This custom GitHub Action leverages the ZAP (Zed Attack Proxy) tool to perform penetration testing on a specified website. The results of the test are then sent to a provided email address. ZAP is a popular open-source security tool maintained by the OWASP (Open Web Application Security Project) that helps identify vulnerabilities in web applications.
- Comprehensive Security Testing: ZAP performs various types of security tests, including but not limited to cross-site scripting (XSS), SQL injection, and insecure server configurations.
- Open Source and Extensible: ZAP is open-source, which means it's free to use and can be extended with plugins to add additional functionality.
- Active Community Support: Being a part of the OWASP project, ZAP has a large and active community that continuously contributes to its development and maintenance.
- Automated Scanning: ZAP can automate the process of scanning for vulnerabilities, making it easier to integrate into CI/CD pipelines.
To manually trigger this action, follow these steps:
-
Navigate to the Actions tab of this GitHub repository.
-
Select the PEN Test Action from the list of available workflows.
-
Provide the required inputs:
- Email: The email address where you want to receive the test results.
- Web URL: The URL of the website you want to test.
-
Trigger the Action by clicking the
Run workflowbutton.
Once triggered, the action will:
- Run the ZAP penetration test on the specified website.
- Summarize the findings in an email.
- Send the email to the provided address with the test results.
