projectdiscovery / nuclei-action

Vulnerability Scan with Nuclei
https://projectdiscovery.io/nuclei
MIT License
242 stars 70 forks source link
security-automation

nuclei

This Nuclei Action makes it easy to orchestrate Nuclei with GitHub Action. Integrate all of your Nuclei Templates into powerful continuous security workflows and make it part of your secure software development life cycle.

Example Usage

Workflow - .github/workflows/nuclei.yml

name: Nuclei - Vulnerability Scan

on:
    schedule:
      - cron: '0 0 * * *'
    workflow_dispatch:

jobs:
  nuclei-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Nuclei - Vulnerability Scan
        id: nuclei_scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com

      - name: GitHub Workflow artifacts
        uses: actions/upload-artifact@v4
        with:
          name: nuclei.log
          path: nuclei.log

      - name: GitHub Security Dashboard Alerts update
        uses: github/codeql-action/upload-sarif@v3
        if: steps.nuclei_scan.outputs.sarif_exists == 'true'
        with:
          sarif_file: nuclei.sarif
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

GitHub Action running Nuclei on single URL

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com

GitHub Action running Nuclei with custom templates

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          templates: custom_template_path

As default, all the default nuclei-templates are used for scan.

GitHub Action running Nuclei with custom workflows

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          workflows: custom_workflow_path

GitHub Action running Nuclei on multiple URLs

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt

GitHub Action running Nuclei with CLI flags

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt
          flags: "-severity critical,high,medium,low -stats"

GitHub Action running Nuclei with Custom UA

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt
          user-agent: "User-Agent:'Nuclei - Vulnerability Scan (Have a nice day)'"

GitHub Action running Nuclei with Config files

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          urls: urls.txt
          config: config.yaml
          report-config: issues.yaml

GitHub Example Action running Nuclei with GitHub Issue reporting

Setting permissions for GITHUB_TOKEN, according to the github actions docs.

permissions:
  issues: write
      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          github-report: true
          github-token: ${{ secrets.GITHUB_TOKEN }}

Using the github-report creates a default configuration to enable reporting to Github Issues

GitHub Example Action running Nuclei with custom GitHub Issue reporting

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          report-config: github-issue-config.yaml
          github-token: ${{ secrets.GITHUB_TOKEN }}

Create a yaml file to define the nuclei github issue reporting behavior:

github:
  duplicate-issue-check: true
  severity-as-label: true
  issue-label: '<Nuclei Scan Vulnerability>'

The nuclie-action will fill in the repository settings into the custom configuration. The file don't need to be augmented with these information manually.

github:
  username: GITHUB_ACTOR,
  owner: GITHUB_REPOSITORY_OWNER,
  token,
  "project-name": GITHUB_REPOSITORY,

GitHub Example Action running Nuclei with GitHub Security Dashboard reporting

      - name: Nuclei - Vulnerability Scan
        id: nuclei_scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com

      - name: GitHub Security Dashboard Alerts update
        uses: github/codeql-action/upload-sarif@v3
        if: steps.nuclei_scan.outputs.sarif_exists == 'true'
        with:
          sarif_file: nuclei.sarif
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Available Inputs

Key Description Required
target Target URL to run nuclei scan true
urls List of urls to run nuclei scan false
templates Custom templates directory/file to run nuclei scan false
workflows Custom workflows file/files to check across hosts false
output File to save output result (default - nuclei.log) false
json Write results in JSON format false
include-rr Include request/response in results [DEPRECATED use -omit-raw] true
omit-raw Exclude request/response in results false
config Set custom nuclei config file to use false
user-agent Set custom user-agent header false
report-config Issue reporting configuration file false
github-report Set true to generate Github issue with the report false
github-token Set the Github Token false
sarif-export File to export result (default - nuclei.sarif) false
markdown-export Directory to export markdown results false
flags More Nuclei CLI flags to use false
nuclei-version Use this specific nucleai version, by default latest is used false

Contributing

This action uses Javascript github actions toolkit. Code using the src directory, and before submitting your PR, check and run a npm run build, otherwise your changes will not be applied to the final action which resides in the dist directory.

We use this way to avoid jobs having to install npm modules and create a final version without dependencies on our code.