$loading...
Generate a GitHub Actions workflow that runs security payload tests against your endpoints. Download the YAML and add to your repo.
# Generated by Payload Playground
# https://payloadplayground.com/tools/github-action
name: Security Payload Tests
on:
schedule:
- cron: '0 9 * * 1'
workflow_dispatch:
jobs:
security-test:
runs-on: ubuntu-latest
steps:
- name: Setup
run: echo "Testing https://example.com/search?q="
- name: Test XSS payloads
run: |
echo "Fetching XSS payloads..."
curl -sf "https://payloadplayground.com/api/generate?type=xss&format=txt" \
-o /tmp/xss-payloads.txt
echo "Testing $(wc -l < /tmp/xss-payloads.txt) payloads against target..."
VULNS=0
while IFS= read -r payload; do
ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('''$payload'''))")
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" "https://example.com/search?q=$ENCODED" --max-time 10 2>/dev/null || echo "000")
if [ "$STATUS" = "200" ]; then
echo "POTENTIAL: $payload (HTTP $STATUS)"
VULNS=$((VULNS + 1))
fi
done < /tmp/xss-payloads.txt
echo "Found $VULNS potential XSS issues"
[ "$VULNS" -gt 0 ] && exit 1 || true
- name: Test SQLI payloads
run: |
echo "Fetching SQLI payloads..."
curl -sf "https://payloadplayground.com/api/generate?type=sqli&format=txt" \
-o /tmp/sqli-payloads.txt
echo "Testing $(wc -l < /tmp/sqli-payloads.txt) payloads against target..."
VULNS=0
while IFS= read -r payload; do
ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('''$payload'''))")
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" "https://example.com/search?q=$ENCODED" --max-time 10 2>/dev/null || echo "000")
if [ "$STATUS" = "200" ]; then
echo "POTENTIAL: $payload (HTTP $STATUS)"
VULNS=$((VULNS + 1))
fi
done < /tmp/sqli-payloads.txt
echo "Found $VULNS potential SQLI issues"
[ "$VULNS" -gt 0 ] && exit 1 || true
- name: Summary
if: always()
run: echo "Security payload testing complete"