From eb2c1d0009edf90ebe9cd3204af11c2163bfa386 Mon Sep 17 00:00:00 2001
From: staffadmin <stephane.gratiasquiquandon@gmail.com>
Date: Wed, 21 Aug 2024 23:24:12 +0200
Subject: [PATCH] [scan]

---
 scan.yml | 164 +++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 135 insertions(+), 29 deletions(-)

diff --git a/scan.yml b/scan.yml
index f817b0e..f14d5af 100644
--- a/scan.yml
+++ b/scan.yml
@@ -4,7 +4,7 @@
   become: true
   gather_facts: true
   vars: 
-    fqdn: orbital23.com
+    fqdn: colinauto.ro
     ansible_user: stephane
     user: staffadmin
     token: !vault |
@@ -15,15 +15,7 @@
               3961303030373531380a343061326437343066663665613833623533376437326630326432363566
               37653135666331633532653436656461396131623736353962643632316135633562346631313036
               6137356332636431643830666461333862613835336631333037
-  #TODO target in list
-  # 163.172.0.0/24
-  # 163.172.80.0/28 
-    target_network: 163.172.16.0/20
-    # 163.172.0.0/20
-    # 163.172.16.0/20
-    # 163.172.31.0/20
-    # 163.172.48.0/20
-    # 163.172.63.254/20
+    cloud_upload: true
     ansible_password: stephane 
     ansible_become_password: stephane
     username: jingohalert
@@ -34,12 +26,21 @@
               65366439343135636634393832636436353764303066653530346232323164376265313039373630
               3863613961373430340a303866363962353262623030373061616134303366336237346631383539
               3130
+    PDCP_API_KEY: !vault |
+              $ANSIBLE_VAULT;1.2;AES256;prod
+              33346636623263376335323265323163643534613835643363386630316666663336333435323438
+              3135313264626663663436346239306264666563303463380a643366633161326634316662313465
+              31646466666531656565356565383932356162323030346330356563323266396361376339313437
+              6637633235633635330a353539333366346331303134373433346462343736316437306136633361
+              37346537373861313361656338616438646533666639623533323433353365363836656532323938
+              3139363338653666656339303763333837313731383739363164
   tasks:
   - community.docker.docker_image_pull:
       name: "{{ item }}"
     loop:
       - projectdiscovery/subfinder
       - projectdiscovery/httpx
+      - projectdiscovery/dnsx
       - projectdiscovery/nuclei
 
   - ansible.builtin.git:
@@ -49,29 +50,134 @@
       force: true
     become_user: root
 
-  - name: PREPARE SCAN {{ fqdn }}
-    shell: "{{ item }}"
-    become_user: root
-    ignore_errors: true
-    loop:
-      - mkdir $HOME/scan/{{ fqdn }}
-      - touch $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
+  - name: Remove all before
+    ansible.builtin.file:
+      path: $HOME/scan/{{ fqdn }}
+      state: absent
 
-  - name: RUN HTTPX SCAN {{ fqdn }}
-    shell: "{{ item }}"
+  - name: Create a directory if it does not exist
+    ansible.builtin.file:
+      path: "{{ item.path }}"
+      state: "{{ item.state |default('touch') }}"
+    loop: 
+      - path: $HOME/scan/{{ fqdn }}
+        state: directory
+      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
+      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
+      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt
+      # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx__full.txt
+      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json
+      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt
+      # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt
+      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt
     become_user: root
-    ignore_errors: true
-    loop:
-      - docker run --rm projectdiscovery/subfinder -d {{ fqdn }} -silent > $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt
-      - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt
-      - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -j -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
 
-  - name: RUN NUCLEI SCAN {{ fqdn }}
-    shell: "{{ item }}"
+  - name: subfinder
+    community.docker.docker_container:
+      image: projectdiscovery/subfinder
+      name: subfinder
+      command: "-d {{ fqdn }} -silent -o /{{ fqdn }}__subfinder.txt"
+      recreate: true
+      auto_remove: true
+      volumes:
+        - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
+    become_user: root
+
+  - name: dnsx
+    community.docker.docker_container:
+      image: projectdiscovery/dnsx
+      name: "{{ item.name }}"
+      command: "{{ item.command }}"
+      recreate: true
+      auto_remove: true
+      volumes: "{{ item.volumes }}"
     become_user: root
-    ignore_errors: true
     loop:
-      - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt -v $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json:/{{ fqdn }}__nuclei.json projectdiscovery/nuclei -l {{ fqdn }}__httpx.txt -j -o {{ fqdn }}__nuclei.json
+      - command: -silent -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx.txt
+        name: dnsx
+        volumes:
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+      # - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx__full.txt
+      #   volumes:
+      #     - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
+      #     - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt:/{{ fqdn }}__dnsx__full.txt:rw
+      - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -j -o /{{ fqdn }}__dnsx.json
+        name: dnsx-json
+        volumes:
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json:/{{ fqdn }}__dnsx.json:rw
+    loop_control:
+      #* seconds
+      pause: 30
+
+
+  # - name: httpx
+  #   community.docker.docker_container:
+  #     image: projectdiscovery/httpx
+  #     name: httpx
+  #     command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
+  #     recreate: true
+  #     auto_remove: true
+  #     volumes:
+  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
+  #   become_user: root
+
+  # - name: httpx
+  #   community.docker.docker_container:
+  #     image: projectdiscovery/httpx
+  #     name: httpx
+  #     command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
+  #     recreate: true
+  #     auto_remove: true
+  #     volumes:
+  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
+  #   become_user: root
+
+  # - name: httpx
+  #   community.docker.docker_container:
+  #     image: projectdiscovery/httpx
+  #     name: httpx
+  #     command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
+  #     recreate: true
+  #     auto_remove: true
+  #     volumes:
+  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+  #   become_user: root
+
+  - name: httpx
+    community.docker.docker_container:
+      image: projectdiscovery/httpx
+      name: "{{ item.name }}"
+      command: "{{ item.command }}"
+      recreate: true
+      auto_remove: true
+      volumes: "{{ item.volumes }}"
+    become_user: root
+    loop:
+      - command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
+        name: httpx
+        volumes:
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
+      - command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
+        name: httpx_json
+        volumes:
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
+      - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
+        name: httpx_dashboard
+        volumes:
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+      - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
+        name: httpx_dashboard
+        volumes:
+          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
+    loop_control:
+      #* seconds
+      pause: 60
 
   - ansible.builtin.shell: |
       git config user.email "stephane.gratiasquiquandon@gmail.com"
@@ -107,7 +213,7 @@
       dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }}
       remote_src: true
     loop: 
-      - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
+      # - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
       - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
     delegate_to: scaleway
     when: push_git.changed is true