Huge Push for swarm mode

scan.yml

@@ -1,11 +1,21 @@
 ---
 - name: Scan
-  hosts: tower
+  hosts: localhost
   become: true
   gather_facts: false
   vars: 
+
+    user: staffadmin
+    token: !vault |
+              $ANSIBLE_VAULT;1.2;AES256;prod
+              35343365393734313034383961616333633265623037303436653739613935366666373237366562
+              3663316563663439363333396530376139663731346637390a366335333732303134316364363130
+              30313631343534643866383336623837363433303032376264373139306464313866313034663636
+              3961303030373531380a343061326437343066663665613833623533376437326630326432363566
+              37653135666331633532653436656461396131623736353962643632316135633562346631313036
+              6137356332636431643830666461333862613835336631333037
   # 163.172.0.0/24
-    target_network: 163.172.83.0/24
+    target_network: 163.172.80.0/28
     ansible_user: stephane 
     ansible_password: stephane 
     ansible_become_password: stephane
@@ -26,38 +36,36 @@
   pre_tasks:
 
 
+
   - ansible.builtin.git:
-      repo: https://github.com/danielmiessler/SecLists.git
-      dest: "{{ playbook_dir }}/SecLists"
+      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
+      dest: "{{ playbook_dir }}/scan"
       single_branch: yes
       force: true
     delegate_to: localhost
 
+
+  # - ansible.builtin.git:
+  #     repo: https://github.com/danielmiessler/SecLists.git
+  #     dest: "{{ playbook_dir }}/SecLists"
+  #     single_branch: yes
+  #     force: true
+  #   delegate_to: localhost
+
   # apt install masscan
   - ansible.builtin.command:
-      cmd: "masscan {{ target_network }} -p443 --rate=100000"
+      cmd: "masscan {{ target_network }} -p443"
     become: true
     register: scan_output
     delegate_to: localhost
 
-  # # - name: Simple A record (IPV4 address) lookup for example.com
-  # #   ansible.builtin.debug:
-  # #     msg: "{{ lookup('community.general.dig', 'example.com.')}}"
-
-  # - debug:
-  #     msg: "{{ item.split('on')[-1].strip() }}"
-  #   loop: "{{ scan_output.stdout_lines }}"
-  #   #   - "{{ cert.not_after }}"
-  #   #   - "{{ ansible_date_time.iso8601_basic }}"
-  #   tags: test
-
-
-  # - debug:
-  #     msg: "{{ item }}"
-  #   loop: "{{ scan_output.stdout_lines }}"
-  #   #   - "{{ cert.not_after }}"
-  #   #   - "{{ ansible_date_time.iso8601_basic }}"
-  #   tags: test
+  - debug:
+      msg: "{{ item }}"
+    loop: "{{ scan_output.stdout_lines }}"
+    #   - "{{ cert.not_after }}"
+    #   - "{{ ansible_date_time.iso8601_basic }}"
+    tags: test
+    delegate_to: localhost
 
   - name: Get a cert from an https por
     community.crypto.get_certificate:
@@ -70,12 +78,21 @@
     register: cert
     tags: test
 
+# item.subject.CN
+  - debug:
+      msg: "{{ item.item.split('on')[-1].strip() }}"
+    loop: "{{ cert.results }}"
+    #   - "{{ cert.not_after }}"
+    #   - "{{ ansible_date_time.iso8601_basic }}"
+    tags: test
+    delegate_to: localhost
+
 
   # apt install masscan
   - ansible.builtin.command:
-      cmd: "ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u https://{{ item.split('on')[-1].strip() }}/FUZZ -s"
+      cmd: " dirsearch -u https://{{ item.item.split('on')[-1].strip() }} -i 200 -t 100"
     become: true
-    loop: "{{ scan_output.stdout_lines }}"
+    loop: "{{ cert.results }}"
     ignore_errors: true
     register: fuff
     delegate_to: localhost
@@ -88,7 +105,10 @@
   #   # loop: "{{ scan443.stdout_lines }}"
   #   #   - "{{ cert.not_after }}"
   #   #   - "{{ ansible_date_time.iso8601_basic }}"
+
+
   #   tags: test
+  
 
   - debug:
       msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}"
@@ -99,19 +119,40 @@
     #   - "{{ ansible_date_time.iso8601_basic }}"
     tags: test
     ignore_errors: true
-
+    delegate_to: localhost
 
 
   - debug:
-      msg: " host: {{ item.cmd }} ||||||| chemin : {{ item.stdout_lines }}"
+      msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}"
     loop: "{{ fuff.results }}"
-    # when: item.subject is defined
+    # when: item.stdout_lines is search('200 -')
     # loop: "{{ scan443.stdout_lines }}"
     #   - "{{ cert.not_after }}"
     #   - "{{ ansible_date_time.iso8601_basic }}"
     tags: test
     ignore_errors: true
+    delegate_to: localhost
 
+  - name: Copy a "sudoers" file on the remote machine for editing
+    ansible.builtin.copy:
+      src: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}"
+      dest: "{{ playbook_dir }}/scan/{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1].split('/')[-2] }}"
+      remote_src: yes
+    loop: "{{ fuff.results }}"
+    delegate_to: localhost
+
+
+  - name: Push backup to git
+    ansible.builtin.shell: |
+      git config user.email "stephane.gratiasquiquandon@gmail.com"
+      git config user.name "staffadmin"
+      git add .
+      git commit -m "Push scan with access token"
+      git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
+    args:
+      chdir: "{{ playbook_dir }}/scan/"
+    run_once: true
+    delegate_to: localhost 
 
 # https://github.com/danielmiessler/SecLists.git