sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[hey]

Browse Source
This commit is contained in:
sgratias
2024-06-24 13:38:00 +02:00
parent 53f87cef4a
commit 5471abe521
5 changed files with 108 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,3 +2,4 @@ backup/
scaleway/ scaleway/
.vagrant/ .vagrant/
ressources ressources
SecLists/

4
backup.yml
View File

@@ -78,6 +78,10 @@
- /opt/dockerapps/appdata/bind/config/named.conf - /opt/dockerapps/appdata/bind/config/named.conf
- /opt/dockerapps/appdata/bind/records/example.com.zone - /opt/dockerapps/appdata/bind/records/example.com.zone
- /opt/dockerapps/appdata/bind/records/jingoh.private.zone - /opt/dockerapps/appdata/bind/records/jingoh.private.zone
# crowdsec
- /opt/dockerapps/appdata/crowdsec/crowdsec/parsers/s01-parse/tcpudp-flood-traefik.yaml
- /opt/dockerapps/appdata/crowdsec/crowdsec/acquis.yaml
- /opt/dockerapps/appdata/crowdsec/dashboard/docker/Dockerfile
# - name: Get a cert from an https port # - name: Get a cert from an https port
# community.crypto.get_certificate: # community.crypto.get_certificate:

12
hardening.yml
View File

@@ -154,6 +154,18 @@
# msg: "{{ host_private_address }}" # msg: "{{ host_private_address }}"
# apiVersion: v1
# kind: PersistentVolumeClaim
# metadata:
# name: coroot-prometheus-server
# spec:
# storageClassName: manual
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 15Gi
# - ansible.builtin.import_role: # - ansible.builtin.import_role:
# name: prometheus.prometheus.node_exporter # name: prometheus.prometheus.node_exporter

13
kubespray_vars.yml
View File

@@ -1,13 +0,0 @@
---
#! Kube options
helm_enabled: true
metrics_server_enabled: false
ingress_nginx_enabled: false
cert_manager_enabled: false
argocd_enabled: true
node_feature_discovery_enabled: true
enable_nodelocaldns: false
enable_nodelocaldns_secondary: false
# ["-e", "{'helm_enabled': true }", "-e" , "{'argocd_enabled': true }", "--become", "--become-user=root"]

138
scan.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: Scan - name: Scan
hosts: controller hosts: tower
become: true become: true
gather_facts: false gather_facts: false
vars: vars:
# 163.172.0.0/24 # 163.172.0.0/24
target_network: 163.172.84.0/24 target_network: 163.172.83.0/24
ansible_user: stephane ansible_user: stephane
ansible_password: stephane ansible_password: stephane
ansible_become_password: stephane ansible_become_password: stephane
@@ -25,25 +25,39 @@
pre_tasks: pre_tasks:
- ansible.builtin.git:
repo: https://github.com/danielmiessler/SecLists.git
dest: "{{ playbook_dir }}/SecLists"
single_branch: yes
force: true
delegate_to: localhost
# apt install masscan # apt install masscan
- ansible.builtin.command: - ansible.builtin.command:
cmd: "masscan {{ target_network }} -p443 --rate=100000" cmd: "masscan {{ target_network }} -p443 --rate=100000"
become: true become: true
register: scan443 register: scan_output
# delegate_to: localhost delegate_to: localhost
# # - name: Simple A record (IPV4 address) lookup for example.com
# # ansible.builtin.debug:
# # msg: "{{ lookup('community.general.dig', 'example.com.')}}"
# - debug:
# msg: "{{ item.split('on')[-1].strip() }}"
# loop: "{{ scan_output.stdout_lines }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# - name: Simple A record (IPV4 address) lookup for example.com # - debug:
# ansible.builtin.debug: # msg: "{{ item }}"
# msg: "{{ lookup('community.general.dig', 'example.com.')}}" # loop: "{{ scan_output.stdout_lines }}"
# # - "{{ cert.not_after }}"
- debug: # # - "{{ ansible_date_time.iso8601_basic }}"
msg: "{{ item.split('on')[-1].strip() }}" # tags: test
loop: "{{ scan443.stdout_lines }}"
# - "{{ cert.not_after }}"
# - "{{ ansible_date_time.iso8601_basic }}"
tags: test
- name: Get a cert from an https por - name: Get a cert from an https por
community.crypto.get_certificate: community.crypto.get_certificate:
@@ -51,12 +65,23 @@
port: 443 port: 443
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
loop: "{{ scan443.stdout_lines }}" loop: "{{ scan_output.stdout_lines }}"
ignore_errors: true ignore_errors: true
register: cert register: cert
tags: test tags: test
# apt install masscan
- ansible.builtin.command:
cmd: "ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u https://{{ item.split('on')[-1].strip() }}/FUZZ -s"
become: true
loop: "{{ scan_output.stdout_lines }}"
ignore_errors: true
register: fuff
delegate_to: localhost
#ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ
# - debug: # - debug:
# msg: "{{ item }}" # msg: "{{ item }}"
# loop: "{{ cert.results }}" # loop: "{{ cert.results }}"
@@ -65,44 +90,61 @@
# # - "{{ ansible_date_time.iso8601_basic }}" # # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test # tags: test
# - debug: - debug:
# msg: "{{ item.subject }}" msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}"
# loop: "{{ cert.results }}"
# when: item.subject is defined
# # loop: "{{ scan443.stdout_lines }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# ignore_errors: true
- name: Set host_interfaces list
ansible.builtin.set_fact:
host_interfaces: "{{ host_interfaces + [item.subject]}}"
vars:
host_interfaces: []
when: item.subject is defined
loop: "{{ cert.results }}" loop: "{{ cert.results }}"
when: item.subject is defined
# loop: "{{ scan443.stdout_lines }}"
# - "{{ cert.not_after }}"
# - "{{ ansible_date_time.iso8601_basic }}"
tags: test
ignore_errors: true
- debug: - debug:
msg: "{{ host_interfaces }}" msg: " host: {{ item.cmd }} ||||||| chemin : {{ item.stdout_lines }}"
loop: "{{ fuff.results }}"
# when: item.subject is defined
# loop: "{{ scan443.stdout_lines }}"
# - "{{ cert.not_after }}"
# - "{{ ansible_date_time.iso8601_basic }}"
tags: test
ignore_errors: true
- name: NTFY when docker compose changed # https://github.com/danielmiessler/SecLists.git
uri:
url: "https://alert.jingoh.fr/scaleway" # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ
method: POST
user: "{{ username }}"
password: "{{ password }}"
headers: # - name: Set host_interfaces list
Title: "SCAN HTTPS" # ansible.builtin.set_fact:
ta: "file_folder" # host_interfaces: "{{ host_interfaces + [item.subject]}}"
body: "{{ target_network }}" # vars:
status_code: 200 # host_interfaces: []
tags: test1 # when: item.subject is defined
delegate_to: localhost # loop: "{{ cert.results }}"
# - debug:
# msg: "{{ host_interfaces }}"
# - name: NTFY when docker compose changed
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# user: "{{ username }}"
# password: "{{ password }}"
# headers:
# Title: "SCAN HTTPS"
# ta: "file_folder"
# body: "{{ target_network }}"
# status_code: 200
# tags: test1
# delegate_to: localhost
# when: fetch_files_backup.changed is true # when: fetch_files_backup.changed is true
# https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl