--- - name: Scan hosts: tower become: true gather_facts: false vars: # 163.172.0.0/24 target_network: 163.172.83.0/24 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane username: jingohalert password: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 66346630333538386564396632636161316239326530653037666465616165393135666532643264 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 # apt-get install sshpass # # # # @author Stéphane Gratias (2021). # pre_tasks: - ansible.builtin.git: repo: https://github.com/danielmiessler/SecLists.git dest: "{{ playbook_dir }}/SecLists" single_branch: yes force: true delegate_to: localhost # apt install masscan - ansible.builtin.command: cmd: "masscan {{ target_network }} -p443 --rate=100000" become: true register: scan_output delegate_to: localhost # # - name: Simple A record (IPV4 address) lookup for example.com # # ansible.builtin.debug: # # msg: "{{ lookup('community.general.dig', 'example.com.')}}" # - debug: # msg: "{{ item.split('on')[-1].strip() }}" # loop: "{{ scan_output.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # - debug: # msg: "{{ item }}" # loop: "{{ scan_output.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test - name: Get a cert from an https por community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" port: 443 delegate_to: localhost run_once: true loop: "{{ scan_output.stdout_lines }}" ignore_errors: true register: cert tags: test # apt install masscan - ansible.builtin.command: cmd: "ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u https://{{ item.split('on')[-1].strip() }}/FUZZ -s" become: true loop: "{{ scan_output.stdout_lines }}" ignore_errors: true register: fuff delegate_to: localhost #ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ # - debug: # msg: "{{ item }}" # loop: "{{ cert.results }}" # # loop: "{{ scan443.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test - debug: msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" loop: "{{ cert.results }}" when: item.subject is defined # loop: "{{ scan443.stdout_lines }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test ignore_errors: true - debug: msg: " host: {{ item.cmd }} ||||||| chemin : {{ item.stdout_lines }}" loop: "{{ fuff.results }}" # when: item.subject is defined # loop: "{{ scan443.stdout_lines }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test ignore_errors: true # https://github.com/danielmiessler/SecLists.git # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ # - name: Set host_interfaces list # ansible.builtin.set_fact: # host_interfaces: "{{ host_interfaces + [item.subject]}}" # vars: # host_interfaces: [] # when: item.subject is defined # loop: "{{ cert.results }}" # - debug: # msg: "{{ host_interfaces }}" # - name: NTFY when docker compose changed # uri: # url: "https://alert.jingoh.fr/scaleway" # method: POST # user: "{{ username }}" # password: "{{ password }}" # headers: # Title: "SCAN HTTPS" # ta: "file_folder" # body: "{{ target_network }}" # status_code: 200 # tags: test1 # delegate_to: localhost # when: fetch_files_backup.changed is true # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl # amass enum -passive -d togofirst.com # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 # sublist3r -d fitnetmanager.com