Run Nuclei #87

Workflow file for this run

.github/workflows/scheduled_job.yaml at 109aec9

	name: Run Nuclei
	on:
	# Run every sunday
	schedule:
	- cron: "0 12 * * SUN"
	workflow_dispatch:
	env:
	REPO_OWNER: ${{ github.repository_owner }}
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
	NUCLEI_VERSION: '3.2.5'

	jobs:
	project-runner:
	name: Project runner
	# seaweed configurations
	env:
	TAG: "lfi,xss,fileupload,xxe,injection,traversal,disclosure,auth-bypass,ssrf,sqli,oast,rce"
	runs-on: ubuntu-latest
	services:
	dummyhttp:
	image: "svenstaro/dummyhttp:1.0.3@sha256:7f4ce2ee5952f1c1b55a4c808c63a7f4485259b7b08d970db6c20d0efced7bfe"
	waf:
	image: "owasp/modsecurity-crs:4-apache-202404131004@sha256:9c20dd4756378de04c3587911efdf37c15614403c0540e008f16ca1cdbc63cba"
	ports:
	- 8080:8080
	env:
	MODSEC_RULE_ENGINE: "On"
	SERVERNAME: "_default_"
	MODSEC_AUDIT_LOG: "/var/log/apache2/modsec_audit.log"
	BLOCKING_PARANOIA: 4
	BACKEND: "http://dummyhttp:80"
	steps:
	- name: Nuclei - Vulnerability Scan
	uses: projectdiscovery/nuclei-action@6a69b5015a4059e8804afcb33ff5e56bfd546908 # v2.0.1
	with:
	target: "http://127.0.0.1:8080"
	flags: "-t http/cves -type http -stats -ni -sresp"
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: zip output
	run: \|
	zip -qq -r output.zip output

	- name: GitHub Workflow artifacts
	uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
	with:
	name: output
	path: output.zip

	process-artifacts:
	name: Generate report
	runs-on: ubuntu-latest
	needs: [project-runner]
	outputs:
	total_requests: ${{ steps.report.outputs.total_requests }}
	total_blocked: ${{ steps.report.outputs.total_blocked }}
	total_not_blocked: ${{ steps.report.outputs.total_not_blocked }}
	partially_blocked: ${{ steps.report.outputs.partially_blocked }}
	steps:
	- name: Checkout code
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4

	- name: Setup Go
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
	with:
	go-version: '^1.22.3'

	- name: Download artifacts
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
	with:
	name: output

	- name: Build report
	id: report
	run: \|
	go build
	unzip -qq output.zip
	./project-seaweed -o output >> "$GITHUB_OUTPUT"


	slack-notification:
	name: Send notification
	runs-on: ubuntu-latest
	needs: process-artifacts
	env:
	total_requests: ${{ needs.process-artifacts.outputs.total_requests }}
	total_blocked: ${{ needs.process-artifacts.outputs.total_blocked }}
	total_not_blocked: ${{ needs.process-artifacts.outputs.total_not_blocked }}
	partially_blocked: ${{ needs.process-artifacts.outputs.partially_blocked }}
	steps:
	- name: Success
	uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
	with:
	payload: \|
	{
	"text": "Testing finished!",
	"attachments": [
	{
	"color": "28a745",
	"fields": [
	{
	"title": "Status",
	"value": "Complete"
	},
	{
	"title": "total requests - cves tested",
	"value": ${{ env.total_requests }}
	},
	{
	"title": "blocks",
	"value": ${{ env.total_blocked }}
	},
	{
	"title": "partially blocked",
	"value": ${{ env.partially_blocked }}
	},
	{
	"title": "non blocks",
	"value": ${{ env.total_not_blocked }}
	}
	]
	}
	]
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run Nuclei #87

Workflow file

Run Nuclei #87

Jobs

Run details

Workflow file for this run