Updates framework detectors for Tornado #68

Workflow file for this run

	name: Vimana Framework Security Testing

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main ]
	workflow_dispatch:
	inputs:
	target_url:
	description: 'Target URL to scan (e.g., http://localhost:8000)'
	required: true
	default: 'http://localhost:8000'
	plugin:
	description: 'Vimana plugin to use for scanning'
	required: true
	default: 'd4m8'
	type: choice
	options:
	- d4m8
	- viewscan
	- other_plugins_coming_soon
	scan_mode:
	description: 'Scan mode for the selected plugin'
	required: false
	default: 'blackbox'
	type: choice
	options:
	- blackbox
	- aggressive
	- rule_based
	- custom_data

	jobs:
	vimana-security-scan:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Python 3.9
	uses: actions/setup-python@v4
	with:
	python-version: '3.9'

	- name: Install UV
	uses: astral-sh/setup-uv@v1
	with:
	version: "latest"

	- name: Install dependencies with UV
	run: \|
	uv pip install --upgrade pip
	uv pip install -r requirements.txt
	uv pip install -U PyYAML

	- name: Create symlinks
	run: \|
	sudo ln -sf $PWD/vimana.py /usr/bin/vimana
	sudo ln -sf $PWD/vimana.py /usr/bin/vf

	- name: Load Vimana plugins
	run: \|
	vimana load --plugins

	- name: Run D4M8 Blackbox Scan
	if: github.event.inputs.plugin == 'd4m8' && github.event.inputs.scan_mode == 'blackbox'
	run: \|
	echo "Running D4M8 in blackbox mode against ${{ github.event.inputs.target_url }}"
	vf run --plugin d4m8 --target-url ${{ github.event.inputs.target_url }}

	- name: Run D4M8 Aggressive Scan with Custom Data
	if: github.event.inputs.plugin == 'd4m8' && github.event.inputs.scan_mode == 'aggressive'
	run: \|
	echo "Running D4M8 in aggressive mode with extended scope"
	vf run \
	--plugin d4m8 \
	--target-url ${{ github.event.inputs.target_url }} \
	--agressive \
	--xscope \
	--data '{"email":"test@github-actions.com","username": "github_user"}'

	- name: Run D4M8 Rule-Based Scan
	if: github.event.inputs.plugin == 'd4m8' && github.event.inputs.scan_mode == 'rule_based'
	run: \|
	echo "Running D4M8 in rule-based scanning mode"
	vf run --plugin d4m8 --scan-rules

	- name: Run D4M8 Custom Data Scan
	if: github.event.inputs.plugin == 'd4m8' && github.event.inputs.scan_mode == 'custom_data'
	run: \|
	echo "Running D4M8 with custom data fields"
	vf run \
	--plugin d4m8 \
	--target-url ${{ github.event.inputs.target_url }} \
	--data '{"email":"admin@target.com","password":"testpass123","username":"admin_user","csrfmiddlewaretoken":"invalid_token"}'

	- name: Run ViewScan Plugin (if selected)
	if: github.event.inputs.plugin == 'viewscan'
	run: \|
	echo "Running ViewScan plugin against workspace"
	vf run --plugin viewscan --project-dir "${GITHUB_WORKSPACE}"

	- name: Upload scan results
	uses: actions/upload-artifact@v3
	if: always()
	with:
	name: vimana-scan-results-${{ github.event.inputs.plugin }}-${{ github.event.inputs.scan_mode }}
	path: \|
	core/_dbops_/
	*.log
	*.json
	*.xml
	*.txt
	*.html

	- name: Upload SARIF results (if available)
	uses: github/codeql-action/upload-sarif@v2
	if: always()
	with:
	sarif_file: '*.sarif'

	docker-build:
	runs-on: ubuntu-latest
	needs: vimana-security-scan

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Vimana Docker image
	uses: docker/build-push-action@v5
	with:
	context: .
	push: false
	tags: vimana_framework:latest
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Test Docker image with D4M8
	run: \|
	echo "Testing Vimana Docker image with D4M8 plugin"
	docker run --rm vimana_framework:latest guide --plugin d4m8

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Updates framework detectors for Tornado #68

Workflow file

Updates framework detectors for Tornado #68

Uh oh!

Jobs

Run details

Workflow file for this run