add input scan screenshots

2025-03-30 19:25:02 +02:00
parent 0c4b6e2234
commit 88d1008407
2 changed files with 15 additions and 46 deletions
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -4,7 +4,7 @@ collections:
  # - name: community.crypto
  - name: ansible.utils
  # - name: community.grafana
-  # - name: community.docker
+  - name: community.docker
  # - name: geerlingguy.redis
  # - name: git+https://github.com/netways/ansible-collection-elasticstack.git
  # - name: elastic.elasticsearch
--- a/scan.yml
+++ b/scan.yml
@@ -19,7 +19,7 @@
  #TODO target in list
  # 163.172.0.0/24
  # 163.172.80.0/28 
-    target_network: 163.172.87.0/24
+    target_network: 163.172.91.0/24
    # 163.172.0.0/20
    # 163.172.16.0/20
    # 163.172.31.0/20
@@ -59,7 +59,6 @@
      force: true
    delegate_to: localhost

-  # apt install masscan
  - ansible.builtin.command:
      cmd: "masscan {{ target_network }} -p443"
    become: true
@@ -67,21 +66,10 @@
    # pause 


-#   - debug:
-#       msg: "{{ item }}"
-#     loop: "{{ scan_output.stdout_lines }}"
-#     #   - "{{ cert.not_after }}"
-#     #   - "{{ ansible_date_time.iso8601_basic }}"
-#     tags: test
-#     delegate_to: localhost
-
-  - name: Get a cert from an https port
-    community.crypto.get_certificate:
+  - community.crypto.get_certificate:
      host: "{{ item.split('on')[-1].strip() }}"
      port: 443
      asn1_base64: true
-    # vars:
-    #   asn1_base64: true
    delegate_to: localhost
    run_once: true
    loop: "{{ scan_output.stdout_lines }}"
@@ -92,7 +80,7 @@
  - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short"
    register: reverse_dns
    loop: "{{ scan_output.stdout_lines }}"
-# dig -x 163.172.27.76 +short
+


 # # item.subject.CN
@@ -109,17 +97,14 @@
      reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}"
    loop: "{{ reverse_dns.results }}"

+#! take time, can be better
  - ansible.builtin.file:
      path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
      state: directory
    loop: "{{ cert.results }}"
    when: item.invocation is defined

-
-  - debug:
-      msg: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
-    loop: "{{ cert.results }}"
-
+#! take time, can be better
  - ansible.builtin.lineinfile:
      path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
      line: "IP,PORT,CN,ISSUER COUNTRY,ISSUER ORGA,REVERSE"
@@ -140,24 +125,6 @@
    delegate_to: localhost
    when: item.invocation is defined

-
-  # - name: Copy file with owner and permissions
-  #   ansible.builtin.copy:
-  #     dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}"
-  #     content:  |
-  #       "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}"
-  #   loop: "{{ cert.results }}"
-  #   delegate_to: localhost
-
-# # # item.subject.CN
-# #   - debug:
-# #       msg: "{{ item.item.split('on')[-1].strip() }}"
-# #     loop: "{{ cert.results }}"
-# #     #   - "{{ cert.not_after }}"
-# #     #   - "{{ ansible_date_time.iso8601_basic }}"
-# #     tags: test
-# #     delegate_to: localhost
-
  - ansible.builtin.shell: |
      git config user.email "stephane.gratiasquiquandon@gmail.com"
      git config user.name "staffadmin"
@@ -169,14 +136,16 @@
    run_once: true
    delegate_to: localhost 

+  - community.docker.docker_container_exec:
+      container: scan
+      command: gowitness scan single --url "https://{{ item.subject.CN }}" --write-db
+      chdir: /data
+    loop: "{{ cert.results }}"
+    when: 
+      - item.subject.CN is defined
+      - "'*' not in item.subject.CN"

-# - name: Run a simple command (command)
-#   community.docker.docker_container_exec:
-#     container: foo
-#     command: /bin/bash -c "ls -lah"
-#     chdir: /root
-#   register: result
-
+# gowitness scan single --url "https://nuage.monassa.fr" --write-db

  # - debug:
  #     msg: "{{ host_interfaces }}"