Skip to content

thereisnotime/Action-sqlmap

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

GitHub Action: sqlmap

This action runs sqlmap to scan a URL with the given parameters. Recommended use is with a @vX tag to ensure a stable version is used instead of @master. Versions can be found here tags and sqlmap documentation for all parameters here.

Examples

Start a scan

- name: Scan with sqlmap
  uses: thereisnotime/action-sqlmap@master
  with:
    url: "https://blackfox-security.com/vuln.php?id=1"

Weekly scheduled scans

on:
  schedule:
    - cron: 0 11 * * 1 # Monday at 11 UTC

jobs:
  scan_sqlmap:
    runs-on: ubuntu-latest
    name: SCAN | sqlmap DAST
    steps:
      - name: Scan with sqlmap
        uses: thereisnotime/action-sqlmap@master
        with:
          url: "https://blackfox-security.com"
          additional_args: "--batch --crawl=2 --random-agent --forms --level=5 --risk=3"

Use latest version in a job

scan_sqlmap:
  runs-on: ubuntu-latest
  name: SCAN | sqlmap DAST
  steps:
    - name: Scan with sqlmap
      uses: thereisnotime/action-sqlmap@master
      with:
        url: "https://blackfox-security.com"
        additional_args: "--batch --crawl=2 --random-agent --forms --level=5 --risk=3"

Use latest version in a job and upload the results back to the repository

scan_sqlmap:
  runs-on: ubuntu-latest
  name: SCAN | sqlmap DAST
  steps:
    - name: Prepare environment
      run: |
        echo "START_DATE=$(date +'%d-%m-%YT%H-%M-%S-%Z')" >> $GITHUB_ENV
        echo "START_TIMESTAMP=$(date +'%s')" >> $GITHUB_ENV
        TMP_TARGET="https://blackfox-security.com"
        echo "TARGET=$TMP_TARGET" >> $GITHUB_ENV
    - name: Checkout
      uses: actions/checkout@v3
    - name: Scan with sqlmap
      uses: thereisnotime/action-sqlmap@master
      with:
        url: ${{ env.TARGET }}
        additional_args: "--batch --crawl=2 --random-agent --forms --level=5 --risk=3"
    - name: Commit and push changes
      uses: EndBug/add-and-commit@v9
      with:
        author_name: GitHub Actions
        author_email: 41898282+github-actions[bot]@users.noreply.github.com
        message: "👷 chore(sqlmap): add report for ${{ env.TARGET }}-${{ env.START_DATE }}-${{ env.START_TIMESTAMP }}"
        add: "./reports/web/*"
        pull: "--rebase --autostash"

Inputs

url

Required. Target URL (e.g. http://blackfox-security.com/vuln.php?id=1)

additional_args

Additional arguments to pass to sqlmap. Default is --batch to run in non-interactive mode.

Outputs

result

JSON scan results.

resultb64

JSON scan results, base64 encoded.

Roadmap

If there is enough time or interest, I will add the following features (feel free to open PRs):

  • Finish support for outputs (e.g. result and resultb64).
  • Add support for notification via Slack.
  • Add support for notification via Telegram.
  • Add support for notification via email.
  • Add support for notification via custom webhooks.
  • Improve argument handling.

About

A GitHub Action that executes sqlmap

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Fixed typos Latest
May 28, 2023
+ 1 release

Packages

No packages published

Languages