PD Actions

Continuous reconnaissance and vulnerability assessment using GitHub Actions

Advantages

• Free 2000 minutes/month of cloud scans.
• Fully automated and simple to deploy
• Continuous scheduled scans & monitoring of assets
• Integrate any tool of your choice in workflow
• Native git diff support for change visualization

Setup

• Fork this project using the button at the top right side of the browser.
• On the forked version, Update input/domains.txt with the target of your interest.
• Done! You can manually trigger the action file under the Actions menu.

For running continuous periodic scan, remove the below comments form your actions file.

name: pd-actions

on:
#    schedule:
#      - cron: '0 0 * * *'
    workflow_dispatch:

As default, scans are scheduled to run at 12 AM on daily basis, you can update schedule and flag values of various tools as per your need in .github/workflows/pd-actions.yaml file on your forked version.

⚠️ Warning ⚠️

GitHub does not allow to fork public project as private, so forking this project result into making your target domain as public, it is advised to duplicate this project as per GitHub instruction to avoid disclosing sensitive information.

Config You can configure keys for sources to use in subfinder in config/subfinder-config.yaml to get additional results, also config/bug-tracker-config.yaml to make use of nuclei bug reporting module, for more details. To send output from any project directly to Slack, Discord, Telegram, add/update notify flags in the .github/workflows/pd-actions.yaml file accordingly.

PD Action workflow

As described in the picture, PD action workflow takes root domain as input from input/domains.txt file,

1. Performs passive subdomain enumeration using SubFinder
2. Filter the inactive / invalid subdomains using dnsx
3. Performs port scan for top 100 ports using Naabu
4. Run HTTP webserver probing on the discovered ports using httpx
5. Run CVEs based various nuclei templates using Nuclei
6. Send alerts to Slack,Discord,Telegram using Notify - (Optional)
7. Create tickets for bugs found using Nuclei on Github,Gitlab,Jira - (Optional)

Results from each tool stored in the output/ directory, upon changes after each scan you can also view the all changes using built in git diff UI and CLI.

You can always tweak the flags from each project as per your need directly at .github/workflows/pd-actions.yaml.

Custom workflow

Checkout our blog-post https://blog.projectdiscovery.io/github-actions-for-application-security/ for a detailed breakdown of PD actions workflow and steps to write your own custom workflow using Github actions, PD actions is an idea to showcase utilization of GitHub Actions for Application security automation, you can do a lot of things with your custom workflows and tooling.

We have also added a few example workflows to run individual projects, we will add more workflows example to cover different use cases to improve security of organization, if you got more workflows example to share with community? please don't hesitate to open a PR 😄

Notes: Separate workflow for different organization Helps to avoid hitting 6 hours scan time limit per scan. Managed GitHub change visualization. Different schedule time for different workflows. This will avoid running your all scans at same time.

Limitations

GitHub free account comes with 2000 minutes/month of free scans, making it practically free to run your continuous scans in the cloud. Few noticeable limits that are worth mentioning are listed below.

Additional reference

• https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration#usage-limits
• https://blog.projectdiscovery.io/github-actions-for-application-security/
• https://cdmana.com/2021/03/20210310142516432Q.html