sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push scan to use gowisper

Browse Source
This commit is contained in:
sgratias
2025-03-30 17:28:57 +02:00
parent db4176840e
commit 5b508f682a
5 changed files with 417 additions and 390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts
View File

@@ -5,7 +5,8 @@ cosmos ansible_host=163.172.39.162 ansible_user=stephane
[tower] [tower]
scaleway ansible_host=163.172.84.28 ansible_user=stephane scaleway ansible_host=163.172.84.28 ansible_user=stephane
[local]
scaleway ansible_host=127.0.0.1 ansible_user=stephanegratias
; [cluster] ; [cluster]
; scale01 ansible_host=163.172.209.36 ansible_user=stephane ; scale01 ansible_host=163.172.209.36 ansible_user=stephane
; ovh01 ansible_host=5.135.181.11 ansible_user=stephane ; ovh01 ansible_host=5.135.181.11 ansible_user=stephane

14
paused.conf Normal file
View File

@@ -0,0 +1,14 @@
# resume information
resume-index = 69
seed = 491264110608124713
rate = 100
shard = 1/1
nocapture = servername
adapter-ip = 192.168.0.11
# TARGET SELECTION (IP, PORTS, EXCLUDES)
ports = 443
range = 163.172.85.0/24

359
scan.yml
View File

@@ -1,21 +1,31 @@
--- ---
- name: SCAN in DOCKER [subfinder + dnsx + httpx + nuclei] - name: Scan
hosts: ovh01 hosts:
- scale01
#- localhost
become: true become: true
gather_facts: true gather_facts: false
vars: vars:
fqdn: arion.space
ansible_user: stephane
user: staffadmin user: staffadmin
token: !vault | token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod $ANSIBLE_VAULT;1.2;AES256;prod
36663034636138333863626233623737363834333134333235656132333933356237396132383266 35343365393734313034383961616333633265623037303436653739613935366666373237366562
3266326438656130623337653464633062343433623333620a386561353637613263323837313230 3663316563663439363333396530376139663731346637390a366335333732303134316364363130
66666633373066363862343766646431396632653332333830323136343230336464333635343136 30313631343534643866383336623837363433303032376264373139306464313866313034663636
3732643432306338640a666334373636653164646135633966333339323935363433663130313235 3961303030373531380a343061326437343066663665613833623533376437326630326432363566
36613831356265373964623464356263333666366539663131396535613633346138613665383864 37653135666331633532653436656461396131623736353962643632316135633562346631313036
6331393663346638663832313035653765303938376230363936 6137356332636431643830666461333862613835336631333037
cloud_upload: true #TODO target in list
# 163.172.0.0/24
# 163.172.80.0/28
target_network: 163.172.87.0/28
# 163.172.0.0/20
# 163.172.16.0/20
# 163.172.31.0/20
# 163.172.48.0/20
# 163.172.63.254/20
ansible_user: stephane
ansible_password: stephane ansible_password: stephane
ansible_become_password: stephane ansible_become_password: stephane
username: jingohalert username: jingohalert
@@ -26,246 +36,137 @@
65366439343135636634393832636436353764303066653530346232323164376265313039373630 65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130 3130
PDCP_API_KEY: !vault | # apt-get install sshpass
$ANSIBLE_VAULT;1.2;AES256;prod
33346636623263376335323265323163643534613835643363386630316666663336333435323438 # #
3135313264626663663436346239306264666563303463380a643366633161326634316662313465 # # @author Stéphane Gratias (2021).
31646466666531656565356565383932356162323030346330356563323266396361376339313437 #
6637633235633635330a353539333366346331303134373433346462343736316437306136633361
37346537373861313361656338616438646533666639623533323433353365363836656532323938
3139363338653666656339303763333837313731383739363164 # roles:
# - { role: geerlingguy.pip, tags: pip }
tasks: tasks:
- community.docker.docker_image_pull:
name: "{{ item }}"
loop: # - ansible.builtin.apt:
- projectdiscovery/subfinder # name: masscan
- projectdiscovery/httpx # update_cache: true
- projectdiscovery/dnsx
- projectdiscovery/nuclei
- ansible.builtin.git: - ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
dest: "$HOME/scan" dest: "{{ playbook_dir }}/scan"
single_branch: yes single_branch: yes
force: true force: true
become_user: root delegate_to: localhost
- name: Remove all before # apt install masscan
ansible.builtin.file: - ansible.builtin.command:
path: $HOME/scan/{{ fqdn }} cmd: "masscan {{ target_network }} -p443"
state: absent become: true
register: scan_output
# pause
- name: Create a directory if it does not exist
ansible.builtin.file:
path: "{{ item.path }}"
state: "{{ item.state |default('touch') }}"
loop:
- path: $HOME/scan/{{ fqdn }}
state: directory
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt
# - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx__full.txt
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt
# - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt
become_user: root
- name: subfinder # - debug:
community.docker.docker_container: # msg: "{{ item }}"
image: projectdiscovery/subfinder # loop: "{{ scan_output.stdout_lines }}"
name: subfinder # # - "{{ cert.not_after }}"
command: "-d {{ fqdn }} -silent -o /{{ fqdn }}__subfinder.txt" # # - "{{ ansible_date_time.iso8601_basic }}"
recreate: true # tags: test
auto_remove: true # delegate_to: localhost
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
become_user: root
- name: dnsx - name: Get a cert from an https port
community.docker.docker_container: community.crypto.get_certificate:
image: projectdiscovery/dnsx host: "{{ item.split('on')[-1].strip() }}"
name: "{{ item.name }}" port: 443
command: "{{ item.command }}" # vars:
recreate: true # asn1_base64: true
auto_remove: true delegate_to: localhost
volumes: "{{ item.volumes }}" run_once: true
become_user: root loop: "{{ scan_output.stdout_lines }}"
loop: ignore_errors: true
- command: -silent -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx.txt register: cert
name: dnsx tags: test
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short"
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw register: reverse_dns
# - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx__full.txt loop: "{{ scan_output.stdout_lines }}"
# volumes: # dig -x 163.172.27.76 +short
# - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt:/{{ fqdn }}__dnsx__full.txt:rw
- command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -j -o /{{ fqdn }}__dnsx.json # # item.subject.CN
name: dnsx-json # - debug:
volumes: # # msg: "{{ item.subject.CN }}"
- /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw # msg: "{{ item.stdout_lines }}"
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json:/{{ fqdn }}__dnsx.json:rw # loop: "{{ reserse_dns.results }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- ansible.builtin.set_fact:
reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}"
loop: "{{ reverse_dns.results }}"
- ansible.builtin.file:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
state: directory
loop: "{{ cert.results }}"
- ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}"
line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('no CN') }} ---- {{ item.issuer| default('no issuer') }} ------ {{ reverse_dns_list[my_idx]|default('no reverse') }}"
create: yes
loop: "{{ cert.results }}"
loop_control: loop_control:
#* seconds index_var: my_idx
pause: 30 delegate_to: localhost
# - name: httpx # - name: Copy file with owner and permissions
# community.docker.docker_container: # ansible.builtin.copy:
# image: projectdiscovery/httpx # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}"
# name: httpx # content: |
# command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}"
# recreate: true # loop: "{{ cert.results }}"
# auto_remove: true # delegate_to: localhost
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
# become_user: root
# - name: httpx # # # item.subject.CN
# community.docker.docker_container: # # - debug:
# image: projectdiscovery/httpx # # msg: "{{ item.item.split('on')[-1].strip() }}"
# name: httpx # # loop: "{{ cert.results }}"
# command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j # # # - "{{ cert.not_after }}"
# recreate: true # # # - "{{ ansible_date_time.iso8601_basic }}"
# auto_remove: true # # tags: test
# volumes: # # delegate_to: localhost
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
# become_user: root
# - name: httpx
# community.docker.docker_container:
# image: projectdiscovery/httpx
# name: httpx
# command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
# recreate: true
# auto_remove: true
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# become_user: root
- name: httpx
community.docker.docker_container:
image: projectdiscovery/httpx
name: "{{ item.name }}"
command: "{{ item.command }}"
recreate: true
auto_remove: true
volumes: "{{ item.volumes }}"
become_user: root
loop:
- command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
name: httpx
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
- /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
- command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
name: httpx_json
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
- /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
# - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
# name: httpx_dashboard
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
# name: httpx_dashboard_2
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
loop_control:
#* seconds
pause: 60
- ansible.builtin.pause:
seconds: 60
- ansible.builtin.shell: | - ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin" git config user.name "staffadmin"
git add . git add .
git commit -m "Push scan {{ fqdn }} with access token" git commit -m "Push scan with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
args: args:
chdir: "$HOME/scan" chdir: "{{ playbook_dir }}/scan/"
run_once: true run_once: true
become_user: root delegate_to: localhost
register: push_git
# - debug: # - debug:
# msg: "{{ push_git.changed }}" # msg: "{{ host_interfaces }}"
# - debug:
# msg: "{{ push_git.changed }}"
# when: push_git.changed is true
- ansible.builtin.git: # - name: NTFY when docker compose changed
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git # uri:
dest: "$HOME/scan" # url: "https://alert.jingoh.fr/scaleway"
single_branch: yes # method: POST
force: true # user: "{{ username }}"
delegate_to: scaleway # password: "{{ password }}"
become_user: stephane # headers:
# Title: "SCAN HTTPS "
- copy: # ta: "file_folder"
src: "{{ item }}" # body: "{{ target_network }}"
dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }} # status_code: 200
remote_src: true # tags: test1
loop: # delegate_to: localhost
- /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json # when: fetch_files_backup.changed is true
- /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
delegate_to: scaleway
- name: Run a simple command (argv)
community.docker.docker_container_exec:
container: ivreclient
argv:
- ivre
- scan2db
- "-c"
- "{{ fqdn }}"
- "-s"
- "{{ ansible_play_hosts }}"
- "-r"
- /ivre-share/{{ fqdn }}__dnsx.json
delegate_to: scaleway
- name: Run a simple command (argv)
community.docker.docker_container_exec:
container: ivreclient
argv:
- ivre
- scan2db
- "-c"
- "{{ fqdn }}"
- "-s"
- "{{ ansible_play_hosts }}"
- "-r"
- "/ivre-share/{{ fqdn }}__httpx.json"
delegate_to: scaleway
- name: Run a simple command (argv)
community.docker.docker_container_exec:
container: ivreclient
argv:
- ivre
- db2view
- all
delegate_to: scaleway
- name: NTFY when docker compose changed
uri:
url: "https://alert.jingoh.fr/scaleway"
method: POST
user: "{{ username }}"
password: "{{ password }}"
headers:
Title: "SCAN {{ fqdn }}"
ta: "globe_with_meridians"
body: "scan finished !"
status_code: 200
tags: test1
delegate_to: localhost

160
scan_old.yml
View File

@@ -1,160 +0,0 @@
---
- name: Scan
hosts: scale01
become: true
gather_facts: false
vars:
user: staffadmin
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
35343365393734313034383961616333633265623037303436653739613935366666373237366562
3663316563663439363333396530376139663731346637390a366335333732303134316364363130
30313631343534643866383336623837363433303032376264373139306464313866313034663636
3961303030373531380a343061326437343066663665613833623533376437326630326432363566
37653135666331633532653436656461396131623736353962643632316135633562346631313036
6137356332636431643830666461333862613835336631333037
#TODO target in list
# 163.172.0.0/24
# 163.172.80.0/28
target_network: 163.172.16.0/20
# 163.172.0.0/20
# 163.172.16.0/20
# 163.172.31.0/20
# 163.172.48.0/20
# 163.172.63.254/20
ansible_user: stephane
ansible_password: stephane
ansible_become_password: stephane
username: jingohalert
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
66346630333538386564396632636161316239326530653037666465616165393135666532643264
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130
# apt-get install sshpass
# #
# # @author Stéphane Gratias (2021).
#
# roles:
# - { role: geerlingguy.pip, tags: pip }
tasks:
- ansible.builtin.apt:
name: masscan
update_cache: true
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
dest: "{{ playbook_dir }}/scan"
single_branch: yes
force: true
delegate_to: localhost
# apt install masscan
- ansible.builtin.command:
cmd: "masscan {{ target_network }} -p443"
become: true
register: scan_output
# pause
# - debug:
# msg: "{{ item }}"
# loop: "{{ scan_output.stdout_lines }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- name: Get a cert from an https port
community.crypto.get_certificate:
host: "{{ item.split('on')[-1].strip() }}"
port: 443
delegate_to: localhost
run_once: true
loop: "{{ scan_output.stdout_lines }}"
ignore_errors: true
register: cert
tags: test
# item.subject.CN
- debug:
# msg: "{{ item.subject.CN }}"
msg: "{{ item.invocation.module_args.host}}"
loop: "{{ cert.results }}"
# - "{{ cert.not_after }}"
# - "{{ ansible_date_time.iso8601_basic }}"
tags: test
delegate_to: localhost
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
state: directory
loop: "{{ cert.results }}"
- name: Add a line to a file if the file does not exist, without passing regexp
ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}"
line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}"
create: yes
loop: "{{ cert.results }}"
delegate_to: localhost
# - name: Copy file with owner and permissions
# ansible.builtin.copy:
# dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}"
# content: |
# "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}"
# loop: "{{ cert.results }}"
# delegate_to: localhost
# # item.subject.CN
# - debug:
# msg: "{{ item.item.split('on')[-1].strip() }}"
# loop: "{{ cert.results }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin"
git add .
git commit -m "Push scan with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
args:
chdir: "{{ playbook_dir }}/scan/"
run_once: true
delegate_to: localhost
# - debug:
# msg: "{{ host_interfaces }}"
# - name: NTFY when docker compose changed
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# user: "{{ username }}"
# password: "{{ password }}"
# headers:
# Title: "SCAN HTTPS "
# ta: "file_folder"
# body: "{{ target_network }}"
# status_code: 200
# tags: test1
# delegate_to: localhost
# when: fetch_files_backup.changed is true

271
scan_toto.yml Normal file
View File

@@ -0,0 +1,271 @@
---
- name: SCAN in DOCKER [subfinder + dnsx + httpx + nuclei]
hosts: ovh01
become: true
gather_facts: true
vars:
fqdn: arion.space
ansible_user: stephane
user: staffadmin
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
36663034636138333863626233623737363834333134333235656132333933356237396132383266
3266326438656130623337653464633062343433623333620a386561353637613263323837313230
66666633373066363862343766646431396632653332333830323136343230336464333635343136
3732643432306338640a666334373636653164646135633966333339323935363433663130313235
36613831356265373964623464356263333666366539663131396535613633346138613665383864
6331393663346638663832313035653765303938376230363936
cloud_upload: true
ansible_password: stephane
ansible_become_password: stephane
username: jingohalert
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
66346630333538386564396632636161316239326530653037666465616165393135666532643264
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130
PDCP_API_KEY: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
33346636623263376335323265323163643534613835643363386630316666663336333435323438
3135313264626663663436346239306264666563303463380a643366633161326634316662313465
31646466666531656565356565383932356162323030346330356563323266396361376339313437
6637633235633635330a353539333366346331303134373433346462343736316437306136633361
37346537373861313361656338616438646533666639623533323433353365363836656532323938
3139363338653666656339303763333837313731383739363164
tasks:
- community.docker.docker_image_pull:
name: "{{ item }}"
loop:
- projectdiscovery/subfinder
- projectdiscovery/httpx
- projectdiscovery/dnsx
- projectdiscovery/nuclei
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
dest: "$HOME/scan"
single_branch: yes
force: true
become_user: root
- name: Remove all before
ansible.builtin.file:
path: $HOME/scan/{{ fqdn }}
state: absent
- name: Create a directory if it does not exist
ansible.builtin.file:
path: "{{ item.path }}"
state: "{{ item.state |default('touch') }}"
loop:
- path: $HOME/scan/{{ fqdn }}
state: directory
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt
# - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx__full.txt
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt
# - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt
- path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt
become_user: root
- name: subfinder
community.docker.docker_container:
image: projectdiscovery/subfinder
name: subfinder
command: "-d {{ fqdn }} -silent -o /{{ fqdn }}__subfinder.txt"
recreate: true
auto_remove: true
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
become_user: root
- name: dnsx
community.docker.docker_container:
image: projectdiscovery/dnsx
name: "{{ item.name }}"
command: "{{ item.command }}"
recreate: true
auto_remove: true
volumes: "{{ item.volumes }}"
become_user: root
loop:
- command: -silent -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx.txt
name: dnsx
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx__full.txt
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt:/{{ fqdn }}__dnsx__full.txt:rw
- command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -j -o /{{ fqdn }}__dnsx.json
name: dnsx-json
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json:/{{ fqdn }}__dnsx.json:rw
loop_control:
#* seconds
pause: 30
# - name: httpx
# community.docker.docker_container:
# image: projectdiscovery/httpx
# name: httpx
# command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
# recreate: true
# auto_remove: true
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
# become_user: root
# - name: httpx
# community.docker.docker_container:
# image: projectdiscovery/httpx
# name: httpx
# command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
# recreate: true
# auto_remove: true
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
# become_user: root
# - name: httpx
# community.docker.docker_container:
# image: projectdiscovery/httpx
# name: httpx
# command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
# recreate: true
# auto_remove: true
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# become_user: root
- name: httpx
community.docker.docker_container:
image: projectdiscovery/httpx
name: "{{ item.name }}"
command: "{{ item.command }}"
recreate: true
auto_remove: true
volumes: "{{ item.volumes }}"
become_user: root
loop:
- command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
name: httpx
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
- /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
- command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
name: httpx_json
volumes:
- /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
- /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
# - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
# name: httpx_dashboard
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
# - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
# name: httpx_dashboard_2
# volumes:
# - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
loop_control:
#* seconds
pause: 60
- ansible.builtin.pause:
seconds: 60
- ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin"
git add .
git commit -m "Push scan {{ fqdn }} with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
args:
chdir: "$HOME/scan"
run_once: true
become_user: root
register: push_git
# - debug:
# msg: "{{ push_git.changed }}"
# - debug:
# msg: "{{ push_git.changed }}"
# when: push_git.changed is true
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
dest: "$HOME/scan"
single_branch: yes
force: true
delegate_to: scaleway
become_user: stephane
- copy:
src: "{{ item }}"
dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }}
remote_src: true
loop:
- /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json
- /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
delegate_to: scaleway
- name: Run a simple command (argv)
community.docker.docker_container_exec:
container: ivreclient
argv:
- ivre
- scan2db
- "-c"
- "{{ fqdn }}"
- "-s"
- "{{ ansible_play_hosts }}"
- "-r"
- /ivre-share/{{ fqdn }}__dnsx.json
delegate_to: scaleway
- name: Run a simple command (argv)
community.docker.docker_container_exec:
container: ivreclient
argv:
- ivre
- scan2db
- "-c"
- "{{ fqdn }}"
- "-s"
- "{{ ansible_play_hosts }}"
- "-r"
- "/ivre-share/{{ fqdn }}__httpx.json"
delegate_to: scaleway
- name: Run a simple command (argv)
community.docker.docker_container_exec:
container: ivreclient
argv:
- ivre
- db2view
- all
delegate_to: scaleway
- name: NTFY when docker compose changed
uri:
url: "https://alert.jingoh.fr/scaleway"
method: POST
user: "{{ username }}"
password: "{{ password }}"
headers:
Title: "SCAN {{ fqdn }}"
ta: "globe_with_meridians"
body: "scan finished !"
status_code: 200
tags: test1
delegate_to: localhost