sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add input scan screenshots

Browse Source
This commit is contained in:
sgratias
2025-03-30 19:25:02 +02:00
parent 0c4b6e2234
commit 88d1008407
2 changed files with 15 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
collections/requirements.yml
View File

@@ -4,7 +4,7 @@ collections:
# - name: community.crypto # - name: community.crypto
- name: ansible.utils - name: ansible.utils
# - name: community.grafana # - name: community.grafana
# - name: community.docker - name: community.docker
# - name: geerlingguy.redis # - name: geerlingguy.redis
# - name: git+https://github.com/netways/ansible-collection-elasticstack.git # - name: git+https://github.com/netways/ansible-collection-elasticstack.git
# - name: elastic.elasticsearch # - name: elastic.elasticsearch

59
scan.yml
View File

@@ -19,7 +19,7 @@
#TODO target in list #TODO target in list
# 163.172.0.0/24 # 163.172.0.0/24
# 163.172.80.0/28 # 163.172.80.0/28
target_network: 163.172.87.0/24 target_network: 163.172.91.0/24
# 163.172.0.0/20 # 163.172.0.0/20
# 163.172.16.0/20 # 163.172.16.0/20
# 163.172.31.0/20 # 163.172.31.0/20
@@ -59,7 +59,6 @@
force: true force: true
delegate_to: localhost delegate_to: localhost
# apt install masscan
- ansible.builtin.command: - ansible.builtin.command:
cmd: "masscan {{ target_network }} -p443" cmd: "masscan {{ target_network }} -p443"
become: true become: true
@@ -67,21 +66,10 @@
# pause # pause
# - debug: - community.crypto.get_certificate:
# msg: "{{ item }}"
# loop: "{{ scan_output.stdout_lines }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- name: Get a cert from an https port
community.crypto.get_certificate:
host: "{{ item.split('on')[-1].strip() }}" host: "{{ item.split('on')[-1].strip() }}"
port: 443 port: 443
asn1_base64: true asn1_base64: true
# vars:
# asn1_base64: true
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
loop: "{{ scan_output.stdout_lines }}" loop: "{{ scan_output.stdout_lines }}"
@@ -92,7 +80,7 @@
- ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short" - ansible.builtin.command: "dig -x {{ item.split('on')[-1].strip() }} +short"
register: reverse_dns register: reverse_dns
loop: "{{ scan_output.stdout_lines }}" loop: "{{ scan_output.stdout_lines }}"
# dig -x 163.172.27.76 +short
# # item.subject.CN # # item.subject.CN
@@ -109,17 +97,14 @@
reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}" reverse_dns_list: "{{ reverse_dns_list|default([]) + [item.stdout_lines | join(',')]}}"
loop: "{{ reverse_dns.results }}" loop: "{{ reverse_dns.results }}"
#! take time, can be better
- ansible.builtin.file: - ansible.builtin.file:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/" path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
state: directory state: directory
loop: "{{ cert.results }}" loop: "{{ cert.results }}"
when: item.invocation is defined when: item.invocation is defined
#! take time, can be better
- debug:
msg: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
loop: "{{ cert.results }}"
- ansible.builtin.lineinfile: - ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv" path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
line: "IP,PORT,CN,ISSUER COUNTRY,ISSUER ORGA,REVERSE" line: "IP,PORT,CN,ISSUER COUNTRY,ISSUER ORGA,REVERSE"
@@ -140,24 +125,6 @@
delegate_to: localhost delegate_to: localhost
when: item.invocation is defined when: item.invocation is defined
# - name: Copy file with owner and permissions
# ansible.builtin.copy:
# dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}"
# content: |
# "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}"
# loop: "{{ cert.results }}"
# delegate_to: localhost
# # # item.subject.CN
# # - debug:
# # msg: "{{ item.item.split('on')[-1].strip() }}"
# # loop: "{{ cert.results }}"
# # # - "{{ cert.not_after }}"
# # # - "{{ ansible_date_time.iso8601_basic }}"
# # tags: test
# # delegate_to: localhost
- ansible.builtin.shell: | - ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin" git config user.name "staffadmin"
@@ -169,14 +136,16 @@
run_once: true run_once: true
delegate_to: localhost delegate_to: localhost
- community.docker.docker_container_exec:
container: scan
command: gowitness scan single --url "https://{{ item.subject.CN }}" --write-db
chdir: /data
loop: "{{ cert.results }}"
when:
- item.subject.CN is defined
- "'*' not in item.subject.CN"
# - name: Run a simple command (command) # gowitness scan single --url "https://nuage.monassa.fr" --write-db
# community.docker.docker_container_exec:
# container: foo
# command: /bin/bash -c "ls -lah"
# chdir: /root
# register: result
# - debug: # - debug:
# msg: "{{ host_interfaces }}" # msg: "{{ host_interfaces }}"