From 5b508f682a6954353eaa541d03edb9a50e83d442 Mon Sep 17 00:00:00 2001 From: staffadmin Date: Sun, 30 Mar 2025 17:28:57 +0200 Subject: [PATCH] push scan to use gowisper --- hosts | 3 +- paused.conf | 14 ++ scan.yml | 359 ++++++++++++++++++-------------------------------- scan_old.yml | 160 ---------------------- scan_toto.yml | 271 +++++++++++++++++++++++++++++++++++++ 5 files changed, 417 insertions(+), 390 deletions(-) create mode 100644 paused.conf delete mode 100644 scan_old.yml create mode 100644 scan_toto.yml diff --git a/hosts b/hosts index 1e4c564..c6212f4 100644 --- a/hosts +++ b/hosts @@ -5,7 +5,8 @@ cosmos ansible_host=163.172.39.162 ansible_user=stephane [tower] scaleway ansible_host=163.172.84.28 ansible_user=stephane - +[local] +scaleway ansible_host=127.0.0.1 ansible_user=stephanegratias ; [cluster] ; scale01 ansible_host=163.172.209.36 ansible_user=stephane ; ovh01 ansible_host=5.135.181.11 ansible_user=stephane diff --git a/paused.conf b/paused.conf new file mode 100644 index 0000000..093a962 --- /dev/null +++ b/paused.conf @@ -0,0 +1,14 @@ + +# resume information +resume-index = 69 +seed = 491264110608124713 +rate = 100 +shard = 1/1 +nocapture = servername + + +adapter-ip = 192.168.0.11 +# TARGET SELECTION (IP, PORTS, EXCLUDES) +ports = 443 +range = 163.172.85.0/24 + diff --git a/scan.yml b/scan.yml index c16c2ea..ba8d82f 100644 --- a/scan.yml +++ b/scan.yml @@ -1,21 +1,31 @@ --- -- name: SCAN in DOCKER [subfinder + dnsx + httpx + nuclei] - hosts: ovh01 +- name: Scan + hosts: + - scale01 + #- localhost become: true - gather_facts: true + gather_facts: false vars: - fqdn: arion.space - ansible_user: stephane + user: staffadmin token: !vault | $ANSIBLE_VAULT;1.2;AES256;prod - 36663034636138333863626233623737363834333134333235656132333933356237396132383266 - 3266326438656130623337653464633062343433623333620a386561353637613263323837313230 - 66666633373066363862343766646431396632653332333830323136343230336464333635343136 - 3732643432306338640a666334373636653164646135633966333339323935363433663130313235 - 36613831356265373964623464356263333666366539663131396535613633346138613665383864 - 6331393663346638663832313035653765303938376230363936 - cloud_upload: true + 35343365393734313034383961616333633265623037303436653739613935366666373237366562 + 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 + 30313631343534643866383336623837363433303032376264373139306464313866313034663636 + 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 + 37653135666331633532653436656461396131623736353962643632316135633562346631313036 + 6137356332636431643830666461333862613835336631333037 + #TODO target in list + # 163.172.0.0/24 + # 163.172.80.0/28 + target_network: 163.172.87.0/28 + # 163.172.0.0/20 + # 163.172.16.0/20 + # 163.172.31.0/20 + # 163.172.48.0/20 + # 163.172.63.254/20 + ansible_user: stephane ansible_password: stephane ansible_become_password: stephane username: jingohalert @@ -26,246 +36,137 @@ 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 - PDCP_API_KEY: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 33346636623263376335323265323163643534613835643363386630316666663336333435323438 - 3135313264626663663436346239306264666563303463380a643366633161326634316662313465 - 31646466666531656565356565383932356162323030346330356563323266396361376339313437 - 6637633235633635330a353539333366346331303134373433346462343736316437306136633361 - 37346537373861313361656338616438646533666639623533323433353365363836656532323938 - 3139363338653666656339303763333837313731383739363164 +# apt-get install sshpass + +# # +# # @author Stéphane Gratias (2021). +# + + + # roles: + # - { role: geerlingguy.pip, tags: pip } tasks: - - community.docker.docker_image_pull: - name: "{{ item }}" - loop: - - projectdiscovery/subfinder - - projectdiscovery/httpx - - projectdiscovery/dnsx - - projectdiscovery/nuclei + + + # - ansible.builtin.apt: + # name: masscan + # update_cache: true - ansible.builtin.git: repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "$HOME/scan" + dest: "{{ playbook_dir }}/scan" single_branch: yes force: true - become_user: root + delegate_to: localhost - - name: Remove all before - ansible.builtin.file: - path: $HOME/scan/{{ fqdn }} - state: absent + # apt install masscan + - ansible.builtin.command: + cmd: "masscan {{ target_network }} -p443" + become: true + register: scan_output + # pause - - name: Create a directory if it does not exist - ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state |default('touch') }}" - loop: - - path: $HOME/scan/{{ fqdn }} - state: directory - - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json - - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json - - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt - # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx__full.txt - - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json - - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt - # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt - - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt - become_user: root - - name: subfinder - community.docker.docker_container: - image: projectdiscovery/subfinder - name: subfinder - command: "-d {{ fqdn }} -silent -o /{{ fqdn }}__subfinder.txt" - recreate: true - auto_remove: true - volumes: - - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw - become_user: root +# - debug: +# msg: "{{ item }}" +# loop: "{{ scan_output.stdout_lines }}" +# # - "{{ cert.not_after }}" +# # - "{{ ansible_date_time.iso8601_basic }}" +# tags: test +# delegate_to: localhost - - name: dnsx - community.docker.docker_container: - image: projectdiscovery/dnsx - name: "{{ item.name }}" - command: "{{ item.command }}" - recreate: true - auto_remove: true - volumes: "{{ item.volumes }}" - become_user: root - loop: - - command: -silent -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx.txt - name: dnsx - volumes: - - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw - - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - # - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx__full.txt - # volumes: - # - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw - # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt:/{{ fqdn }}__dnsx__full.txt:rw - - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -j -o /{{ fqdn }}__dnsx.json - name: dnsx-json - volumes: - - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw - - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json:/{{ fqdn }}__dnsx.json:rw + - name: Get a cert from an https port + community.crypto.get_certificate: + host: "{{ item.split('on')[-1].strip() }}" + port: 443 + # vars: + # asn1_base64: true + delegate_to: localhost + run_once: true + loop: "{{ scan_output.stdout_lines }}" + ignore_errors: true + register: cert + tags: test + + - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short" + register: reverse_dns + loop: "{{ scan_output.stdout_lines }}" +# dig -x 163.172.27.76 +short + + +# # item.subject.CN + # - debug: + # # msg: "{{ item.subject.CN }}" + # msg: "{{ item.stdout_lines }}" + # loop: "{{ reserse_dns.results }}" +# # - "{{ cert.not_after }}" +# # - "{{ ansible_date_time.iso8601_basic }}" +# tags: test +# delegate_to: localhost + + - ansible.builtin.set_fact: + reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}" + loop: "{{ reverse_dns.results }}" + + - ansible.builtin.file: + path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" + state: directory + loop: "{{ cert.results }}" + + - ansible.builtin.lineinfile: + path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}" + line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('no CN') }} ---- {{ item.issuer| default('no issuer') }} ------ {{ reverse_dns_list[my_idx]|default('no reverse') }}" + create: yes + loop: "{{ cert.results }}" loop_control: - #* seconds - pause: 30 + index_var: my_idx + delegate_to: localhost - # - name: httpx - # community.docker.docker_container: - # image: projectdiscovery/httpx - # name: httpx - # command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt - # recreate: true - # auto_remove: true - # volumes: - # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - # - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw - # become_user: root + # - name: Copy file with owner and permissions + # ansible.builtin.copy: + # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" + # content: | + # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" + # loop: "{{ cert.results }}" + # delegate_to: localhost - # - name: httpx - # community.docker.docker_container: - # image: projectdiscovery/httpx - # name: httpx - # command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j - # recreate: true - # auto_remove: true - # volumes: - # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - # - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw - # become_user: root - - # - name: httpx - # community.docker.docker_container: - # image: projectdiscovery/httpx - # name: httpx - # command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard" - # recreate: true - # auto_remove: true - # volumes: - # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - # become_user: root - - - name: httpx - community.docker.docker_container: - image: projectdiscovery/httpx - name: "{{ item.name }}" - command: "{{ item.command }}" - recreate: true - auto_remove: true - volumes: "{{ item.volumes }}" - become_user: root - loop: - - command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt - name: httpx - volumes: - - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw - - command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j - name: httpx_json - volumes: - - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw - # - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard" - # name: httpx_dashboard - # volumes: - # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - # - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard" - # name: httpx_dashboard_2 - # volumes: - # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw - loop_control: - #* seconds - pause: 60 - - - ansible.builtin.pause: - seconds: 60 +# # # item.subject.CN +# # - debug: +# # msg: "{{ item.item.split('on')[-1].strip() }}" +# # loop: "{{ cert.results }}" +# # # - "{{ cert.not_after }}" +# # # - "{{ ansible_date_time.iso8601_basic }}" +# # tags: test +# # delegate_to: localhost - ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" git add . - git commit -m "Push scan {{ fqdn }} with access token" + git commit -m "Push scan with access token" git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git args: - chdir: "$HOME/scan" + chdir: "{{ playbook_dir }}/scan/" run_once: true - become_user: root - register: push_git + delegate_to: localhost + # - debug: - # msg: "{{ push_git.changed }}" - - # - debug: - # msg: "{{ push_git.changed }}" - # when: push_git.changed is true + # msg: "{{ host_interfaces }}" - - ansible.builtin.git: - repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "$HOME/scan" - single_branch: yes - force: true - delegate_to: scaleway - become_user: stephane - - - copy: - src: "{{ item }}" - dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }} - remote_src: true - loop: - - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json - - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json - delegate_to: scaleway - - - name: Run a simple command (argv) - community.docker.docker_container_exec: - container: ivreclient - argv: - - ivre - - scan2db - - "-c" - - "{{ fqdn }}" - - "-s" - - "{{ ansible_play_hosts }}" - - "-r" - - /ivre-share/{{ fqdn }}__dnsx.json - delegate_to: scaleway - - - name: Run a simple command (argv) - community.docker.docker_container_exec: - container: ivreclient - argv: - - ivre - - scan2db - - "-c" - - "{{ fqdn }}" - - "-s" - - "{{ ansible_play_hosts }}" - - "-r" - - "/ivre-share/{{ fqdn }}__httpx.json" - delegate_to: scaleway - - - name: Run a simple command (argv) - community.docker.docker_container_exec: - container: ivreclient - argv: - - ivre - - db2view - - all - delegate_to: scaleway - - - name: NTFY when docker compose changed - uri: - url: "https://alert.jingoh.fr/scaleway" - method: POST - user: "{{ username }}" - password: "{{ password }}" - headers: - Title: "SCAN {{ fqdn }}" - ta: "globe_with_meridians" - body: "scan finished !" - status_code: 200 - tags: test1 - delegate_to: localhost + # - name: NTFY when docker compose changed + # uri: + # url: "https://alert.jingoh.fr/scaleway" + # method: POST + # user: "{{ username }}" + # password: "{{ password }}" + # headers: + # Title: "SCAN HTTPS " + # ta: "file_folder" + # body: "{{ target_network }}" + # status_code: 200 + # tags: test1 + # delegate_to: localhost + # when: fetch_files_backup.changed is true diff --git a/scan_old.yml b/scan_old.yml deleted file mode 100644 index 93726b9..0000000 --- a/scan_old.yml +++ /dev/null @@ -1,160 +0,0 @@ ---- -- name: Scan - hosts: scale01 - become: true - gather_facts: false - vars: - - user: staffadmin - token: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 35343365393734313034383961616333633265623037303436653739613935366666373237366562 - 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 - 30313631343534643866383336623837363433303032376264373139306464313866313034663636 - 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 - 37653135666331633532653436656461396131623736353962643632316135633562346631313036 - 6137356332636431643830666461333862613835336631333037 - #TODO target in list - # 163.172.0.0/24 - # 163.172.80.0/28 - target_network: 163.172.16.0/20 - # 163.172.0.0/20 - # 163.172.16.0/20 - # 163.172.31.0/20 - # 163.172.48.0/20 - # 163.172.63.254/20 - ansible_user: stephane - ansible_password: stephane - ansible_become_password: stephane - username: jingohalert - password: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 66346630333538386564396632636161316239326530653037666465616165393135666532643264 - 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 - 65366439343135636634393832636436353764303066653530346232323164376265313039373630 - 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 - 3130 -# apt-get install sshpass - -# # -# # @author Stéphane Gratias (2021). -# - - - # roles: - # - { role: geerlingguy.pip, tags: pip } - tasks: - - - - ansible.builtin.apt: - name: masscan - update_cache: true - - - ansible.builtin.git: - repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "{{ playbook_dir }}/scan" - single_branch: yes - force: true - delegate_to: localhost - - # apt install masscan - - ansible.builtin.command: - cmd: "masscan {{ target_network }} -p443" - become: true - register: scan_output - # pause - - -# - debug: -# msg: "{{ item }}" -# loop: "{{ scan_output.stdout_lines }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost - - - name: Get a cert from an https port - community.crypto.get_certificate: - host: "{{ item.split('on')[-1].strip() }}" - port: 443 - delegate_to: localhost - run_once: true - loop: "{{ scan_output.stdout_lines }}" - ignore_errors: true - register: cert - tags: test - - -# item.subject.CN - - debug: - # msg: "{{ item.subject.CN }}" - msg: "{{ item.invocation.module_args.host}}" - loop: "{{ cert.results }}" - # - "{{ cert.not_after }}" - # - "{{ ansible_date_time.iso8601_basic }}" - tags: test - delegate_to: localhost - - - - name: Change file ownership, group and permissions - ansible.builtin.file: - path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" - state: directory - loop: "{{ cert.results }}" - - - name: Add a line to a file if the file does not exist, without passing regexp - ansible.builtin.lineinfile: - path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}" - line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}" - create: yes - loop: "{{ cert.results }}" - delegate_to: localhost - - - # - name: Copy file with owner and permissions - # ansible.builtin.copy: - # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" - # content: | - # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" - # loop: "{{ cert.results }}" - # delegate_to: localhost - -# # item.subject.CN -# - debug: -# msg: "{{ item.item.split('on')[-1].strip() }}" -# loop: "{{ cert.results }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost - - - ansible.builtin.shell: | - git config user.email "stephane.gratiasquiquandon@gmail.com" - git config user.name "staffadmin" - git add . - git commit -m "Push scan with access token" - git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - args: - chdir: "{{ playbook_dir }}/scan/" - run_once: true - delegate_to: localhost - - - # - debug: - # msg: "{{ host_interfaces }}" - - - # - name: NTFY when docker compose changed - # uri: - # url: "https://alert.jingoh.fr/scaleway" - # method: POST - # user: "{{ username }}" - # password: "{{ password }}" - # headers: - # Title: "SCAN HTTPS " - # ta: "file_folder" - # body: "{{ target_network }}" - # status_code: 200 - # tags: test1 - # delegate_to: localhost - # when: fetch_files_backup.changed is true diff --git a/scan_toto.yml b/scan_toto.yml new file mode 100644 index 0000000..c16c2ea --- /dev/null +++ b/scan_toto.yml @@ -0,0 +1,271 @@ +--- +- name: SCAN in DOCKER [subfinder + dnsx + httpx + nuclei] + hosts: ovh01 + become: true + gather_facts: true + vars: + fqdn: arion.space + ansible_user: stephane + user: staffadmin + token: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 36663034636138333863626233623737363834333134333235656132333933356237396132383266 + 3266326438656130623337653464633062343433623333620a386561353637613263323837313230 + 66666633373066363862343766646431396632653332333830323136343230336464333635343136 + 3732643432306338640a666334373636653164646135633966333339323935363433663130313235 + 36613831356265373964623464356263333666366539663131396535613633346138613665383864 + 6331393663346638663832313035653765303938376230363936 + cloud_upload: true + ansible_password: stephane + ansible_become_password: stephane + username: jingohalert + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 66346630333538386564396632636161316239326530653037666465616165393135666532643264 + 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 + 65366439343135636634393832636436353764303066653530346232323164376265313039373630 + 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 + 3130 + PDCP_API_KEY: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 33346636623263376335323265323163643534613835643363386630316666663336333435323438 + 3135313264626663663436346239306264666563303463380a643366633161326634316662313465 + 31646466666531656565356565383932356162323030346330356563323266396361376339313437 + 6637633235633635330a353539333366346331303134373433346462343736316437306136633361 + 37346537373861313361656338616438646533666639623533323433353365363836656532323938 + 3139363338653666656339303763333837313731383739363164 + tasks: + - community.docker.docker_image_pull: + name: "{{ item }}" + loop: + - projectdiscovery/subfinder + - projectdiscovery/httpx + - projectdiscovery/dnsx + - projectdiscovery/nuclei + + - ansible.builtin.git: + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "$HOME/scan" + single_branch: yes + force: true + become_user: root + + - name: Remove all before + ansible.builtin.file: + path: $HOME/scan/{{ fqdn }} + state: absent + + - name: Create a directory if it does not exist + ansible.builtin.file: + path: "{{ item.path }}" + state: "{{ item.state |default('touch') }}" + loop: + - path: $HOME/scan/{{ fqdn }} + state: directory + - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json + - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json + - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt + # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx__full.txt + - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json + - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt + # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt + - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt + become_user: root + + - name: subfinder + community.docker.docker_container: + image: projectdiscovery/subfinder + name: subfinder + command: "-d {{ fqdn }} -silent -o /{{ fqdn }}__subfinder.txt" + recreate: true + auto_remove: true + volumes: + - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw + become_user: root + + - name: dnsx + community.docker.docker_container: + image: projectdiscovery/dnsx + name: "{{ item.name }}" + command: "{{ item.command }}" + recreate: true + auto_remove: true + volumes: "{{ item.volumes }}" + become_user: root + loop: + - command: -silent -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx.txt + name: dnsx + volumes: + - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw + - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + # - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx__full.txt + # volumes: + # - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw + # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt:/{{ fqdn }}__dnsx__full.txt:rw + - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -j -o /{{ fqdn }}__dnsx.json + name: dnsx-json + volumes: + - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw + - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json:/{{ fqdn }}__dnsx.json:rw + loop_control: + #* seconds + pause: 30 + + + # - name: httpx + # community.docker.docker_container: + # image: projectdiscovery/httpx + # name: httpx + # command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt + # recreate: true + # auto_remove: true + # volumes: + # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + # - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw + # become_user: root + + # - name: httpx + # community.docker.docker_container: + # image: projectdiscovery/httpx + # name: httpx + # command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j + # recreate: true + # auto_remove: true + # volumes: + # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + # - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw + # become_user: root + + # - name: httpx + # community.docker.docker_container: + # image: projectdiscovery/httpx + # name: httpx + # command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard" + # recreate: true + # auto_remove: true + # volumes: + # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + # become_user: root + + - name: httpx + community.docker.docker_container: + image: projectdiscovery/httpx + name: "{{ item.name }}" + command: "{{ item.command }}" + recreate: true + auto_remove: true + volumes: "{{ item.volumes }}" + become_user: root + loop: + - command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt + name: httpx + volumes: + - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw + - command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j + name: httpx_json + volumes: + - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw + # - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard" + # name: httpx_dashboard + # volumes: + # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + # - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard" + # name: httpx_dashboard_2 + # volumes: + # - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw + loop_control: + #* seconds + pause: 60 + + - ansible.builtin.pause: + seconds: 60 + + - ansible.builtin.shell: | + git config user.email "stephane.gratiasquiquandon@gmail.com" + git config user.name "staffadmin" + git add . + git commit -m "Push scan {{ fqdn }} with access token" + git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + args: + chdir: "$HOME/scan" + run_once: true + become_user: root + register: push_git + + # - debug: + # msg: "{{ push_git.changed }}" + + # - debug: + # msg: "{{ push_git.changed }}" + # when: push_git.changed is true + + + - ansible.builtin.git: + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "$HOME/scan" + single_branch: yes + force: true + delegate_to: scaleway + become_user: stephane + + - copy: + src: "{{ item }}" + dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }} + remote_src: true + loop: + - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json + - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json + delegate_to: scaleway + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - scan2db + - "-c" + - "{{ fqdn }}" + - "-s" + - "{{ ansible_play_hosts }}" + - "-r" + - /ivre-share/{{ fqdn }}__dnsx.json + delegate_to: scaleway + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - scan2db + - "-c" + - "{{ fqdn }}" + - "-s" + - "{{ ansible_play_hosts }}" + - "-r" + - "/ivre-share/{{ fqdn }}__httpx.json" + delegate_to: scaleway + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - db2view + - all + delegate_to: scaleway + + - name: NTFY when docker compose changed + uri: + url: "https://alert.jingoh.fr/scaleway" + method: POST + user: "{{ username }}" + password: "{{ password }}" + headers: + Title: "SCAN {{ fqdn }}" + ta: "globe_with_meridians" + body: "scan finished !" + status_code: 200 + tags: test1 + delegate_to: localhost