[hey]

2024-06-24 13:38:00 +02:00
parent 53f87cef4a
commit 5471abe521
5 changed files with 108 additions and 62 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 backup/
 scaleway/
 .vagrant/
-ressources
+ressources
+SecLists/
--- a/backup.yml
+++ b/backup.yml
@@ -78,6 +78,10 @@
        - /opt/dockerapps/appdata/bind/config/named.conf
        - /opt/dockerapps/appdata/bind/records/example.com.zone
        - /opt/dockerapps/appdata/bind/records/jingoh.private.zone
+      # crowdsec
+        - /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml
+        - /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml
+        - /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile

    # - name: Get a cert from an https port
    #   community.crypto.get_certificate:
--- a/hardening.yml
+++ b/hardening.yml
@@ -154,6 +154,18 @@
    #     msg: "{{ host_private_address }}"


+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: coroot-prometheus-server
+# spec:
+#   storageClassName: manual
+#   accessModes:
+#     - ReadWriteOnce
+#   resources:
+#     requests:
+#       storage: 15Gi
+
    # - ansible.builtin.import_role: 
    #     name: prometheus.prometheus.node_exporter

--- a/kubespray_vars.yml
+++ b/kubespray_vars.yml
@@ -1,13 +0,0 @@
---
-#! Kube options 
-helm_enabled: true
-metrics_server_enabled: false
-ingress_nginx_enabled: false
-cert_manager_enabled: false
-argocd_enabled: true
-node_feature_discovery_enabled: true
-enable_nodelocaldns: false
-enable_nodelocaldns_secondary: false
-
-
-#  ["-e", "{'helm_enabled': true }", "-e" , "{'argocd_enabled': true }", "--become", "--become-user=root"]
--- a/scan.yml
+++ b/scan.yml
@@ -1,11 +1,11 @@
 ---
 - name: Scan
-  hosts: controller
+  hosts: tower
  become: true
  gather_facts: false
  vars: 
  # 163.172.0.0/24
-    target_network: 163.172.84.0/24
+    target_network: 163.172.83.0/24
    ansible_user: stephane 
    ansible_password: stephane 
    ansible_become_password: stephane
@@ -25,25 +25,39 @@

  pre_tasks:

+
+  - ansible.builtin.git:
+      repo: https://github.com/danielmiessler/SecLists.git
+      dest: "{{ playbook_dir }}/SecLists"
+      single_branch: yes
+      force: true
+    delegate_to: localhost
+
  # apt install masscan
  - ansible.builtin.command:
      cmd: "masscan {{ target_network }} -p443 --rate=100000"
    become: true
-    register: scan443
-    # delegate_to: localhost
+    register: scan_output
+    delegate_to: localhost
+
+  # # - name: Simple A record (IPV4 address) lookup for example.com
+  # #   ansible.builtin.debug:
+  # #     msg: "{{ lookup('community.general.dig', 'example.com.')}}"
+
+  # - debug:
+  #     msg: "{{ item.split('on')[-1].strip() }}"
+  #   loop: "{{ scan_output.stdout_lines }}"
+  #   #   - "{{ cert.not_after }}"
+  #   #   - "{{ ansible_date_time.iso8601_basic }}"
+  #   tags: test


-  # - name: Simple A record (IPV4 address) lookup for example.com
-  #   ansible.builtin.debug:
-  #     msg: "{{ lookup('community.general.dig', 'example.com.')}}"
-
-  - debug:
-      msg: "{{ item.split('on')[-1].strip() }}"
-    loop: "{{ scan443.stdout_lines }}"
-    #   - "{{ cert.not_after }}"
-    #   - "{{ ansible_date_time.iso8601_basic }}"
-    tags: test
-
+  # - debug:
+  #     msg: "{{ item }}"
+  #   loop: "{{ scan_output.stdout_lines }}"
+  #   #   - "{{ cert.not_after }}"
+  #   #   - "{{ ansible_date_time.iso8601_basic }}"
+  #   tags: test

  - name: Get a cert from an https por
    community.crypto.get_certificate:
@@ -51,12 +65,23 @@
      port: 443
    delegate_to: localhost
    run_once: true
-    loop: "{{ scan443.stdout_lines }}"
+    loop: "{{ scan_output.stdout_lines }}"
    ignore_errors: true
    register: cert
    tags: test


+  # apt install masscan
+  - ansible.builtin.command:
+      cmd: "ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u https://{{ item.split('on')[-1].strip() }}/FUZZ -s"
+    become: true
+    loop: "{{ scan_output.stdout_lines }}"
+    ignore_errors: true
+    register: fuff
+    delegate_to: localhost
+
+#ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ
+
  # - debug:
  #     msg: "{{ item }}"
  #   loop: "{{ cert.results }}"
@@ -65,44 +90,61 @@
  #   #   - "{{ ansible_date_time.iso8601_basic }}"
  #   tags: test

-  # - debug:
-  #     msg: "{{ item.subject }}"
-  #   loop: "{{ cert.results }}"
-  #   when: item.subject is defined
-  #   # loop: "{{ scan443.stdout_lines }}"
-  #   #   - "{{ cert.not_after }}"
-  #   #   - "{{ ansible_date_time.iso8601_basic }}"
-  #   tags: test
-  #   ignore_errors: true
-
-
-
-  - name: Set host_interfaces list
-    ansible.builtin.set_fact: 
-      host_interfaces: "{{ host_interfaces +  [item.subject]}}"
-    vars:
-      host_interfaces: []
-    when: item.subject is defined
+  - debug:
+      msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}"
    loop: "{{ cert.results }}"
+    when: item.subject is defined
+    # loop: "{{ scan443.stdout_lines }}"
+    #   - "{{ cert.not_after }}"
+    #   - "{{ ansible_date_time.iso8601_basic }}"
+    tags: test
+    ignore_errors: true
+


  - debug:
-      msg: "{{ host_interfaces }}"
+      msg: " host: {{ item.cmd }} ||||||| chemin : {{ item.stdout_lines }}"
+    loop: "{{ fuff.results }}"
+    # when: item.subject is defined
+    # loop: "{{ scan443.stdout_lines }}"
+    #   - "{{ cert.not_after }}"
+    #   - "{{ ansible_date_time.iso8601_basic }}"
+    tags: test
+    ignore_errors: true


-  - name: NTFY when docker compose changed
-    uri:
-      url: "https://alert.jingoh.fr/scaleway"
-      method: POST
-      user: "{{ username }}"
-      password: "{{ password }}"
-      headers:
-        Title: "SCAN HTTPS"
-        ta: "file_folder"
-      body: "{{ target_network }}"
-      status_code: 200
-    tags: test1
-    delegate_to: localhost
+# https://github.com/danielmiessler/SecLists.git
+
+    # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ
+
+
+
+  # - name: Set host_interfaces list
+  #   ansible.builtin.set_fact: 
+  #     host_interfaces: "{{ host_interfaces +  [item.subject]}}"
+  #   vars:
+  #     host_interfaces: []
+  #   when: item.subject is defined
+  #   loop: "{{ cert.results }}"
+
+
+  # - debug:
+  #     msg: "{{ host_interfaces }}"
+
+
+  # - name: NTFY when docker compose changed
+  #   uri:
+  #     url: "https://alert.jingoh.fr/scaleway"
+  #     method: POST
+  #     user: "{{ username }}"
+  #     password: "{{ password }}"
+  #     headers:
+  #       Title: "SCAN HTTPS"
+  #       ta: "file_folder"
+  #     body: "{{ target_network }}"
+  #     status_code: 200
+  #   tags: test1
+  #   delegate_to: localhost
      # when: fetch_files_backup.changed is true

      # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl