---
- name: Scan
  hosts: controller
  become: true
  gather_facts: false
  vars: 
  # 163.172.0.0/24
    target_network: 163.172.84.0/24
    ansible_user: stephane 
    ansible_password: stephane 
    ansible_become_password: stephane
    username: jingohalert
    password: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
              66346630333538386564396632636161316239326530653037666465616165393135666532643264
              3037363865363531636635306535663736353734333733340a363639636638396662616538343335
              65366439343135636634393832636436353764303066653530346232323164376265313039373630
              3863613961373430340a303866363962353262623030373061616134303366336237346631383539
              3130
# apt-get install sshpass

# #
# # @author Stéphane Gratias (2021).
#

  pre_tasks:

  # apt install masscan
  - ansible.builtin.command:
      cmd: "masscan {{ target_network }} -p443 --rate=100000"
    become: true
    register: scan443
    # delegate_to: localhost


  # - name: Simple A record (IPV4 address) lookup for example.com
  #   ansible.builtin.debug:
  #     msg: "{{ lookup('community.general.dig', 'example.com.')}}"

  - debug:
      msg: "{{ item.split('on')[-1].strip() }}"
    loop: "{{ scan443.stdout_lines }}"
    #   - "{{ cert.not_after }}"
    #   - "{{ ansible_date_time.iso8601_basic }}"
    tags: test


  - name: Get a cert from an https por
    community.crypto.get_certificate:
      host: "{{ item.split('on')[-1].strip() }}"
      port: 443
    delegate_to: localhost
    run_once: true
    loop: "{{ scan443.stdout_lines }}"
    ignore_errors: true
    register: cert
    tags: test


  # - debug:
  #     msg: "{{ item }}"
  #   loop: "{{ cert.results }}"
  #   # loop: "{{ scan443.stdout_lines }}"
  #   #   - "{{ cert.not_after }}"
  #   #   - "{{ ansible_date_time.iso8601_basic }}"
  #   tags: test

  # - debug:
  #     msg: "{{ item.subject }}"
  #   loop: "{{ cert.results }}"
  #   when: item.subject is defined
  #   # loop: "{{ scan443.stdout_lines }}"
  #   #   - "{{ cert.not_after }}"
  #   #   - "{{ ansible_date_time.iso8601_basic }}"
  #   tags: test
  #   ignore_errors: true



  - name: Set host_interfaces list
    ansible.builtin.set_fact: 
      host_interfaces: "{{ host_interfaces +  [item.subject]}}"
    vars:
      host_interfaces: []
    when: item.subject is defined
    loop: "{{ cert.results }}"


  - debug:
      msg: "{{ host_interfaces }}"


  - name: NTFY when docker compose changed
    uri:
      url: "https://alert.jingoh.fr/scaleway"
      method: POST
      user: "{{ username }}"
      password: "{{ password }}"
      headers:
        Title: "SCAN HTTPS"
        ta: "file_folder"
      body: "{{ target_network }}"
      status_code: 200
    tags: test1
    delegate_to: localhost
      # when: fetch_files_backup.changed is true

      # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl
      # amass enum -passive -d togofirst.com
      # sudo masscan 163.172.0.0/16 -p443 --rate=1000000
      # sublist3r -d fitnetmanager.com