--- - name: Scan hosts: tower become: true gather_facts: false vars: user: staffadmin token: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 35343365393734313034383961616333633265623037303436653739613935366666373237366562 3663316563663439363333396530376139663731346637390a366335333732303134316364363130 30313631343534643866383336623837363433303032376264373139306464313866313034663636 3961303030373531380a343061326437343066663665613833623533376437326630326432363566 37653135666331633532653436656461396131623736353962643632316135633562346631313036 6137356332636431643830666461333862613835336631333037 # 163.172.0.0/24 # 163.172.80.0/28 target_network: 163.172.80.0/28 ansible_user: stephane ansible_password: stephane ansible_become_password: stephane username: jingohalert password: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 66346630333538386564396632636161316239326530653037666465616165393135666532643264 3037363865363531636635306535663736353734333733340a363639636638396662616538343335 65366439343135636634393832636436353764303066653530346232323164376265313039373630 3863613961373430340a303866363962353262623030373061616134303366336237346631383539 3130 # apt-get install sshpass # # # # @author Stéphane Gratias (2021). # # roles: # - { role: geerlingguy.pip, tags: pip } tasks: - ansible.builtin.apt: name: masscan update_cache: true - ansible.builtin.git: repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git dest: "{{ playbook_dir }}/scan" single_branch: yes force: true delegate_to: localhost - ansible.builtin.git: repo: https://github.com/maurosoria/dirsearch.git dest: "/home/stephane/dirsearch" single_branch: yes force: true - name: Install specified python requirements ansible.builtin.pip: requirements: "/home/stephane/dirsearch/requirements.txt" # apt install masscan - ansible.builtin.command: cmd: "masscan {{ target_network }} -p443" become: true register: scan_output # - debug: # msg: "{{ item }}" # loop: "{{ scan_output.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # delegate_to: localhost - name: Get a cert from an https por community.crypto.get_certificate: host: "{{ item.split('on')[-1].strip() }}" port: 443 delegate_to: localhost run_once: true loop: "{{ scan_output.stdout_lines }}" ignore_errors: true register: cert tags: test # # item.subject.CN # - debug: # msg: "{{ item.item.split('on')[-1].strip() }}" # loop: "{{ cert.results }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # delegate_to: localhost # apt install masscan - ansible.builtin.command: cmd: "python3 /home/root/dirsearch/dirsearch.py -u https://{{ item.item.split('on')[-1].strip() }} --max-time 300" become: true loop: "{{ cert.results }}" # vars: # ansible_command_timeout: 500 ignore_errors: true register: fuff #ffuf -w SecLists/Discovery/Web-Content/directory-list-1.0.txt -u https://dstrn.if.ua/FUZZ # # loop: "{{ scan443.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # - debug: # msg: " URL =======> {{ item.subject }} || Host ====> {{ item.invocation.module_args.host }} || port ======> {{ item.invocation.module_args.port }} || proxy_port =========> {{ item.invocation.module_args.proxy_port }}" # loop: "{{ cert.results }}" # when: item.subject is defined # # loop: "{{ scan443.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # ignore_errors: true # delegate_to: localhost # - debug: # msg: "{{ item.stdout.split('\n\nError Log')[0].split('Output File: ')[-1] }}" # loop: "{{ fuff.results }}" # # when: item.stdout_lines is search('200 -') # # loop: "{{ scan443.stdout_lines }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # tags: test # ignore_errors: true # delegate_to: localhost # - debug: # msg: "{{ fuff }}" - ansible.builtin.find: paths: "/home/stephane/reports" recurse: yes register: scan_path # - debug: # msg: "{{ item.path }}" # loop: "{{ scan_path.files }}" # # - "{{ cert.not_after }}" # # - "{{ ansible_date_time.iso8601_basic }}" # delegate_to: localhost - ansible.builtin.fetch: src: "{{ item.path }}" dest: "{{ playbook_dir }}/scan/" flat: false loop: "{{ scan_path.files }}" - debug: msg: "{{ item.path }}" loop: "{{ scan_path.files }}" # - "{{ cert.not_after }}" # - "{{ ansible_date_time.iso8601_basic }}" delegate_to: localhost - ansible.builtin.shell: | git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.name "staffadmin" git add . git commit -m "Push scan with access token" git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git args: chdir: "{{ playbook_dir }}/scan/" run_once: true delegate_to: localhost # https://github.com/danielmiessler/SecLists.git # ffuf -w SecLists/Discovery/Web-Content/raft-small-words.txt -u https://flix.iberica-tv.net/FUZZ # - name: Set host_interfaces list # ansible.builtin.set_fact: # host_interfaces: "{{ host_interfaces + [item.subject]}}" # vars: # host_interfaces: [] # when: item.subject is defined # loop: "{{ cert.results }}" # - debug: # msg: "{{ host_interfaces }}" # - name: NTFY when docker compose changed # uri: # url: "https://alert.jingoh.fr/scaleway" # method: POST # user: "{{ username }}" # password: "{{ password }}" # headers: # Title: "SCAN HTTPS" # ta: "file_folder" # body: "{{ target_network }}" # status_code: 200 # tags: test1 # delegate_to: localhost # when: fetch_files_backup.changed is true # https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl # amass enum -passive -d togofirst.com # sudo masscan 163.172.0.0/16 -p443 --rate=1000000 # sublist3r -d fitnetmanager.com