diff --git a/group_vars/all.yml b/group_vars/all.yml index 546e5ad..1ee3c97 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -13,6 +13,11 @@ management_user_list: nopasswd: ALL +#* GO + +golang_gopath: /usr/local/go +# golang_download_dir: /home/stephane/.ansible/tmp/downloads + #* PACKAGES package_repo: diff --git a/roles/.gitignore b/roles/.gitignore index 114af7f..2b44480 100644 --- a/roles/.gitignore +++ b/roles/.gitignore @@ -46,4 +46,5 @@ ansible-role-labocbz-install-grafana cloudalchemy.grafana CTL-Fed-Security.ansible-grafana thomasjpfan.docker-swarm -asg1612.dockerswarm \ No newline at end of file +asg1612.dockerswarm +gantsign.golang \ No newline at end of file diff --git a/roles/requirements.yml b/roles/requirements.yml index 449acd1..81e5d75 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -38,6 +38,7 @@ # - src: maxlareo.rkhunter # - src: maxlareo.chkrootkit - src: robertdebock.auditd +- src: gantsign.golang # - src: robertdebock.update # # - src: buluma.auditd # # version: v1.0.10 diff --git a/scan.yml b/scan.yml index 3d82d6b..93726b9 100644 --- a/scan.yml +++ b/scan.yml @@ -14,13 +14,15 @@ 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 37653135666331633532653436656461396131623736353962643632316135633562346631313036 6137356332636431643830666461333862613835336631333037 + #TODO target in list # 163.172.0.0/24 # 163.172.80.0/28 target_network: 163.172.16.0/20 # 163.172.0.0/20 # 163.172.16.0/20 # 163.172.31.0/20 - # 163.172.47.0/20 + # 163.172.48.0/20 + # 163.172.63.254/20 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane @@ -60,6 +62,7 @@ cmd: "masscan {{ target_network }} -p443" become: true register: scan_output + # pause # - debug: diff --git a/scan_old.yml b/scan_old.yml deleted file mode 100644 index 97e3347..0000000 --- a/scan_old.yml +++ /dev/null @@ -1,235 +0,0 @@ ---- -- name: Scan - hosts: scale01 - become: true - gather_facts: false - vars: - - user: staffadmin - token: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 35343365393734313034383961616333633265623037303436653739613935366666373237366562 - 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 - 30313631343534643866383336623837363433303032376264373139306464313866313034663636 - 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 - 37653135666331633532653436656461396131623736353962643632316135633562346631313036 - 6137356332636431643830666461333862613835336631333037 - # 163.172.0.0/24 - # 163.172.80.0/28 - target_network: 163.172.80.0/24 - ansible_user: stephane - ansible_password: stephane - ansible_become_password: stephane - username: jingohalert - password: !vault | - $ANSIBLE_VAULT;1.2;AES256;prod - 66346630333538386564396632636161316239326530653037666465616165393135666532643264 - 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 - 65366439343135636634393832636436353764303066653530346232323164376265313039373630 - 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 - 3130 -# apt-get install sshpass - -# # -# # @author Stéphane Gratias (2021). -# - - - # roles: - # - { role: geerlingguy.pip, tags: pip } - tasks: - - - - ansible.builtin.apt: - name: masscan - update_cache: true - - - ansible.builtin.git: - repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - dest: "{{ playbook_dir }}/scan" - single_branch: yes - force: true - delegate_to: localhost - - - - ansible.builtin.git: - repo: https://github.com/maurosoria/dirsearch.git - dest: "/home/stephane/dirsearch" - single_branch: yes - force: true - - - name: Install specified python requirements - ansible.builtin.pip: - requirements: "/home/stephane/dirsearch/requirements.txt" - - # apt install masscan - - ansible.builtin.command: - cmd: "masscan {{ target_network }} -p443" - become: true - register: scan_output - - -# - debug: -# msg: "{{ item }}" -# loop: "{{ scan_output.stdout_lines }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost - - - name: Get a cert from an https por - community.crypto.get_certificate: - host: "{{ item.split('on')[-1].strip() }}" - port: 443 - delegate_to: localhost - run_once: true - loop: "{{ scan_output.stdout_lines }}" - ignore_errors: true - register: cert - tags: test - - -# item.subject.CN - - debug: - msg: "{{ item.subject.CN }}" - loop: "{{ cert.results }}" - # - "{{ cert.not_after }}" - # - "{{ ansible_date_time.iso8601_basic }}" - tags: test - delegate_to: localhost - -# # item.subject.CN -# - debug: -# msg: "{{ item.item.split('on')[-1].strip() }}" -# loop: "{{ cert.results }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost - - - # apt install masscan - - ansible.builtin.command: - cmd: "python3 /home/root/dirsearch/dirsearch.py -u https://{{ item.item.split('on')[-1].strip() }} --max-time 500" - become: true - loop: "{{ cert.results }}" - # vars: - # ansible_command_timeout: 500 - ignore_errors: true - register: fuff - -#ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ - - # # loop: "{{ scan443.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - - - # tags: test - - - # - debug: - # msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" - # loop: "{{ cert.results }}" - # when: item.subject is defined - # # loop: "{{ scan443.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # tags: test - # ignore_errors: true - # delegate_to: localhost - - - # - debug: - # msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" - # loop: "{{ fuff.results }}" - # # when: item.stdout_lines is search('200 -') - # # loop: "{{ scan443.stdout_lines }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # tags: test - # ignore_errors: true - # delegate_to: localhost - - - - # - debug: - # msg: "{{ fuff }}" - - - - - ansible.builtin.find: - paths: "/home/stephane/reports" - recurse: yes - register: scan_path - - - # - debug: - # msg: "{{ item.path }}" - # loop: "{{ scan_path.files }}" - # # - "{{ cert.not_after }}" - # # - "{{ ansible_date_time.iso8601_basic }}" - # delegate_to: localhost - - - ansible.builtin.fetch: - src: "{{ item.path }}" - dest: "{{ playbook_dir }}/scan/" - flat: false - loop: "{{ scan_path.files }}" - - - debug: - msg: "{{ item.path }}" - loop: "{{ scan_path.files }}" - # - "{{ cert.not_after }}" - # - "{{ ansible_date_time.iso8601_basic }}" - delegate_to: localhost - - - ansible.builtin.shell: | - git config user.email "stephane.gratiasquiquandon@gmail.com" - git config user.name "staffadmin" - git add . - git commit -m "Push scan with access token" - git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git - args: - chdir: "{{ playbook_dir }}/scan/" - run_once: true - delegate_to: localhost - -# https://github.com/danielmiessler/SecLists.git - - # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ - - - - # - name: Set host_interfaces list - # ansible.builtin.set_fact: - # host_interfaces: "{{ host_interfaces + [item.subject]}}" - # vars: - # host_interfaces: [] - # when: item.subject is defined - # loop: "{{ cert.results }}" - - - # - debug: - # msg: "{{ host_interfaces }}" - - - # - name: NTFY when docker compose changed - # uri: - # url: "https://alert.jingoh.fr/scaleway" - # method: POST - # user: "{{ username }}" - # password: "{{ password }}" - # headers: - # Title: "SCAN HTTPS" - # ta: "file_folder" - # body: "{{ target_network }}" - # status_code: 200 - # tags: test1 - # delegate_to: localhost - # when: fetch_files_backup.changed is true - - # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl - # amass enum -passive -d togofirst.com - # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 - # sublist3r -d fitnetmanager.com diff --git a/tools.yml b/tools.yml new file mode 100644 index 0000000..6dce6c9 --- /dev/null +++ b/tools.yml @@ -0,0 +1,59 @@ +--- +- name: Install tools + hosts: scale01 + become: true + gather_facts: true + vars: + + ansible_user: stephane + # ansible_sudo_pass: stephane + # pre_tasks: + + # - ansible.builtin.apt: + # name: "{{ item }}" + # update_cache: true + # loop: + # - unzip + # - tar + +# - name: populate /etc/environment +# lineinfile: +# path: "/etc/environment" +# state: present +# regexp: "^{{ item.key }}=" +# line: "{{ item.key }}={{ item.value}}" +# loop: +# - key: GOROOT +# value : "{{ golang_install_dir }}" +# - key: GOPATH +# value : admin +# - key: GOPATH +# value : admin +# become: yes + + +# export GOROOT='{{ golang_install_dir }}' +# export PATH=$GOROOT/bin:$PATH + +# export GOROOT='/opt/go/1.22.6' +# export PATH=$GOROOT/bin:$PATH + + roles: + - { role: gantsign.golang, tags: go } + environment: + GOROOT: "{{ golang_install_dir }}" + PATH: $GOROOT/bin:$PATH + tasks: + - name: Install go tools + command: "{{ item }}" + become_user: stephane + loop: + - go install github.com/projectdiscovery/katana/cmd/katana@latest + - go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest + - go install -v github.com/LukaSikic/subzy@latest + - go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest + - go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest + - go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest + +# projectdiscovery s + # export PDCP_API_KEY=************* \ No newline at end of file