From 830882ee157da3f5cf2f29de97f3b272dffe802c Mon Sep 17 00:00:00 2001 From: staffadmin Date: Fri, 16 Aug 2024 19:40:32 +0200 Subject: [PATCH] [push ivre] --- ivre.yml | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ tools.yml | 59 ------------------- 2 files changed, 168 insertions(+), 59 deletions(-) create mode 100644 ivre.yml delete mode 100644 tools.yml diff --git a/ivre.yml b/ivre.yml new file mode 100644 index 0000000..f817b0e --- /dev/null +++ b/ivre.yml @@ -0,0 +1,168 @@ +--- +- name: Install tools + hosts: ovh01 + become: true + gather_facts: true + vars: + fqdn: orbital23.com + ansible_user: stephane + user: staffadmin + token: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 35343365393734313034383961616333633265623037303436653739613935366666373237366562 + 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 + 30313631343534643866383336623837363433303032376264373139306464313866313034663636 + 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 + 37653135666331633532653436656461396131623736353962643632316135633562346631313036 + 6137356332636431643830666461333862613835336631333037 + #TODO target in list + # 163.172.0.0/24 + # 163.172.80.0/28 + target_network: 163.172.16.0/20 + # 163.172.0.0/20 + # 163.172.16.0/20 + # 163.172.31.0/20 + # 163.172.48.0/20 + # 163.172.63.254/20 + ansible_password: stephane + ansible_become_password: stephane + username: jingohalert + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 66346630333538386564396632636161316239326530653037666465616165393135666532643264 + 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 + 65366439343135636634393832636436353764303066653530346232323164376265313039373630 + 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 + 3130 + tasks: + - community.docker.docker_image_pull: + name: "{{ item }}" + loop: + - projectdiscovery/subfinder + - projectdiscovery/httpx + - projectdiscovery/nuclei + + - ansible.builtin.git: + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "$HOME/scan" + single_branch: yes + force: true + become_user: root + + - name: PREPARE SCAN {{ fqdn }} + shell: "{{ item }}" + become_user: root + ignore_errors: true + loop: + - mkdir $HOME/scan/{{ fqdn }} + - touch $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json + + - name: RUN HTTPX SCAN {{ fqdn }} + shell: "{{ item }}" + become_user: root + ignore_errors: true + loop: + - docker run --rm projectdiscovery/subfinder -d {{ fqdn }} -silent > $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt + - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt + - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -j -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json + + - name: RUN NUCLEI SCAN {{ fqdn }} + shell: "{{ item }}" + become_user: root + ignore_errors: true + loop: + - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt -v $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json:/{{ fqdn }}__nuclei.json projectdiscovery/nuclei -l {{ fqdn }}__httpx.txt -j -o {{ fqdn }}__nuclei.json + + - ansible.builtin.shell: | + git config user.email "stephane.gratiasquiquandon@gmail.com" + git config user.name "staffadmin" + git add . + git commit -m "Push scan {{ fqdn }} with access token" + git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + args: + chdir: "$HOME/scan" + run_once: true + become_user: root + register: push_git + + # - debug: + # msg: "{{ push_git.changed }}" + + # - debug: + # msg: "{{ push_git.changed }}" + # when: push_git.changed is true + + + - ansible.builtin.git: + repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git + dest: "$HOME/scan" + single_branch: yes + force: true + delegate_to: scaleway + become_user: stephane + when: push_git.changed is true + + - copy: + src: "{{ item }}" + dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }} + remote_src: true + loop: + - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json + - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json + delegate_to: scaleway + when: push_git.changed is true + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - scan2db + - "-c" + - "{{ fqdn }}" + - "-s" + - "{{ ansible_play_hosts }}" + - "-r" + - /ivre-share/{{ fqdn }}__nuclei.json + delegate_to: scaleway + when: push_git.changed is true + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - scan2db + - "-c" + - "{{ fqdn }}" + - "-s" + - "{{ ansible_play_hosts }}" + - "-r" + - "/ivre-share/{{ fqdn }}__httpx.json" + delegate_to: scaleway + when: push_git.changed is true + + - name: Run a simple command (argv) + community.docker.docker_container_exec: + container: ivreclient + argv: + - ivre + - db2view + - all + delegate_to: scaleway + when: push_git.changed is true + + - name: NTFY when docker compose changed + uri: + url: "https://alert.jingoh.fr/scaleway" + method: POST + user: "{{ username }}" + password: "{{ password }}" + headers: + Title: "SCAN {{ fqdn }}" + ta: "globe_with_meridians" + body: "scan finished !" + status_code: 200 + tags: test1 + delegate_to: localhost + when: push_git.changed is true diff --git a/tools.yml b/tools.yml deleted file mode 100644 index 6dce6c9..0000000 --- a/tools.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Install tools - hosts: scale01 - become: true - gather_facts: true - vars: - - ansible_user: stephane - # ansible_sudo_pass: stephane - # pre_tasks: - - # - ansible.builtin.apt: - # name: "{{ item }}" - # update_cache: true - # loop: - # - unzip - # - tar - -# - name: populate /etc/environment -# lineinfile: -# path: "/etc/environment" -# state: present -# regexp: "^{{ item.key }}=" -# line: "{{ item.key }}={{ item.value}}" -# loop: -# - key: GOROOT -# value : "{{ golang_install_dir }}" -# - key: GOPATH -# value : admin -# - key: GOPATH -# value : admin -# become: yes - - -# export GOROOT='{{ golang_install_dir }}' -# export PATH=$GOROOT/bin:$PATH - -# export GOROOT='/opt/go/1.22.6' -# export PATH=$GOROOT/bin:$PATH - - roles: - - { role: gantsign.golang, tags: go } - environment: - GOROOT: "{{ golang_install_dir }}" - PATH: $GOROOT/bin:$PATH - tasks: - - name: Install go tools - command: "{{ item }}" - become_user: stephane - loop: - - go install github.com/projectdiscovery/katana/cmd/katana@latest - - go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest - - go install -v github.com/LukaSikic/subzy@latest - - go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest - - go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest - - go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest - -# projectdiscovery s - # export PDCP_API_KEY=************* \ No newline at end of file