From c1dd943e2d42155c2e07dc26c50af16b2a83c01e Mon Sep 17 00:00:00 2001 From: staffadmin Date: Wed, 24 Apr 2024 22:47:23 +0200 Subject: [PATCH] Update scan --- scan.yml | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 scan.yml diff --git a/scan.yml b/scan.yml new file mode 100644 index 0000000..2a050bd --- /dev/null +++ b/scan.yml @@ -0,0 +1,108 @@ +--- +- name: Scan + hosts: localhost + become: true + gather_facts: false + vars: + target_network: 91.202.233.0/24 + ansible_user: stephane + ansible_password: stephane + ansible_become_password: stephane + username: jingohalert + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;prod + 66346630333538386564396632636161316239326530653037666465616165393135666532643264 + 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 + 65366439343135636634393832636436353764303066653530346232323164376265313039373630 + 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 + 3130 +# apt-get install sshpass + +# # +# # @author Stéphane Gratias (2021). +# + + pre_tasks: + - ansible.builtin.command: + cmd: "masscan {{ target_network }} -p443 --rate=100000" + become: true + register: scan443 + delegate_to: localhost + + + # - name: Simple A record (IPV4 address) lookup for example.com + # ansible.builtin.debug: + # msg: "{{ lookup('community.general.dig', 'example.com.')}}" + + - debug: + msg: "{{ item.split('on')[-1].strip() }}" + loop: "{{ scan443.stdout_lines }}" + # - "{{ cert.not_after }}" + # - "{{ ansible_date_time.iso8601_basic }}" + tags: test + + + - name: Get a cert from an https por + community.crypto.get_certificate: + host: "{{ item.split('on')[-1].strip() }}" + port: 443 + delegate_to: localhost + run_once: true + loop: "{{ scan443.stdout_lines }}" + ignore_errors: true + register: cert + tags: test + + + # - debug: + # msg: "{{ item }}" + # loop: "{{ cert.results }}" + # # loop: "{{ scan443.stdout_lines }}" + # # - "{{ cert.not_after }}" + # # - "{{ ansible_date_time.iso8601_basic }}" + # tags: test + + # - debug: + # msg: "{{ item.subject }}" + # loop: "{{ cert.results }}" + # when: item.subject is defined + # # loop: "{{ scan443.stdout_lines }}" + # # - "{{ cert.not_after }}" + # # - "{{ ansible_date_time.iso8601_basic }}" + # tags: test + # ignore_errors: true + + + + - name: Set host_interfaces list + ansible.builtin.set_fact: + host_interfaces: "{{ host_interfaces + [item.subject]}}" + vars: + host_interfaces: [] + when: item.subject is defined + loop: "{{ cert.results }}" + + + - debug: + msg: "{{ host_interfaces }}" + + + - name: NTFY when docker compose changed + uri: + url: "https://alert.jingoh.fr/scaleway" + method: POST + user: "{{ username }}" + password: "{{ password }}" + headers: + Title: "SCAN HTTPS" + ta: "file_folder" + body: "{{ host_interfaces }}" + status_code: 200 + tags: test1 + delegate_to: localhost + # when: fetch_files_backup.changed is true + + # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl + # amass enum -passive -d togofirst.com + # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 + # sublist3r -d fitnetmanager.com