The official Pentest-Tools.com Github Action.
This action allows light and deep website scans through Pentest-Tools.com using the ptt
interface.
You can look into the test-action.yml file for a few examples.
Just a check, will not fail:
- name: Actual test
uses: pentesttoolscom/pentesttools-github-action@master
id: ptt
with:
target: example.com # Has to be accessible to our scanners: https://pentest-tools.com/whitelist-ipv4.txt
- name: Print the output
run: echo "The report: ${{ steps.ptt.outputs.result }}"
Fail if ptt
finds high risk vulnerabilities, present the report as json
- name: Actual test
uses: pentesttoolscom/pentesttools-github-action@master
id: ptt
with:
target: example.com
format: json # JSON. Human readable text is also available, as the default
fail: low # The run will fail if a vulnerability with at least a low risk is found
- name: Print the output
run: echo "The report: ${{ steps.ptt.outputs.result }}"
You can also run the action manually, if you wish so:
on:
manual:
inputs:
pr-id:
type: string
description: PR ID
required: true
jobs:
test_manual_workflow:
runs-on: ubuntu-latest
name: Run manually
if: github.event_name == 'manual'
steps:
- name: Actual test
uses: pentesttoolscom/pentesttools-github-action@master
id: ptt
with:
target: pentest-ground.com:81
format: text
fail: low
# Use the output
- name: Check the output
run: echo "The report ${{ steps.ptt.outputs.result }}"
test_deep_scan:
runs-on: ubuntu-latest
name: Run a deep scan. You will need a suitable api key
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Actual test
uses: pentesttoolscom/pentesttools-github-action@master
id: ptt
with:
target: pentest-ground.com:81
format: text
fail: low
type: deep
key: ${{ secrets.PTT_API_KEY }}
- name: Check the output
run: echo "The report ${{ steps.ptt.outputs.result }}"
Pentest-Tools.com helps security teams run the key steps of a penetration test, easily and without expert hacking skills. Headquartered in Europe (Bucharest, Romania), Pentest-Tools.com makes offensive cybersecurity tools and proprietary vulnerability scanner software for penetration testers and other infosec pros. Security teams use our toolkit to identify paths attackers can use to compromise your organization so you can effectively reduce your exposure to cyberattacks.