From 710097aa9709ea8b68af93ecef44f9569ff2b580 Mon Sep 17 00:00:00 2001 From: Fernando Guisso Date: Thu, 15 Apr 2021 17:48:29 -0300 Subject: [PATCH] Update nuclei flags and broken nuclei-templates (#6) * action: refac and update to new nuclei version - remove some default values, set a default value for a not required input cause scripts to every run the rule with value. - fix nuclei templates directory - remove user-agent flag for default - add options to include-rr and report-config * readme: add github issues example --- README.md | 33 ++++++++++++++++++++++++++++++++- action.yml | 48 ++++++++++++++++++++++++++++++++++-------------- 2 files changed, 66 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 5235218..5c360ef 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,34 @@ jobs: path: nuclei.log ``` +Example with nuclei generating an ISSUE with the report: + +*.github/workflows/nuclei.yml* +``` +on: + workflow_dispatch: + schedule: + - cron: "0 10 * * *" + +jobs: + worker: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + + - uses: actions/cache@v2 + id: cache + with: + path: /home/runner/go/bin/nuclei + key: ${{ runner.os }}-${{ hashFiles('/home/runner/go/bin/nuclei') }} + + - uses: projectdiscovery/nuclei-action@main + with: + urls: "urls.txt" + github-report: true + report-token: ${{ secrets.GITHUB_TOKEN }} +``` + Inputs ------ @@ -50,5 +78,8 @@ Inputs | `urls` | List of urls to run templates | true | `templates` | Templates input file/files to check across hosts | false | `output` | File to save output result | false +| `include-rr` | Include request/response in log | false | `nuclei-ignore` | Define templates that will be blocked from execution | false -| `user-agent` | Set a User-Agent header | false \ No newline at end of file +| `user-agent` | Set a User-Agent header | false +| `github-report` | Set `true` for generate an issue with the report | false +| `report-token` | Set the Github Token | false diff --git a/action.yml b/action.yml index ff8b19e..0a06aba 100644 --- a/action.yml +++ b/action.yml @@ -9,20 +9,28 @@ inputs: templates: description: "Templates input file/files to check across hosts" required: false - default: "nuclei-templates" output: description: "File to save output result" required: false default: "nuclei.log" + include-rr: + description: "Write requests/responses for matches in JSON output" + required: false + default: false nuclei-ignore: description: "define templates that will be blocked from execution" required: false - default: ".nuclei-ignore" user-agent: description: "Set a User-Agent header" required: false - default: "Nuclei - Open-source project (github.com/projectdiscovery/nuclei)" - + github-report: + description: "Active Nuclei Reporting Module for Github" + required: false + default: false + report-token: + description: "Github token for create issues" + required: false + runs: using: "composite" steps: @@ -30,21 +38,33 @@ runs: [ ! -x /home/runner/go/bin/nuclei ] && GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei echo "/home/runner/go/bin/" >> $GITHUB_PATH shell: bash - - run: | + [ ! -z ${{ inputs.nuclei-ignore }} ] && cp ${{ inputs.nuclei-ignore }} /nuclei-templates/.nuclei-ignore + [ ! -z "${{ inputs.user-agent }}" ] && echo 'useragent=-H "User-Agent: ${{ inputs.user-agent }}"' >> $GITHUB_ENV + ${{ inputs.include-rr }} && echo "includerr=-irr" >> $GITHUB_ENV + + ${{ inputs.github-report }} \ + && touch ~/nuclei-report-config.yaml \ + && echo -e "github:" >> ~/nuclei-report-config.yaml \ + && echo -e " username: \"$GITHUB_ACTOR\"" >> ~/nuclei-report-config.yaml \ + && echo -e " owner: \"${GITHUB_REPOSITORY%%/*}\"" >> ~/nuclei-report-config.yaml \ + && echo -e " token: \"${{ inputs.report-token }}\"" >> ~/nuclei-report-config.yaml \ + && echo -e " project-name: \"${GITHUB_REPOSITORY#*/}\"" >> ~/nuclei-report-config.yaml \ + && echo -e " issue-label: \"Nuclei Reporting\"" >> ~/nuclei-report-config.yaml \ + && echo "reportconfig=-rc ~/nuclei-report-config.yaml" >> $GITHUB_ENV + nuclei \ -update-templates \ - -update-directory ./ \ - \ - - [ -e ${{ inputs.nuclei-ignore }} ] && cp ${{ inputs.nuclei-ignore }} ${{ inputs.templates }}/.nuclei-ignore - + -update-directory ./nuclei-templates + shell: bash + - run: | + nuclei \ -l ${{ inputs.urls }} \ - -t ${{ inputs.templates }} \ + -t ./nuclei-templates/${{ inputs.templates }} \ + ${{ env.useragent }} \ -o ${{ inputs.output }} \ - -H "User-Agent: ${{ inputs.user-agent }}" \ -json \ - -include-rr \ - \ + ${{ env.reportconfig }} \ + ${{ env.includerr }} shell: bash