sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update scan

Browse Source
This commit is contained in:
sgratias
2025-04-01 23:02:35 +02:00
parent 16635662b9
commit 3cad52f160
3 changed files with 30 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts
View File

@@ -4,8 +4,8 @@ scaleway ansible_host=163.172.84.28 ansible_user=stephane
[tower] [tower]
scaleway ansible_host=163.172.84.28 ansible_user=stephane scaleway ansible_host=163.172.84.28 ansible_user=stephane
; [local] [local]
; scaleway ansible_host=127.0.0.1 ansible_user=stephanegratias localhost ansible_host=127.0.0.1 ansible_user=stephanegratias
; [cluster] ; [cluster]
; scale01 ansible_host=163.172.209.36 ansible_user=stephane ; scale01 ansible_host=163.172.209.36 ansible_user=stephane
; ovh01 ansible_host=5.135.181.11 ansible_user=stephane ; ovh01 ansible_host=5.135.181.11 ansible_user=stephane

10
paused.conf
View File

@@ -1,14 +1,14 @@
# resume information # resume information
resume-index = 69 resume-index = 71
seed = 491264110608124713 seed = 7464748628149762831
rate = 100 rate = 100
shard = 1/1 shard = 1/1
nocapture = servername nocapture = servername
adapter-ip = 192.168.0.11 adapter-ip = 192.168.0.13
# TARGET SELECTION (IP, PORTS, EXCLUDES) # TARGET SELECTION (IP, PORTS, EXCLUDES)
ports = 443 ports = 20-80
range = 163.172.85.0/24 range = 147.135.120.20/30

47
scan.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Scan - name: Scan
hosts: tower hosts:
#- scaleway - tower
#- localhost #- localhost
become: true become: true
gather_facts: false gather_facts: false
@@ -19,8 +19,8 @@
#TODO target in list #TODO target in list
# 163.172.0.0/24 # 163.172.0.0/24
# 163.172.80.0/28 # 163.172.80.0/28
target_network: 163.172.91.0/24 target_network: 147.135.120.20/30
target_port: 443 target_port: 20-80
# 163.172.0.0/20 # 163.172.0.0/20
# 163.172.16.0/20 # 163.172.16.0/20
# 163.172.31.0/20 # 163.172.31.0/20
@@ -62,18 +62,20 @@
- ansible.builtin.command: - ansible.builtin.command:
cmd: "masscan {{ target_network }} -p{{ target_port }}" cmd: "masscan {{ target_network }} -p{{ target_port }}"
#cmd: "/opt/homebrew/bin/masscan {{ target_network }} -p{{ target_port }}"
become: true become: true
register: scan_output register: scan_output
# when: target_port is not list # when: target_port is not list
# pause # pause
- debug: - debug:
msg: "{{ scan_output }}" msg: "{{ item.split('/')[0].split(' ')[-1]|int }}"
loop: "{{ scan_output.stdout_lines }}"
- community.crypto.get_certificate: - community.crypto.get_certificate:
host: "{{ item.split('on')[-1].strip() }}" host: "{{ item.split('on')[-1].strip() }}"
port: 443 #port: 443
port: "{{ item.split('/')[0].split(' ')[-1]|int }}"
asn1_base64: true asn1_base64: true
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
@@ -82,26 +84,24 @@
register: cert register: cert
tags: test tags: test
# - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short" - ansible.builtin.command: "nc -v -w 0 {{ item.split('on')[-1].strip() }} {{ item.split('/')[0].split(' ')[-1]|int }}"
# register: reverse_dns register: nc_port
# ignore_errors: true ignore_errors: true
# loop: "{{ scan_output.stdout_lines }}" loop: "{{ scan_output.stdout_lines }}"
# item.subject.CN
# # item.subject.CN
# - debug: # - debug:
# # msg: "{{ item.subject.CN }}" # # msg: "{{ item.subject.CN }}"
# msg: "{{ item.stdout_lines }}" # msg: "{{ item.stderr_lines }}"
# loop: "{{ reserse_dns.results }}" # loop: "{{ nc_port.results }}"
# # - "{{ cert.not_after }}" # # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}" # # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test # tags: test
# delegate_to: localhost # delegate_to: localhost
# - ansible.builtin.set_fact: - ansible.builtin.set_fact:
# reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}" nc_port_list: "{{ nc_port_list|default([]) + [item.stderr_lines | join(',')]}}"
# loop: "{{ reverse_dns.results }}" loop: "{{ nc_port.results }}"
#! remove run once when network range > 24 #! remove run once when network range > 24
#! take time, can be better #! take time, can be better
@@ -115,7 +115,7 @@
#! take time, can be better #! take time, can be better
- ansible.builtin.lineinfile: - ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
line: "IP,PORT,CN,ISSUER COUNTRY,ISSUER ORGA" line: "IP,PORT,SERVICE,CN,ISSUER COUNTRY,ISSUER ORGA"
insertbefore: BOF insertbefore: BOF
create: yes create: yes
loop: "{{ cert.results }}" loop: "{{ cert.results }}"
@@ -129,12 +129,12 @@
- ansible.builtin.lineinfile: - ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
line: "{{ item.invocation.module_args.host }},{{ item.invocation.module_args.port }},{{ item.subject.CN | default('no CN') }},{{ item.issuer.C | default('no issuer Country') }},{{ item.issuer.O| default('no issuer Orga') }}" line: "{{ item.invocation.module_args.host }},{{ item.invocation.module_args.port }},{{ nc_port_list[my_idx] }},{{ item.subject.CN | default('no CN') }},{{ item.issuer.C | default('no issuer Country') }},{{ item.issuer.O| default('no issuer Orga') }}"
create: yes create: yes
state: present state: present
loop: "{{ cert.results }}" loop: "{{ cert.results }}"
# loop_control: loop_control:
# index_var: my_idx index_var: my_idx
delegate_to: localhost delegate_to: localhost
when: item.invocation is defined when: item.invocation is defined
@@ -177,4 +177,3 @@
status_code: 200 status_code: 200
tags: test1 tags: test1
delegate_to: localhost delegate_to: localhost
# when: fetch_files_backup.changed is true