From 3cad52f160f982264a65bf1356f261c438ada664 Mon Sep 17 00:00:00 2001 From: staffadmin Date: Tue, 1 Apr 2025 23:02:35 +0200 Subject: [PATCH] update scan --- hosts | 4 ++-- paused.conf | 10 +++++----- scan.yml | 47 +++++++++++++++++++++++------------------------ 3 files changed, 30 insertions(+), 31 deletions(-) diff --git a/hosts b/hosts index e3c9999..af5f7b7 100644 --- a/hosts +++ b/hosts @@ -4,8 +4,8 @@ scaleway ansible_host=163.172.84.28 ansible_user=stephane [tower] scaleway ansible_host=163.172.84.28 ansible_user=stephane -; [local] -; scaleway ansible_host=127.0.0.1 ansible_user=stephanegratias +[local] +localhost ansible_host=127.0.0.1 ansible_user=stephanegratias ; [cluster] ; scale01 ansible_host=163.172.209.36 ansible_user=stephane ; ovh01 ansible_host=5.135.181.11 ansible_user=stephane diff --git a/paused.conf b/paused.conf index 093a962..e18cf3d 100644 --- a/paused.conf +++ b/paused.conf @@ -1,14 +1,14 @@ # resume information -resume-index = 69 -seed = 491264110608124713 +resume-index = 71 +seed = 7464748628149762831 rate = 100 shard = 1/1 nocapture = servername -adapter-ip = 192.168.0.11 +adapter-ip = 192.168.0.13 # TARGET SELECTION (IP, PORTS, EXCLUDES) -ports = 443 -range = 163.172.85.0/24 +ports = 20-80 +range = 147.135.120.20/30 diff --git a/scan.yml b/scan.yml index da29dd1..8e8d4e0 100644 --- a/scan.yml +++ b/scan.yml @@ -1,7 +1,7 @@ --- - name: Scan - hosts: tower - #- scaleway + hosts: + - tower #- localhost become: true gather_facts: false @@ -19,8 +19,8 @@ #TODO target in list # 163.172.0.0/24 # 163.172.80.0/28 - target_network: 163.172.91.0/24 - target_port: 443 + target_network: 147.135.120.20/30 + target_port: 20-80 # 163.172.0.0/20 # 163.172.16.0/20 # 163.172.31.0/20 @@ -62,18 +62,20 @@ - ansible.builtin.command: cmd: "masscan {{ target_network }} -p{{ target_port }}" + #cmd: "/opt/homebrew/bin/masscan {{ target_network }} -p{{ target_port }}" become: true register: scan_output # when: target_port is not list # pause - debug: - msg: "{{ scan_output }}" - + msg: "{{ item.split('/')[0].split(' ')[-1]|int }}" + loop: "{{ scan_output.stdout_lines }}" - community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" - port: 443 + #port: 443 + port: "{{ item.split('/')[0].split(' ')[-1]|int }}" asn1_base64: true delegate_to: localhost run_once: true @@ -82,26 +84,24 @@ register: cert tags: test - # - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short" - # register: reverse_dns - # ignore_errors: true - # loop: "{{ scan_output.stdout_lines }}" + - ansible.builtin.command: "nc -v -w 0 {{ item.split('on')[-1].strip() }} {{ item.split('/')[0].split(' ')[-1]|int }}" + register: nc_port + ignore_errors: true + loop: "{{ scan_output.stdout_lines }}" - - -# # item.subject.CN +# item.subject.CN # - debug: # # msg: "{{ item.subject.CN }}" - # msg: "{{ item.stdout_lines }}" - # loop: "{{ reserse_dns.results }}" + # msg: "{{ item.stderr_lines }}" + # loop: "{{ nc_port.results }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # delegate_to: localhost - # - ansible.builtin.set_fact: - # reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}" - # loop: "{{ reverse_dns.results }}" + - ansible.builtin.set_fact: + nc_port_list: "{{ nc_port_list|default([]) + [item.stderr_lines | join(',')]}}" + loop: "{{ nc_port.results }}" #! remove run once when network range > 24 #! take time, can be better @@ -115,7 +115,7 @@ #! take time, can be better - ansible.builtin.lineinfile: path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" - line: "IP,PORT,CN,ISSUER COUNTRY,ISSUER ORGA" + line: "IP,PORT,SERVICE,CN,ISSUER COUNTRY,ISSUER ORGA" insertbefore: BOF create: yes loop: "{{ cert.results }}" @@ -129,12 +129,12 @@ - ansible.builtin.lineinfile: path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" - line: "{{ item.invocation.module_args.host }},{{ item.invocation.module_args.port }},{{ item.subject.CN | default('no CN') }},{{ item.issuer.C | default('no issuer Country') }},{{ item.issuer.O| default('no issuer Orga') }}" + line: "{{ item.invocation.module_args.host }},{{ item.invocation.module_args.port }},{{ nc_port_list[my_idx] }},{{ item.subject.CN | default('no CN') }},{{ item.issuer.C | default('no issuer Country') }},{{ item.issuer.O| default('no issuer Orga') }}" create: yes state: present loop: "{{ cert.results }}" - # loop_control: - # index_var: my_idx + loop_control: + index_var: my_idx delegate_to: localhost when: item.invocation is defined @@ -177,4 +177,3 @@ status_code: 200 tags: test1 delegate_to: localhost - # when: fetch_files_backup.changed is true