITHUB_ENV
+        ${{ inputs.include-rr }} && echo "includerr=-irr" >> $GITHUB_ENV
+        
+        ${{ inputs.github-report }} \
+        && touch ~/nuclei-report-config.yaml \
+        && echo -e "github:" >> ~/nuclei-report-config.yaml \
+        && echo -e "  username: \"$GITHUB_ACTOR\"" >> ~/nuclei-report-config.yaml \
+        && echo -e "  owner: \"${GITHUB_REPOSITORY%%/*}\"" >> ~/nuclei-report-config.yaml \
+        && echo -e "  token: \"${{ inputs.report-token }}\"" >> ~/nuclei-report-config.yaml \
+        && echo -e "  project-name: \"${GITHUB_REPOSITORY#*/}\"" >> ~/nuclei-report-config.yaml \
+        && echo -e "  issue-label: \"Nuclei Reporting\"" >> ~/nuclei-report-config.yaml \
+        && echo "reportconfig=-rc ~/nuclei-report-config.yaml" >> $GITHUB_ENV
+        
         nuclei \
           -update-templates \
-          -update-directory ./ \
-          \
-
-        [ -e ${{ inputs.nuclei-ignore }} ] && cp ${{ inputs.nuclei-ignore }} ${{ inputs.templates }}/.nuclei-ignore
-
+          -update-directory ./nuclei-templates
+      shell: bash
+    - run: |
+        
         nuclei \
           -l ${{ inputs.urls }} \
-          -t ${{ inputs.templates }} \
+          -t ./nuclei-templates/${{ inputs.templates }} \
+          ${{ env.useragent }} \
           -o ${{ inputs.output }} \
-          -H "User-Agent: ${{ inputs.user-agent }}" \
           -json \
-          -include-rr \
-          \
+          ${{ env.reportconfig }} \
+          ${{ env.includerr }}
       shell: bash