This action runs a new security scan in Nexploit, or reruns an existing one.
NeuraLegion is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing.
One file. One command. One scan. No UI needed.
Interacts with applications and APIs, instead of just crawling them and guessing. Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.
NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
More information is available on NeuraLegion’s:
Required. Scan name.
Example: name: GitHub scan ${{ github.sha }}
Required. Your Nexploit API authorization token (key). You can generate it in the Organization section on nexploit.app. Find more information here.
Example: api_token: ${{ secrets.NEXPLOIT_TOKEN }}
Required when restarting an existing scan by its ID. You can get the scan ID in the Scans section on nexploit.app.
Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
Example: restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)
Required. Array of discovery types. The following types are available:
archive- uses an uploaded HAR-file for a scancrawler- uses a crawler to define the attack surface for a scanoas- uses an uploaded OpenAPI schema for a scan
If no discovery type is specified,crawleris applied by default.
Example:
discovery_types: |
[ "crawler", "archive" ]Required if the discovery type is set to archive or oas. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the Storage section on nexploit.app.
Example:
FILE_ID=$(nexploit-cli archive:upload \
--token ${{ secrets.NEXPLOIT_TOKEN }} \
--discard true \
./example.har)
Required if the discovery type is set to crawler. Target URLs to be used by the crawler to define the attack surface.
Example:
crawler_urls: |
[ "http://vulnerable-bank.com" ]
Required when the the discovery type is set to archive. Allows selecting specific hosts for a scan.
Url of the resulting scan
ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
steps:
- name: Start Nexploit Scan
id: start
uses: NeuraLegion/[email protected]
with:
api_token: ${{ secrets.NEXPLOIT_TOKEN }}
name: GitHub scan ${{ github.sha }}
discovery_types: |
[ "crawler", "archive" ]
crawler_urls: |
[ "http://vulnerable-bank.com" ]
file_id: LiYknMYSdbSZbqgMaC9Sj
hosts_filter: |
[ ]
- name: Get the output scan url
run: echo "The scan was started on ${{ steps.start.outputs.url }}"steps:
- name: Start Nexploit Scan
id: start
uses: NeuraLegion/[email protected]
with:
api_token: ${{ secrets.NEXPLOIT_TOKEN }}
name: GitHub scan ${{ github.sha }}
restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
- name: Get the output scan url
run: echo "The scan was started on ${{ steps.start.outputs.url }}"