Welcome to OpsFolio Penetration Toolkit. Our toolkit comprises a comprehensive set of penetration testing tools, including Nmap and more, designed to assess the security posture of networks and endpoints. With scheduled GitHub Actions, our toolkit automatically runs on GitHub-managed remote runners, enabling seamless testing of IP addresses or endpoints defined in GitHub Action variables/secrets.
- Automated Testing: Scheduled GitHub Actions facilitate regular testing without manual intervention.
- Toolset: Our toolkit includes popular tools like Nmap for network discovery and security auditing.
- Centralized Reporting: Leveraging the Nmap-formatter, our toolkit combines XML outputs from each endpoint and aggregates results into a single SQLite database.
- Querying Capabilities: The aggregated data in the SQLite database allows for efficient querying using SQL, enabling in-depth analysis and reporting.
To configure variables for the namp pentesting workflow in your GitHub repository, follow these steps:
- Navigate to your repository on GitHub.
- Go to Settings > Secrets and variables > Actions.
- Select Variables, then click on
New repository variable. Namethe variable ENDPOINTS.- Enter the
valuein the formathostname|ipaddress|boundary.
For example:
DO_PRIME|19x.xx.xx.x7|DigitalOcean- Click on Add variable.
You can add any number of IP addresses in this format, which means there is no need to hardcode the hostnames, IP addresses, or boundary names in the code.
To run the workflow manually, follow these steps:
- Navigate to the Actions tab in your GitHub repository.
- Select the workflow you want to run from the list of workflows.
- Click the Run workflow button on the right side of the screen.
- If your workflow requires inputs, provide the necessary variables or parameters.
- Confirm by clicking the Run workflow button in the modal that appears.
Stay tuned for updates and enhancements to our toolkit as we continue to enhance security testing capabilities for OpsFolio users!