From 88d10084076d386bc104f5676659716bb55b508c Mon Sep 17 00:00:00 2001 From: staffadmin Date: Sun, 30 Mar 2025 19:25:02 +0200 Subject: [PATCH] add input scan screenshots --- collections/requirements.yml | 2 +- scan.yml | 59 +++++++++--------------------------- 2 files changed, 15 insertions(+), 46 deletions(-) diff --git a/collections/requirements.yml b/collections/requirements.yml index 0c661d3..2817d2b 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -4,7 +4,7 @@ collections: # - name: community.crypto - name: ansible.utils # - name: community.grafana - # - name: community.docker + - name: community.docker # - name: geerlingguy.redis # - name: git+https://github.com/netways/ansible-collection-elasticstack.git # - name: elastic.elasticsearch diff --git a/scan.yml b/scan.yml index 1561d17..6b715ca 100644 --- a/scan.yml +++ b/scan.yml @@ -19,7 +19,7 @@ #TODO target in list # 163.172.0.0/24 # 163.172.80.0/28 - target_network: 163.172.87.0/24 + target_network: 163.172.91.0/24 # 163.172.0.0/20 # 163.172.16.0/20 # 163.172.31.0/20 @@ -59,7 +59,6 @@ force: true delegate_to: localhost - # apt install masscan - ansible.builtin.command: cmd: "masscan {{ target_network }} -p443" become: true @@ -67,21 +66,10 @@ # pause -# - debug: -# msg: "{{ item }}" -# loop: "{{ scan_output.stdout_lines }}" -# # - "{{ cert.not_after }}" -# # - "{{ ansible_date_time.iso8601_basic }}" -# tags: test -# delegate_to: localhost - - - name: Get a cert from an https port - community.crypto.get_certificate: + - community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" port: 443 asn1_base64: true - # vars: - # asn1_base64: true delegate_to: localhost run_once: true loop: "{{ scan_output.stdout_lines }}" @@ -92,7 +80,7 @@ - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short" register: reverse_dns loop: "{{ scan_output.stdout_lines }}" -# dig -x 163.172.27.76 +short + # # item.subject.CN @@ -109,17 +97,14 @@ reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}" loop: "{{ reverse_dns.results }}" +#! take time, can be better - ansible.builtin.file: path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" state: directory loop: "{{ cert.results }}" when: item.invocation is defined - - - debug: - msg: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" - loop: "{{ cert.results }}" - +#! take time, can be better - ansible.builtin.lineinfile: path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" line: "IP,PORT,CN,ISSUER COUNTRY,ISSUER ORGA,REVERSE" @@ -140,24 +125,6 @@ delegate_to: localhost when: item.invocation is defined - - # - name: Copy file with owner and permissions - # ansible.builtin.copy: - # dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}" - # content: | - # "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}" - # loop: "{{ cert.results }}" - # delegate_to: localhost - -# # # item.subject.CN -# # - debug: -# # msg: "{{ item.item.split('on')[-1].strip() }}" -# # loop: "{{ cert.results }}" -# # # - "{{ cert.not_after }}" -# # # - "{{ ansible_date_time.iso8601_basic }}" -# # tags: test -# # delegate_to: localhost - - ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" @@ -169,14 +136,16 @@ run_once: true delegate_to: localhost + - community.docker.docker_container_exec: + container: scan + command: gowitness scan single --url "https://{{ item.subject.CN }}" --write-db + chdir: /data + loop: "{{ cert.results }}" + when: + - item.subject.CN is defined + - "'*' not in item.subject.CN" -# - name: Run a simple command (command) -# community.docker.docker_container_exec: -# container: foo -# command: /bin/bash -c "ls -lah" -# chdir: /root -# register: result - +# gowitness scan single --url "https://nuage.monassa.fr" --write-db # - debug: # msg: "{{ host_interfaces }}"