161 lines
5.1 KiB
YAML
161 lines
5.1 KiB
YAML
---
|
|
- name: Scan
|
|
hosts: scale01
|
|
become: true
|
|
gather_facts: false
|
|
vars:
|
|
|
|
user: staffadmin
|
|
token: !vault |
|
|
$ANSIBLE_VAULT;1.2;AES256;prod
|
|
35343365393734313034383961616333633265623037303436653739613935366666373237366562
|
|
3663316563663439363333396530376139663731346637390a366335333732303134316364363130
|
|
30313631343534643866383336623837363433303032376264373139306464313866313034663636
|
|
3961303030373531380a343061326437343066663665613833623533376437326630326432363566
|
|
37653135666331633532653436656461396131623736353962643632316135633562346631313036
|
|
6137356332636431643830666461333862613835336631333037
|
|
#TODO target in list
|
|
# 163.172.0.0/24
|
|
# 163.172.80.0/28
|
|
target_network: 163.172.16.0/20
|
|
# 163.172.0.0/20
|
|
# 163.172.16.0/20
|
|
# 163.172.31.0/20
|
|
# 163.172.48.0/20
|
|
# 163.172.63.254/20
|
|
ansible_user: stephane
|
|
ansible_password: stephane
|
|
ansible_become_password: stephane
|
|
username: jingohalert
|
|
password: !vault |
|
|
$ANSIBLE_VAULT;1.2;AES256;prod
|
|
66346630333538386564396632636161316239326530653037666465616165393135666532643264
|
|
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
|
|
65366439343135636634393832636436353764303066653530346232323164376265313039373630
|
|
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
|
|
3130
|
|
# apt-get install sshpass
|
|
|
|
# #
|
|
# # @author Stéphane Gratias (2021).
|
|
#
|
|
|
|
|
|
# roles:
|
|
# - { role: geerlingguy.pip, tags: pip }
|
|
tasks:
|
|
|
|
|
|
- ansible.builtin.apt:
|
|
name: masscan
|
|
update_cache: true
|
|
|
|
- ansible.builtin.git:
|
|
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
|
|
dest: "{{ playbook_dir }}/scan"
|
|
single_branch: yes
|
|
force: true
|
|
delegate_to: localhost
|
|
|
|
# apt install masscan
|
|
- ansible.builtin.command:
|
|
cmd: "masscan {{ target_network }} -p443"
|
|
become: true
|
|
register: scan_output
|
|
# pause
|
|
|
|
|
|
# - debug:
|
|
# msg: "{{ item }}"
|
|
# loop: "{{ scan_output.stdout_lines }}"
|
|
# # - "{{ cert.not_after }}"
|
|
# # - "{{ ansible_date_time.iso8601_basic }}"
|
|
# tags: test
|
|
# delegate_to: localhost
|
|
|
|
- name: Get a cert from an https port
|
|
community.crypto.get_certificate:
|
|
host: "{{ item.split('on')[-1].strip() }}"
|
|
port: 443
|
|
delegate_to: localhost
|
|
run_once: true
|
|
loop: "{{ scan_output.stdout_lines }}"
|
|
ignore_errors: true
|
|
register: cert
|
|
tags: test
|
|
|
|
|
|
# item.subject.CN
|
|
- debug:
|
|
# msg: "{{ item.subject.CN }}"
|
|
msg: "{{ item.invocation.module_args.host}}"
|
|
loop: "{{ cert.results }}"
|
|
# - "{{ cert.not_after }}"
|
|
# - "{{ ansible_date_time.iso8601_basic }}"
|
|
tags: test
|
|
delegate_to: localhost
|
|
|
|
|
|
- name: Change file ownership, group and permissions
|
|
ansible.builtin.file:
|
|
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
|
|
state: directory
|
|
loop: "{{ cert.results }}"
|
|
|
|
- name: Add a line to a file if the file does not exist, without passing regexp
|
|
ansible.builtin.lineinfile:
|
|
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}"
|
|
line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}"
|
|
create: yes
|
|
loop: "{{ cert.results }}"
|
|
delegate_to: localhost
|
|
|
|
|
|
# - name: Copy file with owner and permissions
|
|
# ansible.builtin.copy:
|
|
# dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}"
|
|
# content: |
|
|
# "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}"
|
|
# loop: "{{ cert.results }}"
|
|
# delegate_to: localhost
|
|
|
|
# # item.subject.CN
|
|
# - debug:
|
|
# msg: "{{ item.item.split('on')[-1].strip() }}"
|
|
# loop: "{{ cert.results }}"
|
|
# # - "{{ cert.not_after }}"
|
|
# # - "{{ ansible_date_time.iso8601_basic }}"
|
|
# tags: test
|
|
# delegate_to: localhost
|
|
|
|
- ansible.builtin.shell: |
|
|
git config user.email "stephane.gratiasquiquandon@gmail.com"
|
|
git config user.name "staffadmin"
|
|
git add .
|
|
git commit -m "Push scan with access token"
|
|
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
|
|
args:
|
|
chdir: "{{ playbook_dir }}/scan/"
|
|
run_once: true
|
|
delegate_to: localhost
|
|
|
|
|
|
# - debug:
|
|
# msg: "{{ host_interfaces }}"
|
|
|
|
|
|
# - name: NTFY when docker compose changed
|
|
# uri:
|
|
# url: "https://alert.jingoh.fr/scaleway"
|
|
# method: POST
|
|
# user: "{{ username }}"
|
|
# password: "{{ password }}"
|
|
# headers:
|
|
# Title: "SCAN HTTPS "
|
|
# ta: "file_folder"
|
|
# body: "{{ target_network }}"
|
|
# status_code: 200
|
|
# tags: test1
|
|
# delegate_to: localhost
|
|
# when: fetch_files_backup.changed is true
|