Skip to content

Latest commit

 

History

History
151 lines (101 loc) · 4.94 KB

README.md

File metadata and controls

151 lines (101 loc) · 4.94 KB

Run a Nexploit Scan

This action runs a new security scan in Nexploit, or reruns an existing one.

Build Secure Apps & APIs. Fast.

NeuraLegion is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.

Automatically Tests Every Aspect of Your Apps & APIs

Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports

Seamlessly integrates with the Tools and Workflows You Already Use

NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing.

Spin-Up, Configure and Control Scans with Code

One file. One command. One scan. No UI needed.

Super-Fast Scans

Interacts with applications and APIs, instead of just crawling them and guessing. Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.

No False Positives

Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.

Comprehensive Security Testing

NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.

More information is available on NeuraLegion’s:

Inputs

name

Required. Scan name.

Example: name: GitHub scan ${{ github.sha }}

api_token

Required. Your Nexploit API authorization token (key). You can generate it in the Organization section on nexploit.app. Find more information here.

Example: api_token: ${{ secrets.NEXPLOIT_TOKEN }}

restart_scan

Required when restarting an existing scan by its ID. You can get the scan ID in the Scans section on nexploit.app.
Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.

Example: restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)

discovery_types

Required. Array of discovery types. The following types are available:

  • archive - uses an uploaded HAR-file for a scan
  • crawler - uses a crawler to define the attack surface for a scan
  • oas - uses an uploaded OpenAPI schema for a scan
    If no discovery type is specified, crawler is applied by default.

Example:

discovery_types: |
  [ "crawler", "archive" ]

file_id

Required if the discovery type is set to archive or oas. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the Storage section on nexploit.app.

Example:

FILE_ID=$(nexploit-cli archive:upload   \
--token ${{ secrets.NEXPLOIT_TOKEN }}   \
--discard true                          \
./example.har)

crawler_urls

Required if the discovery type is set to crawler. Target URLs to be used by the crawler to define the attack surface.

Example:

crawler_urls: |
  [ "http://vulnerable-bank.com" ]

hosts_filter

Required when the the discovery type is set to archive. Allows selecting specific hosts for a scan.

Outputs

url

Url of the resulting scan

id

ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:

Example usage

Start a new scan with parameters

steps:
    - name: Start Nexploit Scan
      id: start
      uses: NeuraLegion/[email protected]
      with:
        api_token: ${{ secrets.NEXPLOIT_TOKEN }}
        name: GitHub scan ${{ github.sha }}
        discovery_types: |
          [ "crawler", "archive" ]
        crawler_urls: |
          [ "http://vulnerable-bank.com" ]
        file_id: LiYknMYSdbSZbqgMaC9Sj
        hosts_filter: |
          [ ]
    - name: Get the output scan url
      run: echo "The scan was started on ${{ steps.start.outputs.url }}"

Restart an existing scan

steps:
    - name: Start Nexploit Scan
      id: start
      uses: NeuraLegion/[email protected]
      with:
        api_token: ${{ secrets.NEXPLOIT_TOKEN }}
        name: GitHub scan ${{ github.sha }}
        restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
    - name: Get the output scan url
      run: echo "The scan was started on ${{ steps.start.outputs.url }}"