BBHunt Security Scan #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/bbhunt.yml | |
| name: BBHunt Security Scan | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' # Weekly on Sunday | |
| workflow_dispatch: # Manual trigger | |
| inputs: | |
| target: | |
| description: 'Target to scan' | |
| required: true | |
| default: 'default-target' | |
| profile: | |
| description: 'Profile to use (base, safe, audible, custom)' | |
| required: false | |
| default: 'base' | |
| type: choice | |
| options: | |
| - base | |
| - safe | |
| - audible | |
| - custom | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Rust | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Cache Rust dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Build BBHunt | |
| uses: actions-rs/cargo@v1 | |
| with: | |
| command: build | |
| args: --release | |
| - name: Upload binary | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: bbhunt-binary | |
| path: target/release/bbhunt | |
| setup: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Download BBHunt binary | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: bbhunt-binary | |
| path: ./bin | |
| - name: Make binary executable | |
| run: chmod +x ./bin/bbhunt | |
| - name: Create directories | |
| run: | | |
| mkdir -p ./config/profiles | |
| mkdir -p ./config/templates | |
| mkdir -p ./data/reports | |
| mkdir -p ./data/targets | |
| - name: Setup profile | |
| run: | | |
| PROFILE_NAME="${{ github.event.inputs.profile || 'base' }}" | |
| if [ -f "./profiles/$PROFILE_NAME.toml" ]; then | |
| cp "./profiles/$PROFILE_NAME.toml" "./config/profiles/" | |
| echo "Using profile: $PROFILE_NAME" | |
| else | |
| echo "Profile $PROFILE_NAME not found, falling back to base" | |
| if [ -f "./profiles/base.toml" ]; then | |
| cp "./profiles/base.toml" "./config/profiles/" | |
| else | |
| # Create minimal base profile | |
| cat > ./config/profiles/base.toml << EOF | |
| [profile] | |
| name = "base" | |
| description = "Default base profile with standard settings" | |
| tags = ["default", "base"] | |
| enabled = true | |
| EOF | |
| fi | |
| fi | |
| - name: Setup target | |
| run: | | |
| TARGET="${{ github.event.inputs.target || 'default-target' }}" | |
| BBHUNT_GLOBAL_CONFIG_DIR="./config" \ | |
| BBHUNT_GLOBAL_DATA_DIR="./data" \ | |
| ./bin/bbhunt target add "$TARGET" --domain "$TARGET" | |
| - name: Caching config and data | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./config | |
| ./data | |
| key: ${{ runner.os }}-bbhunt-${{ github.run_id }}-setup | |
| recon: | |
| needs: setup | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Download BBHunt binary | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: bbhunt-binary | |
| path: ./bin | |
| - name: Make binary executable | |
| run: chmod +x ./bin/bbhunt | |
| - name: Restore cached config and data | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./config | |
| ./data | |
| key: ${{ runner.os }}-bbhunt-${{ github.run_id }}-setup | |
| - name: Run Reconnaissance | |
| run: | | |
| BBHUNT_GLOBAL_CONFIG_DIR="./config" \ | |
| BBHUNT_GLOBAL_DATA_DIR="./data" \ | |
| BBHUNT_GLOBAL_PROFILE="${{ github.event.inputs.profile || 'base' }}" \ | |
| ./bin/bbhunt run subdomain_enum "${{ github.event.inputs.target || 'default-target' }}" --profile "${{ github.event.inputs.profile || 'base' }}" | |
| - name: Caching recon results | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./config | |
| ./data | |
| key: ${{ runner.os }}-bbhunt-${{ github.run_id }}-recon | |
| scan: | |
| needs: recon | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Download BBHunt binary | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: bbhunt-binary | |
| path: ./bin | |
| - name: Make binary executable | |
| run: chmod +x ./bin/bbhunt | |
| - name: Restore cached recon results | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./config | |
| ./data | |
| key: ${{ runner.os }}-bbhunt-${{ github.run_id }}-recon | |
| - name: Run Web Scan | |
| run: | | |
| BBHUNT_GLOBAL_CONFIG_DIR="./config" \ | |
| BBHUNT_GLOBAL_DATA_DIR="./data" \ | |
| BBHUNT_GLOBAL_PROFILE="${{ github.event.inputs.profile || 'base' }}" \ | |
| ./bin/bbhunt run web_scan "${{ github.event.inputs.target || 'default-target' }}" --profile "${{ github.event.inputs.profile || 'base' }}" | |
| - name: Caching scan results | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./config | |
| ./data | |
| key: ${{ runner.os }}-bbhunt-${{ github.run_id }}-scan | |
| report: | |
| needs: scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Download BBHunt binary | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: bbhunt-binary | |
| path: ./bin | |
| - name: Make binary executable | |
| run: chmod +x ./bin/bbhunt | |
| - name: Restore cached scan results | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ./config | |
| ./data | |
| key: ${{ runner.os }}-bbhunt-${{ github.run_id }}-scan | |
| - name: Copy template files | |
| run: | | |
| if [ -d "./templates" ]; then | |
| mkdir -p ./config/templates | |
| cp ./templates/*.html ./config/templates/ 2>/dev/null || true | |
| cp ./templates/*.md ./config/templates/ 2>/dev/null || true | |
| fi | |
| - name: Generate Reports | |
| run: | | |
| BBHUNT_GLOBAL_CONFIG_DIR="./config" \ | |
| BBHUNT_GLOBAL_DATA_DIR="./data" \ | |
| BBHUNT_GLOBAL_PROFILE="${{ github.event.inputs.profile || 'base' }}" \ | |
| ./bin/bbhunt report \ | |
| --target "${{ github.event.inputs.target || 'default-target' }}" \ | |
| --format json md html \ | |
| --output ./reports \ | |
| --title "Security Scan Report for ${{ github.event.inputs.target || 'default-target' }}" | |
| - name: Upload Reports | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: security-reports | |
| path: ./reports | |
| notify: | |
| needs: report | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download Reports | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: security-reports | |
| path: ./reports | |
| - name: Send Notification | |
| # This is where you'd integrate with your notification system | |
| # Below is a placeholder | |
| run: | | |
| if [ -n "${{ secrets.NOTIFICATION_WEBHOOK_URL }}" ]; then | |
| curl -X POST -H "Content-Type: application/json" \ | |
| -d '{"text":"Security scan completed for ${{ github.event.inputs.target || 'default-target' }} (Profile: ${{ github.event.inputs.profile || 'base' }})."}' \ | |
| ${{ secrets.NOTIFICATION_WEBHOOK_URL }} | |
| else | |
| echo "No webhook URL configured, skipping notification" | |
| fi |