From 5471abe521f0bf8b8ca366cb19b26cdfc854c713 Mon Sep 17 00:00:00 2001
From: staffadmin <stephane.gratiasquiquandon@gmail.com>
Date: Mon, 24 Jun 2024 13:38:00 +0200
Subject: [PATCH] [hey]

---
 .gitignore         |   3 +-
 backup.yml         |   4 ++
 hardening.yml      |  12 ++++
 kubespray_vars.yml |  13 -----
 scan.yml           | 138 +++++++++++++++++++++++++++++----------------
 5 files changed, 108 insertions(+), 62 deletions(-)
 delete mode 100644 kubespray_vars.yml

diff --git a/.gitignore b/.gitignore
index a46e746..a251ac0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 backup/
 scaleway/
 .vagrant/
-ressources
\ No newline at end of file
+ressources
+SecLists/
\ No newline at end of file
diff --git a/backup.yml b/backup.yml
index c43209e..fe389d8 100644
--- a/backup.yml
+++ b/backup.yml
@@ -78,6 +78,10 @@
         - /opt/dockerapps/appdata/bind/config/named.conf
         - /opt/dockerapps/appdata/bind/records/example.com.zone
         - /opt/dockerapps/appdata/bind/records/jingoh.private.zone
+      # crowdsec
+        - /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml
+        - /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml
+        - /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile
 
     # - name: Get a cert from an https port
     #   community.crypto.get_certificate:
diff --git a/hardening.yml b/hardening.yml
index 01d1378..ea7720f 100644
--- a/hardening.yml
+++ b/hardening.yml
@@ -154,6 +154,18 @@
     #     msg: "{{ host_private_address }}"
 
 
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: coroot-prometheus-server
+# spec:
+#   storageClassName: manual
+#   accessModes:
+#     - ReadWriteOnce
+#   resources:
+#     requests:
+#       storage: 15Gi
+
     # - ansible.builtin.import_role: 
     #     name: prometheus.prometheus.node_exporter
 
diff --git a/kubespray_vars.yml b/kubespray_vars.yml
deleted file mode 100644
index f3b0e02..0000000
--- a/kubespray_vars.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-#! Kube options 
-helm_enabled: true
-metrics_server_enabled: false
-ingress_nginx_enabled: false
-cert_manager_enabled: false
-argocd_enabled: true
-node_feature_discovery_enabled: true
-enable_nodelocaldns: false
-enable_nodelocaldns_secondary: false
-
-
-#  ["-e", "{'helm_enabled': true }", "-e" , "{'argocd_enabled': true }", "--become", "--become-user=root"]
\ No newline at end of file
diff --git a/scan.yml b/scan.yml
index 3737e52..1335fa1 100644
--- a/scan.yml
+++ b/scan.yml
@@ -1,11 +1,11 @@
 ---
 - name: Scan
-  hosts: controller
+  hosts: tower
   become: true
   gather_facts: false
   vars: 
   # 163.172.0.0/24
-    target_network: 163.172.84.0/24
+    target_network: 163.172.83.0/24
     ansible_user: stephane 
     ansible_password: stephane 
     ansible_become_password: stephane
@@ -25,25 +25,39 @@
 
   pre_tasks:
 
+
+  - ansible.builtin.git:
+      repo: https://github.com/danielmiessler/SecLists.git
+      dest: "{{ playbook_dir }}/SecLists"
+      single_branch: yes
+      force: true
+    delegate_to: localhost
+
   # apt install masscan
   - ansible.builtin.command:
       cmd: "masscan {{ target_network }} -p443 --rate=100000"
     become: true
-    register: scan443
-    # delegate_to: localhost
+    register: scan_output
+    delegate_to: localhost
+
+  # # - name: Simple A record (IPV4 address) lookup for example.com
+  # #   ansible.builtin.debug:
+  # #     msg: "{{ lookup('community.general.dig', 'example.com.')}}"
+
+  # - debug:
+  #     msg: "{{ item.split('on')[-1].strip() }}"
+  #   loop: "{{ scan_output.stdout_lines }}"
+  #   #   - "{{ cert.not_after }}"
+  #   #   - "{{ ansible_date_time.iso8601_basic }}"
+  #   tags: test
 
 
-  # - name: Simple A record (IPV4 address) lookup for example.com
-  #   ansible.builtin.debug:
-  #     msg: "{{ lookup('community.general.dig', 'example.com.')}}"
-
-  - debug:
-      msg: "{{ item.split('on')[-1].strip() }}"
-    loop: "{{ scan443.stdout_lines }}"
-    #   - "{{ cert.not_after }}"
-    #   - "{{ ansible_date_time.iso8601_basic }}"
-    tags: test
-
+  # - debug:
+  #     msg: "{{ item }}"
+  #   loop: "{{ scan_output.stdout_lines }}"
+  #   #   - "{{ cert.not_after }}"
+  #   #   - "{{ ansible_date_time.iso8601_basic }}"
+  #   tags: test
 
   - name: Get a cert from an https por
     community.crypto.get_certificate:
@@ -51,12 +65,23 @@
       port: 443
     delegate_to: localhost
     run_once: true
-    loop: "{{ scan443.stdout_lines }}"
+    loop: "{{ scan_output.stdout_lines }}"
     ignore_errors: true
     register: cert
     tags: test
 
 
+  # apt install masscan
+  - ansible.builtin.command:
+      cmd: "ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u https://{{ item.split('on')[-1].strip() }}/FUZZ -s"
+    become: true
+    loop: "{{ scan_output.stdout_lines }}"
+    ignore_errors: true
+    register: fuff
+    delegate_to: localhost
+
+#ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ
+
   # - debug:
   #     msg: "{{ item }}"
   #   loop: "{{ cert.results }}"
@@ -65,44 +90,61 @@
   #   #   - "{{ ansible_date_time.iso8601_basic }}"
   #   tags: test
 
-  # - debug:
-  #     msg: "{{ item.subject }}"
-  #   loop: "{{ cert.results }}"
-  #   when: item.subject is defined
-  #   # loop: "{{ scan443.stdout_lines }}"
-  #   #   - "{{ cert.not_after }}"
-  #   #   - "{{ ansible_date_time.iso8601_basic }}"
-  #   tags: test
-  #   ignore_errors: true
-
-
-
-  - name: Set host_interfaces list
-    ansible.builtin.set_fact: 
-      host_interfaces: "{{ host_interfaces +  [item.subject]}}"
-    vars:
-      host_interfaces: []
-    when: item.subject is defined
+  - debug:
+      msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}"
     loop: "{{ cert.results }}"
+    when: item.subject is defined
+    # loop: "{{ scan443.stdout_lines }}"
+    #   - "{{ cert.not_after }}"
+    #   - "{{ ansible_date_time.iso8601_basic }}"
+    tags: test
+    ignore_errors: true
+
 
 
   - debug:
-      msg: "{{ host_interfaces }}"
+      msg: " host: {{ item.cmd }} ||||||| chemin : {{ item.stdout_lines }}"
+    loop: "{{ fuff.results }}"
+    # when: item.subject is defined
+    # loop: "{{ scan443.stdout_lines }}"
+    #   - "{{ cert.not_after }}"
+    #   - "{{ ansible_date_time.iso8601_basic }}"
+    tags: test
+    ignore_errors: true
 
 
-  - name: NTFY when docker compose changed
-    uri:
-      url: "https://alert.jingoh.fr/scaleway"
-      method: POST
-      user: "{{ username }}"
-      password: "{{ password }}"
-      headers:
-        Title: "SCAN HTTPS"
-        ta: "file_folder"
-      body: "{{ target_network }}"
-      status_code: 200
-    tags: test1
-    delegate_to: localhost
+# https://github.com/danielmiessler/SecLists.git
+
+    # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ
+
+
+
+  # - name: Set host_interfaces list
+  #   ansible.builtin.set_fact: 
+  #     host_interfaces: "{{ host_interfaces +  [item.subject]}}"
+  #   vars:
+  #     host_interfaces: []
+  #   when: item.subject is defined
+  #   loop: "{{ cert.results }}"
+
+
+  # - debug:
+  #     msg: "{{ host_interfaces }}"
+
+
+  # - name: NTFY when docker compose changed
+  #   uri:
+  #     url: "https://alert.jingoh.fr/scaleway"
+  #     method: POST
+  #     user: "{{ username }}"
+  #     password: "{{ password }}"
+  #     headers:
+  #       Title: "SCAN HTTPS"
+  #       ta: "file_folder"
+  #     body: "{{ target_network }}"
+  #     status_code: 200
+  #   tags: test1
+  #   delegate_to: localhost
       # when: fetch_files_backup.changed is true
 
       # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl