{"id":23058566,"url":"https://github.com/pentesttoolscom/pentesttools-github-action","last_synced_at":"2025-04-03T06:18:10.179Z","repository":{"id":220491754,"uuid":"749763765","full_name":"pentesttoolscom/pentesttools-github-action","owner":"pentesttoolscom","description":"Scan your web apps for vulnerabilities, misconfigurations, and other security issues with the Pentest-Tools.com command-line program.","archived":false,"fork":false,"pushed_at":"2024-06-26T09:13:12.000Z","size":64,"stargazers_count":30,"open_issues_count":1,"forks_count":1,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-02-08T20:13:08.997Z","etag":null,"topics":["ci","cicd","cli","continuous-delivery","continuous-integration","penetration-testing","security","security-audit","security-automation","security-hardening","security-scanner","security-testing","security-tools","vulnerability-assessment","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://pentest-tools.com/","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pentesttoolscom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-29T10:53:16.000Z","updated_at":"2024-08-05T16:45:57.000Z","dependencies_parsed_at":"2024-02-02T11:28:49.557Z","dependency_job_id":"feb4607a-f4fa-4872-85a5-0e05deec8609","html_url":"https://github.com/pentesttoolscom/pentesttools-github-action","commit_stats":null,"previous_names":["pentesttoolscom/pentesttools-github-action"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentesttoolscom%2Fpentesttools-github-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentesttoolscom%2Fpentesttools-github-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentesttoolscom%2Fpentesttools-github-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentesttoolscom%2Fpentesttools-github-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pentesttoolscom","download_url":"https://codeload.github.com/pentesttoolscom/pentesttools-github-action/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246944383,"owners_count":20858772,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","cicd","cli","continuous-delivery","continuous-integration","penetration-testing","security","security-audit","security-automation","security-hardening","security-scanner","security-testing","security-tools","vulnerability-assessment","vulnerability-detection","vulnerability-scanners"],"created_at":"2024-12-16T02:16:15.700Z","updated_at":"2025-04-03T06:18:10.167Z","avatar_url":"https://github.com/pentesttoolscom.png","language":"Dockerfile","readme":"\u003ch1 align=\"center\"\u003e\n    \u003ca href=\"https://pentest-tools.com/?utm_campaign=ptt-github-ci\u0026utm_source=github\u0026utm_medium=referral\u0026utm_content=first-link-in-readme\u0026utm_term=ptt\"\u003e\n    \u003cimg src=\"./pentest-logo-wl.png\" alt=\"pentest-tools\" width=\"250px\"\u003e\n  \u003c/a\u003e\n\u003c/h1\u003e\n\nThe official [Pentest-Tools.com](https://pentest-tools.com/?utm_campaign=ptt-github-ci\u0026utm_source=github\u0026utm_medium=referral\u0026utm_content=first-link-in-readme\u0026utm_term=ptt) Github Action.\n\nThis action allows light and deep [website scans](https://pentest-tools.com/website-vulnerability-scanning/website-scanner?utm_campaign=ptt-github-ci\u0026utm_source=github\u0026utm_medium=referral\u0026utm_content=second-link-in-readme\u0026utm_term=website-scanner) through Pentest-Tools.com using the `ptt` interface.\n\n# Usage\nYou can look into the [test-action.yml](https://github.com/pentesttoolscom/pentesttools-github-action/blob/master/.github/workflows/test-action.yml) file for a few examples.\n\nJust a check, will not fail:\n\n```yml\n- name: Actual test\n  uses: pentesttoolscom/pentesttools-github-action@master\n  id: ptt\n  with:\n    target: example.com # Has to be accessible to our scanners: https://pentest-tools.com/whitelist-ipv4.txt\n- name: Print the output\n  run: echo \"The report: ${{ steps.ptt.outputs.result }}\"\n```\n\nFail if `ptt` finds high risk vulnerabilities, present the report as json\n\n```yml\n- name: Actual test\n  uses: pentesttoolscom/pentesttools-github-action@master\n  id: ptt\n  with:\n      target: example.com\n      format: json # JSON. Human readable text is also available, as the default\n      fail: low # The run will fail if a vulnerability with at least a low risk is found\n- name: Print the output\n  run: echo \"The report: ${{ steps.ptt.outputs.result }}\"\n\n```\n\nYou can also run the action manually, if you wish so:\n\n```yml\non:\n  manual:\n    inputs:\n      pr-id:\n        type: string\n        description: PR ID\n        required: true\n\njobs:\n  test_manual_workflow:\n    runs-on: ubuntu-latest\n    name: Run manually\n    if: github.event_name == 'manual'\n    steps:\n      - name: Actual test\n        uses: pentesttoolscom/pentesttools-github-action@master\n        id: ptt\n        with:\n          target: pentest-ground.com:81\n          format: text\n          fail: low\n      # Use the output\n      - name: Check the output\n        run: echo \"The report ${{ steps.ptt.outputs.result }}\"\n```\n\n```yml\n  test_deep_scan:\n    runs-on: ubuntu-latest\n    name: Run a deep scan. You will need a suitable api key\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n      - name: Actual test\n        uses: pentesttoolscom/pentesttools-github-action@master\n        id: ptt\n        with:\n          target: pentest-ground.com:81\n          format: text\n          fail: low\n          type: deep\n          key: ${{ secrets.PTT_API_KEY }}\n      - name: Check the output\n        run: echo \"The report ${{ steps.ptt.outputs.result }}\"\n```\n\n# What is Pentest-Tools.com?\n[Pentest-Tools.com ](http://pentest-tools.com/) helps security teams run the key steps of a penetration test, easily and without expert hacking skills.\nHeadquartered in Europe (Bucharest, Romania), [Pentest-Tools.com](http://pentest-tools.com/) makes offensive cybersecurity tools and proprietary vulnerability scanner software for penetration testers and other infosec pros. Security teams use our toolkit to identify paths attackers can use to compromise your organization so you can effectively reduce your exposure to cyberattacks.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpentesttoolscom%2Fpentesttools-github-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpentesttoolscom%2Fpentesttools-github-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpentesttoolscom%2Fpentesttools-github-action/lists"}