【渗透测试】GithubAction部署PoC扫描任务

技术文章

GithubAction部署好处:

  • 扫描流量防溯源
  • 不需要公网VPS
  • 推送更新及查看结果较灵活

GithubAction部署弊端:

  • 每个账户每月有2000分钟免费部署时长,不到三十五个小时
  • 每个Action最大运行时间6个小时

首先新建一个Github仓库,推荐设为私有,利用GithubDesktop克隆到本地,接着对本地的项目文件夹进行如下操作:

1、下载需要的工具到项目文件夹:

  • ParamSpider:https://github.com/0xKayala/ParamSpider
  • nulcei-templates:https://github.com/projectdiscovery/fuzzing-templates

2、新建output目录,在里面放入一个README.md文件,不需要写入内容,作为输出目录

3、新建.github目录,在里面新建workflows目录,新建blank.yml文件,即Action脚本

https://zebpic-1301715962.cos.ap-nanjing.myqcloud.com//blog/202401171704908.png

Action部署脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: Incloud_Github_Fuzzing

on:
    workflow_dispatch:

jobs:

  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@master

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: '1.20'

      - name: Setup Dependencies
        run: sudo apt-get install libpcap-dev
        
      - name: Cache Go
        id: cache-go
        uses: actions/cache@v2
        with:
          path: /home/runner/go
          key: ${{ runner.os }}-go
      - name: Setting up ProjectDiscovery tools nuclei
        if: steps.cache-go.outputs.cache-hit != 'true'
        env:
          GO111MODULE: on
        run: |
          go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
          
        shell: bash

      - name: Running ParamSpider
        shell: bash
        run: |
          pip3 install -r ParamSpider/requirements.txt
          chmod +x run.py
          python3 run.py
        

      - name: Running nuclei-fuzzing scaning
        run: |
          nuclei -l output/output.txt -rl 300 -bs 35 -c 30  -mhe 10 -ni -t fuzzing-templates/ -stats -silent -severity critical,medium,high,low -o output/vuln.txt | tee output/vuln.txt
        shell: bash

      - name: Sorting the output results
        run: |
          find output -type f -exec sort {} -o {} \;
        shell: bash

      - name: Create local changes
        run: |
          git add output/vuln.txt
      - name: Commit results to Github
        run: |
          git config --local user.email ""
          git config --global user.name ""
          git commit -m "Nuclei Report" -a --allow-empty
      - name: Push changes
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: ${{ github.ref }}

git config –local user.email 和git config –global user.name 分别填写自己的github邮箱地址和用户名,在脚本基础上还可以进行增加流程。

run.py:

1
2
3
4
5
6
7
8
import os

with open('domain.txt','r') as file:
    hosts = [line.strip() for line in file.readlines()]
for host in hosts:
    os.system("python3 ParamSpider/paramspider.py --domain "+host)
	os.system(f'cat output/*.txt > output/output.txt')

将项目推送到仓库中,进入项目的Settings设置,找到Action,向下找到Access,Workflow permissions,勾选Read and Write和Allow Github,如果不做设置,Action运行最后的输出文件无法推送到仓库中

https://zebpic-1301715962.cos.ap-nanjing.myqcloud.com//blog/202401171708572.png

进入Actions界面,运行Actions,等待运行结束,仓库内查看结果

https://zebpic-1301715962.cos.ap-nanjing.myqcloud.com//blog/202401171710717.png

Github公开Action扫描项目参考:InCloud: