SecLists/.github/workflows/wordlist-updater_default-passwords.yml

name: Wordlist Updater - default-passwords

on:
  workflow_dispatch:
  push:
    paths:
      - 'Passwords/Default-Credentials/default-passwords.csv'

jobs:
  update_default_passwords:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
      - name: Download csvq
        run: |
          CSVQ_HASH="f22a3f96cd00e9b58cd55f0515427b2058d7b13c89b62d24a4867405d4ccc588"
          CSVQ_VERSION="v1.18.1"
          wget https://github.com/mithrandie/csvq/releases/download/${CSVQ_VERSION}/csvq-${CSVQ_VERSION}-linux-amd64.tar.gz
          echo "${CSVQ_HASH} csvq-${CSVQ_VERSION}-linux-amd64.tar.gz" | sha256sum -c
          if [ $? != 0 ]; then
            echo 'CSVQ hash has changed! The https://github.com/mithrandie/csvq repository might have been compromised.'
            exit 1
          else
            tar -xvzf csvq-${CSVQ_VERSION}-linux-amd64.tar.gz csvq-${CSVQ_VERSION}-linux-amd64/csvq
            mv csvq-${CSVQ_VERSION}-linux-amd64/csvq .
            chmod +x csvq
          fi
      - name: Generate default-passwords.txt
        run: |
          ./csvq -N -f CSV 'select Password from `Passwords/Default-Credentials/default-passwords.csv`' > Passwords/Default-Credentials/default-passwords.txt
          sort -u --output Passwords/Default-Credentials/temp.txt Passwords/Default-Credentials/default-passwords.txt
          rm Passwords/Default-Credentials/default-passwords.txt
          mv Passwords/Default-Credentials/temp.txt Passwords/Default-Credentials/default-passwords.txt
      - name: Switching from HTTPS to SSH
        run: git remote set-url origin git@github.com:${{ github.repository }}.git
      - name: Check for changes
        run: git status
      - name: Stage changed files
        run: git add Passwords/Default-Credentials/default-passwords.txt
      - name: Configure git email and username
        run: |
          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config --local user.name "github-actions[bot]"
      - name: Commit changed files
        run: git commit -m "[Github Action] Updated default-passwords.txt"
      - name: Push changes
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          force: true