diff --git a/scan.yml b/scan.yml index 97e3347..d3a9b86 100644 --- a/scan.yml +++ b/scan.yml @@ -16,7 +16,11 @@ 6137356332636431643830666461333862613835336631333037 # 163.172.0.0/24 # 163.172.80.0/28 - target_network: 163.172.80.0/24 + target_network: 163.172.0.0/20 + # 163.172.0.0/20 + # 163.172.16.0/20 + # 163.172.31.0/20 + # 163.172.47.0/20 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane @@ -51,17 +55,6 @@ force: true delegate_to: localhost - - - ansible.builtin.git: - repo: https://github.com/maurosoria/dirsearch.git - dest: "/home/stephane/dirsearch" - single_branch: yes - force: true - - - name: Install specified python requirements - ansible.builtin.pip: - requirements: "/home/stephane/dirsearch/requirements.txt" - # apt install masscan - ansible.builtin.command: cmd: "masscan {{ target_network }} -p443" @@ -77,7 +70,7 @@ # tags: test # delegate_to: localhost - - name: Get a cert from an https por + - name: Get a cert from an https port community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" port: 443 @@ -91,13 +84,38 @@ # item.subject.CN - debug: - msg: "{{ item.subject.CN }}" + # msg: "{{ item.subject.CN }}" + msg: "{{ item.invocation.module_args.host}}" loop: "{{ cert.results }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test delegate_to: localhost + + - name: Change file ownership, group and permissions + ansible.builtin.file: + path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" + state: directory + loop: "{{ cert.results }}" + + - name: Add a line to a file if the file does not exist, without passing regexp + ansible.builtin.lineinfile: + path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}" + line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}" + create: yes + loop: "{{ cert.results }}" + delegate_to: localhost + + + # - name: Copy file with owner and permissions + # ansible.builtin.copy: + # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" + # content: | + # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" + # loop: "{{ cert.results }}" + # delegate_to: localhost + # # item.subject.CN # - debug: # msg: "{{ item.item.split('on')[-1].strip() }}" @@ -107,83 +125,6 @@ # tags: test # delegate_to: localhost - - # apt install masscan - - ansible.builtin.command: - cmd: "python3 /home/root/dirsearch/dirsearch.py -u https://{{ item.item.split('on')[-1].strip() }} --max-time 500" - become: true - loop: "{{ cert.results }}" - # vars: - # ansible_command_timeout: 500 - ignore_errors: true - register: fuff - -#ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ - - # # loop: "{{ scan443.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - - - # tags: test - - - # - debug: - # msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" - # loop: "{{ cert.results }}" - # when: item.subject is defined - # # loop: "{{ scan443.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # tags: test - # ignore_errors: true - # delegate_to: localhost - - - # - debug: - # msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" - # loop: "{{ fuff.results }}" - # # when: item.stdout_lines is search('200 -') - # # loop: "{{ scan443.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # tags: test - # ignore_errors: true - # delegate_to: localhost - - - - # - debug: - # msg: "{{ fuff }}" - - - - - ansible.builtin.find: - paths: "/home/stephane/reports" - recurse: yes - register: scan_path - - - # - debug: - # msg: "{{ item.path }}" - # loop: "{{ scan_path.files }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # delegate_to: localhost - - - ansible.builtin.fetch: - src: "{{ item.path }}" - dest: "{{ playbook_dir }}/scan/" - flat: false - loop: "{{ scan_path.files }}" - - - debug: - msg: "{{ item.path }}" - loop: "{{ scan_path.files }}" - # - "{{ cert.not_after }}" - # - "{{ ansible_date_time.iso8601_basic }}" - delegate_to: localhost - - ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" @@ -195,20 +136,6 @@ run_once: true delegate_to: localhost -# https://github.com/danielmiessler/SecLists.git - - # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ - - - - # - name: Set host_interfaces list - # ansible.builtin.set_fact: - # host_interfaces: "{{ host_interfaces + [item.subject]}}" - # vars: - # host_interfaces: [] - # when: item.subject is defined - # loop: "{{ cert.results }}" - # - debug: # msg: "{{ host_interfaces }}" @@ -221,15 +148,10 @@ # user: "{{ username }}" # password: "{{ password }}" # headers: - # Title: "SCAN HTTPS" + # Title: "SCAN HTTPS " # ta: "file_folder" # body: "{{ target_network }}" # status_code: 200 # tags: test1 # delegate_to: localhost # when: fetch_files_backup.changed is true - - # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl - # amass enum -passive -d togofirst.com - # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 - # sublist3r -d fitnetmanager.com diff --git a/scan_https.yml b/scan_old.yml similarity index 54% rename from scan_https.yml rename to scan_old.yml index 9e1fdf5..97e3347 100644 --- a/scan_https.yml +++ b/scan_old.yml @@ -16,7 +16,7 @@ 6137356332636431643830666461333862613835336631333037 # 163.172.0.0/24 # 163.172.80.0/28 - target_network: 163.172.80.0/28 + target_network: 163.172.80.0/24 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane @@ -51,6 +51,17 @@ force: true delegate_to: localhost + + - ansible.builtin.git: + repo: https://github.com/maurosoria/dirsearch.git + dest: "/home/stephane/dirsearch" + single_branch: yes + force: true + + - name: Install specified python requirements + ansible.builtin.pip: + requirements: "/home/stephane/dirsearch/requirements.txt" + # apt install masscan - ansible.builtin.command: cmd: "masscan {{ target_network }} -p443" @@ -66,7 +77,7 @@ # tags: test # delegate_to: localhost - - name: Get a cert from an https port + - name: Get a cert from an https por community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" port: 443 @@ -80,38 +91,13 @@ # item.subject.CN - debug: - # msg: "{{ item.subject.CN }}" - msg: "{{ item.invocation.module_args.host}}" + msg: "{{ item.subject.CN }}" loop: "{{ cert.results }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test delegate_to: localhost - - - name: Change file ownership, group and permissions - ansible.builtin.file: - path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" - state: directory - loop: "{{ cert.results }}" - - - name: Add a line to a file if the file does not exist, without passing regexp - ansible.builtin.lineinfile: - path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}" - line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}" - create: yes - loop: "{{ cert.results }}" - delegate_to: localhost - - - # - name: Copy file with owner and permissions - # ansible.builtin.copy: - # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" - # content: | - # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" - # loop: "{{ cert.results }}" - # delegate_to: localhost - # # item.subject.CN # - debug: # msg: "{{ item.item.split('on')[-1].strip() }}" @@ -121,6 +107,83 @@ # tags: test # delegate_to: localhost + + # apt install masscan + - ansible.builtin.command: + cmd: "python3 /home/root/dirsearch/dirsearch.py -u https://{{ item.item.split('on')[-1].strip() }} --max-time 500" + become: true + loop: "{{ cert.results }}" + # vars: + # ansible_command_timeout: 500 + ignore_errors: true + register: fuff + +#ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ + + # # loop: "{{ scan443.stdout_lines }}" + # # - "{{ cert.not_after }}" + # # - "{{ ansible_date_time.iso8601_basic }}" + + + # tags: test + + + # - debug: + # msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" + # loop: "{{ cert.results }}" + # when: item.subject is defined + # # loop: "{{ scan443.stdout_lines }}" + # # - "{{ cert.not_after }}" + # # - "{{ ansible_date_time.iso8601_basic }}" + # tags: test + # ignore_errors: true + # delegate_to: localhost + + + # - debug: + # msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" + # loop: "{{ fuff.results }}" + # # when: item.stdout_lines is search('200 -') + # # loop: "{{ scan443.stdout_lines }}" + # # - "{{ cert.not_after }}" + # # - "{{ ansible_date_time.iso8601_basic }}" + # tags: test + # ignore_errors: true + # delegate_to: localhost + + + + # - debug: + # msg: "{{ fuff }}" + + + + - ansible.builtin.find: + paths: "/home/stephane/reports" + recurse: yes + register: scan_path + + + # - debug: + # msg: "{{ item.path }}" + # loop: "{{ scan_path.files }}" + # # - "{{ cert.not_after }}" + # # - "{{ ansible_date_time.iso8601_basic }}" + # delegate_to: localhost + + - ansible.builtin.fetch: + src: "{{ item.path }}" + dest: "{{ playbook_dir }}/scan/" + flat: false + loop: "{{ scan_path.files }}" + + - debug: + msg: "{{ item.path }}" + loop: "{{ scan_path.files }}" + # - "{{ cert.not_after }}" + # - "{{ ansible_date_time.iso8601_basic }}" + delegate_to: localhost + - ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" @@ -132,6 +195,20 @@ run_once: true delegate_to: localhost +# https://github.com/danielmiessler/SecLists.git + + # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ + + + + # - name: Set host_interfaces list + # ansible.builtin.set_fact: + # host_interfaces: "{{ host_interfaces + [item.subject]}}" + # vars: + # host_interfaces: [] + # when: item.subject is defined + # loop: "{{ cert.results }}" + # - debug: # msg: "{{ host_interfaces }}" @@ -144,10 +221,15 @@ # user: "{{ username }}" # password: "{{ password }}" # headers: - # Title: "SCAN HTTPS " + # Title: "SCAN HTTPS" # ta: "file_folder" # body: "{{ target_network }}" # status_code: 200 # tags: test1 # delegate_to: localhost # when: fetch_files_backup.changed is true + + # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl + # amass enum -passive -d togofirst.com + # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 + # sublist3r -d fitnetmanager.com