Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/pentesttoolscom/pentesttools-github-action

Scan your web apps for vulnerabilities, misconfigurations, and other security issues with the Pentest-Tools.com command-line program.
https://github.com/pentesttoolscom/pentesttools-github-action

ci cicd cli continuous-delivery continuous-integration penetration-testing security security-audit security-automation security-hardening security-scanner security-testing security-tools vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 9 months ago
JSON representation

Scan your web apps for vulnerabilities, misconfigurations, and other security issues with the Pentest-Tools.com command-line program.

Awesome Lists containing this project

README 

          


    

    pentest-tools

  




The official [Pentest-Tools.com](https://pentest-tools.com/?utm_campaign=ptt-github-ci&utm_source=github&utm_medium=referral&utm_content=first-link-in-readme&utm_term=ptt) Github Action.



This action allows light and deep [website scans](https://pentest-tools.com/website-vulnerability-scanning/website-scanner?utm_campaign=ptt-github-ci&utm_source=github&utm_medium=referral&utm_content=second-link-in-readme&utm_term=website-scanner) through Pentest-Tools.com using the `ptt` interface.



# Usage

You can look into the [test-action.yml](https://github.com/pentesttoolscom/pentesttools-github-action/blob/master/.github/workflows/test-action.yml) file for a few examples.



Just a check, will not fail:



```yml

- name: Actual test

  uses: pentesttoolscom/pentesttools-github-action@master

  id: ptt

  with:

    target: example.com # Has to be accessible to our scanners: https://pentest-tools.com/whitelist-ipv4.txt

- name: Print the output

  run: echo "The report: ${{ steps.ptt.outputs.result }}"

```



Fail if `ptt` finds high risk vulnerabilities, present the report as json



```yml

- name: Actual test

  uses: pentesttoolscom/pentesttools-github-action@master

  id: ptt

  with:

      target: example.com

      format: json # JSON. Human readable text is also available, as the default

      fail: low # The run will fail if a vulnerability with at least a low risk is found

- name: Print the output

  run: echo "The report: ${{ steps.ptt.outputs.result }}"



```



You can also run the action manually, if you wish so:



```yml

on:

  manual:

    inputs:

      pr-id:

        type: string

        description: PR ID

        required: true



jobs:

  test_manual_workflow:

    runs-on: ubuntu-latest

    name: Run manually

    if: github.event_name == 'manual'

    steps:

      - name: Actual test

        uses: pentesttoolscom/pentesttools-github-action@master

        id: ptt

        with:

          target: pentest-ground.com:81

          format: text

          fail: low

      # Use the output

      - name: Check the output

        run: echo "The report ${{ steps.ptt.outputs.result }}"

```



```yml

  test_deep_scan:

    runs-on: ubuntu-latest

    name: Run a deep scan. You will need a suitable api key

    steps:

      - name: Checkout

        uses: actions/checkout@v4

      - name: Actual test

        uses: pentesttoolscom/pentesttools-github-action@master

        id: ptt

        with:

          target: pentest-ground.com:81

          format: text

          fail: low

          type: deep

          key: ${{ secrets.PTT_API_KEY }}

      - name: Check the output

        run: echo "The report ${{ steps.ptt.outputs.result }}"

```



# What is Pentest-Tools.com?

[Pentest-Tools.com ](http://pentest-tools.com/) helps security teams run the key steps of a penetration test, easily and without expert hacking skills.

Headquartered in Europe (Bucharest, Romania), [Pentest-Tools.com](http://pentest-tools.com/) makes offensive cybersecurity tools and proprietary vulnerability scanner software for penetration testers and other infosec pros. Security teams use our toolkit to identify paths attackers can use to compromise your organization so you can effectively reduce your exposure to cyberattacks.