sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd4d3b4c436b6748930c1921ce1a85554445bfd4
semaphore/scan.yml
staffadmin bd4d3b4c43 [Add scan right creds]
2025-08-02 14:22:49 +02:00

189 lines
6.4 KiB
YAML
Raw Blame History

---
- name: Scan
hosts:
- tower
#- localhost
become: true
gather_facts: false
vars:
user: sgratias
user_mail: stephane.gratiasquiquandon@gmail.com
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
30383538646164373137616166636632353964373362323735626239656337306139616265323138
3834383331316466653565323632616163353964643637660a363262383461363234363738613034
64383132373061653337313365333734646635396635313133613861303730303163383764653664
6537633761353939330a356236623265383931643530316430303938303735306536343163323163
62636236346362663036343765363830383738623563613161373637383239623134376163653662
3565333032326133326232326633386332633639373862313463
#TODO target in list
# 163.172.0.0/24
# 163.172.80.0/28
target_network: 147.135.120.20/30
target_port: 20-80
# 163.172.0.0/20
# 163.172.16.0/20
# 163.172.31.0/20
# 163.172.48.0/20
# 163.172.63.254/20
ansible_user: stephane
# ansible_password: stephane
# ansible_become_password: stephane
username: jingohalert
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
66346630333538386564396632636161316239326530653037666465616165393135666532643264
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130
# apt-get install sshpass
# #
# # @author Stéphane Gratias (2021).
#
# roles:
# - { role: geerlingguy.pip, tags: pip }
tasks:
# - ansible.builtin.apt:
# name: masscan
# update_cache: true
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
dest: "{{ playbook_dir }}/scan"
single_branch: yes
force: true
delegate_to: localhost
- ansible.builtin.command:
cmd: "masscan {{ target_network }} -p{{ target_port }}"
#cmd: "/opt/homebrew/bin/masscan {{ target_network }} -p{{ target_port }}"
become: true
register: scan_output
# when: target_port is not list
# pause
- debug:
msg: "{{ item.split('/')[0].split(' ')[-1]|int }}"
loop: "{{ scan_output.stdout_lines }}"
- community.crypto.get_certificate:
host: "{{ item.split('on')[-1].strip() }}"
#port: 443
port: "{{ item.split('/')[0].split(' ')[-1]|int }}"
asn1_base64: true
delegate_to: localhost
run_once: true
loop: "{{ scan_output.stdout_lines }}"
ignore_errors: true
register: cert
tags: test
- ansible.builtin.command: "nc -v -w 1 {{ item.split('on')[-1].strip() }} {{ item.split('/')[0].split(' ')[-1]|int }}"
register: nc_port
ignore_errors: true
loop: "{{ scan_output.stdout_lines }}"
- debug:
# msg: "{{ item.subject.CN }}"
msg: "{{ item }}"
loop: "{{ nc_port.results }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- ansible.builtin.set_fact:
nc_port_list: "{{ nc_port_list|default([]) + [item.stderr_lines + item.stdout_lines]}}"
loop: "{{ nc_port.results }}"
#! remove run once when network range > 24
#! take time, can be better
- ansible.builtin.file:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
state: directory
loop: "{{ cert.results }}"
# run_once: true
when: item.invocation is defined
#! take time, can be better
- ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
line: "IP,PORT,SERVICE,CN,ISSUER COUNTRY,ISSUER ORGA"
insertbefore: BOF
create: yes
loop: "{{ cert.results }}"
# loop_control:
# index_var: my_idx
delegate_to: localhost
#run_once: true
when:
- item.invocation is defined
# - cert.results[my_idx].invocation.module_args.host.split('.')[2] != cert.results[my_idx+1].invocation.module_args.host.split('.')[2]
- ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}.csv"
line: "{{ item.invocation.module_args.host }},{{ item.invocation.module_args.port }},{{ nc_port_list[my_idx] | join (' ') |default('no service ??') }}, {{ item.subject.CN | default('no CN') }},{{ item.issuer.C | default('no issuer Country') }},{{ item.issuer.O| default('no issuer Orga') }}"
create: yes
state: present
loop: "{{ cert.results }}"
loop_control:
index_var: my_idx
delegate_to: localhost
when: item.invocation is defined
- ansible.builtin.shell: |
git config user.email "{{ user_mail }}"
git config user.name "{{ user }}"
git add .
git commit -m "Push scan with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
args:
chdir: "{{ playbook_dir }}/scan/"
run_once: true
delegate_to: localhost
- community.docker.docker_container_exec:
container: scan
command: gowitness scan single --url "https://{{ item.subject.CN }}" --write-db
chdir: /data
loop: "{{ cert.results }}"
when:
- item.subject.CN is defined
- "'*' not in item.subject.CN"
- community.docker.docker_container_exec:
container: scan
command: gowitness scan single --url "http://{{ item.invocation.module_args.host }}:{{ item.invocation.module_args.port }}" --write-db
chdir: /data
loop: "{{ cert.results }}"
when:
- item.subject.CN is not defined
- screenshot_all|default(false) is true
# gowitness scan single --url "https://nuage.monassa.fr" --write-db
# - debug:
# msg: "{{ host_interfaces }}"
- name: NTFY when docker compose changed
uri:
url: "https://alert.jingoh.fr/scaleway"
method: POST
user: "{{ username }}"
password: "{{ password }}"
headers:
Title: "SCAN {{ target_port }}"
ta: "file_folder"
body: "{{ target_network }}"
status_code: 200
tags: test1
delegate_to: localhost
Reference in New Issue View Git Blame Copy Permalink