--- - name: Scan hosts: localhost become: true gather_facts: false vars: user: staffadmin token: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 35343365393734313034383961616333633265623037303436653739613935366666373237366562 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 30313631343534643866383336623837363433303032376264373139306464313866313034663636 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 37653135666331633532653436656461396131623736353962643632316135633562346631313036 6137356332636431643830666461333862613835336631333037 # 163.172.0.0/24 target_network: 163.172.80.0/28 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane username: jingohalert password: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 66346630333538386564396632636161316239326530653037666465616165393135666532643264 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 # apt-get install sshpass # # # # @author Stéphane Gratias (2021). # pre_tasks: - ansible.builtin.git: repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git dest: "{{ playbook_dir }}/scan" single_branch: yes force: true delegate_to: localhost # - ansible.builtin.git: # repo: https://github.com/danielmiessler/SecLists.git # dest: "{{ playbook_dir }}/SecLists" # single_branch: yes # force: true # delegate_to: localhost # apt install masscan - ansible.builtin.command: cmd: "masscan {{ target_network }} -p443" become: true register: scan_output delegate_to: localhost - debug: msg: "{{ item }}" loop: "{{ scan_output.stdout_lines }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test delegate_to: localhost - name: Get a cert from an https por community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" port: 443 delegate_to: localhost run_once: true loop: "{{ scan_output.stdout_lines }}" ignore_errors: true register: cert tags: test # item.subject.CN - debug: msg: "{{ item.item.split('on')[-1].strip() }}" loop: "{{ cert.results }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test delegate_to: localhost # apt install masscan - ansible.builtin.command: cmd: " dirsearch -u https://{{ item.item.split('on')[-1].strip() }} -i 200 -t 100" become: true loop: "{{ cert.results }}" ignore_errors: true register: fuff delegate_to: localhost #ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ # - debug: # msg: "{{ item }}" # loop: "{{ cert.results }}" # # loop: "{{ scan443.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test - debug: msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" loop: "{{ cert.results }}" when: item.subject is defined # loop: "{{ scan443.stdout_lines }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test ignore_errors: true delegate_to: localhost - debug: msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" loop: "{{ fuff.results }}" # when: item.stdout_lines is search('200 -') # loop: "{{ scan443.stdout_lines }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" tags: test ignore_errors: true delegate_to: localhost - name: Copy a "sudoers" file on the remote machine for editing ansible.builtin.copy: src: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" dest: "{{ playbook_dir }}/scan/{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1].split('/')[-2] }}" remote_src: yes loop: "{{ fuff.results }}" delegate_to: localhost - name: Push backup to git ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" git add . git commit -m "Push scan with access token" git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git args: chdir: "{{ playbook_dir }}/scan/" run_once: true delegate_to: localhost # https://github.com/danielmiessler/SecLists.git # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ # - name: Set host_interfaces list # ansible.builtin.set_fact: # host_interfaces: "{{ host_interfaces + [item.subject]}}" # vars: # host_interfaces: [] # when: item.subject is defined # loop: "{{ cert.results }}" # - debug: # msg: "{{ host_interfaces }}" # - name: NTFY when docker compose changed # uri: # url: "https://alert.jingoh.fr/scaleway" # method: POST # user: "{{ username }}" # password: "{{ password }}" # headers: # Title: "SCAN HTTPS" # ta: "file_folder" # body: "{{ target_network }}" # status_code: 200 # tags: test1 # delegate_to: localhost # when: fetch_files_backup.changed is true # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl # amass enum -passive -d togofirst.com # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 # sublist3r -d fitnetmanager.com