From 2bfe16c0de16a2fdf43fd710ec3c8363d81e5442 Mon Sep 17 00:00:00 2001 From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com> Date: Wed, 2 Oct 2024 19:41:30 +0530 Subject: [PATCH] add ansible playbook for native-setup --- setup/ansible/README.md | 44 +++++ setup/ansible/native-setup.yml | 6 + setup/ansible/roles/native-setup/README.md | 41 ++++ .../roles/native-setup/defaults/main.yml | 2 + .../roles/native-setup/handlers/main.yml | 2 + .../ansible/roles/native-setup/meta/main.yml | 34 ++++ .../native-setup/tasks/install-tools.yml | 186 ++++++++++++++++++ .../ansible/roles/native-setup/tasks/main.yml | 65 ++++++ .../roles/native-setup/tests/inventory | 2 + .../ansible/roles/native-setup/tests/test.yml | 5 + .../ansible/roles/native-setup/vars/main.yml | 2 + 11 files changed, 389 insertions(+) create mode 100644 setup/ansible/README.md create mode 100644 setup/ansible/native-setup.yml create mode 100644 setup/ansible/roles/native-setup/README.md create mode 100644 setup/ansible/roles/native-setup/defaults/main.yml create mode 100644 setup/ansible/roles/native-setup/handlers/main.yml create mode 100644 setup/ansible/roles/native-setup/meta/main.yml create mode 100644 setup/ansible/roles/native-setup/tasks/install-tools.yml create mode 100644 setup/ansible/roles/native-setup/tasks/main.yml create mode 100644 setup/ansible/roles/native-setup/tests/inventory create mode 100644 setup/ansible/roles/native-setup/tests/test.yml create mode 100644 setup/ansible/roles/native-setup/vars/main.yml diff --git a/setup/ansible/README.md b/setup/ansible/README.md new file mode 100644 index 0000000..8b34907 --- /dev/null +++ b/setup/ansible/README.md @@ -0,0 +1,44 @@ +# Ansible Setup + +Configures mantis dependencies on ubuntu x86_64 arch + +## Configuration + +### Ansible hosts/nodes + +* They must have python3 installed + + ```bash + sudo apt install python3 -y + ``` + +### Ansible Controller + +* Python deps + + ```bash + python3 -m pip install ansible ansible-core + ``` + +* Generate host file `hosts` + + ```txt + [mantisnodes] + mantis-node-1 ansible_host=192.168.0.105 ansible_user=root + mantis-node-2 ansible_host=192.168.0.107 ansible_user=root + mantis-node-3 ansible_host=192.168.0.109 ansible_user=root + ``` + + > Please ensure that ansible controller is able to ssh into the `mantisnodes` as `root` user using its private key + +* Test connectivity with hosts + + ```bash + ansible all -m ping + ``` + +* Run playbook + + ```bash + ansible-playbook -i hosts native-setup.yml + ``` diff --git a/setup/ansible/native-setup.yml b/setup/ansible/native-setup.yml new file mode 100644 index 0000000..f9185b0 --- /dev/null +++ b/setup/ansible/native-setup.yml @@ -0,0 +1,6 @@ +--- + +- hosts: mantisnodes + become: true + roles: + - { role : "native-setup" } diff --git a/setup/ansible/roles/native-setup/README.md b/setup/ansible/roles/native-setup/README.md new file mode 100644 index 0000000..567e30d --- /dev/null +++ b/setup/ansible/roles/native-setup/README.md @@ -0,0 +1,41 @@ +native-setup +========= + +Role `native-setup` configures + +Requirements +------------ + +* ubuntu machine (x86_64 arch) +* python3 + + + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + ```yaml + - hosts: mantisnodes + roles: + - { role: native-setup } + ``` + +License +------- + +[Apache 2.0](/LICENSE) + +Author Information +------------------ + +* [dmdhrumilmistry](https://github.com/dmdhrumilmistry) diff --git a/setup/ansible/roles/native-setup/defaults/main.yml b/setup/ansible/roles/native-setup/defaults/main.yml new file mode 100644 index 0000000..a9c7d90 --- /dev/null +++ b/setup/ansible/roles/native-setup/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for native-setup diff --git a/setup/ansible/roles/native-setup/handlers/main.yml b/setup/ansible/roles/native-setup/handlers/main.yml new file mode 100644 index 0000000..e8a5b02 --- /dev/null +++ b/setup/ansible/roles/native-setup/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for native-setup diff --git a/setup/ansible/roles/native-setup/meta/main.yml b/setup/ansible/roles/native-setup/meta/main.yml new file mode 100644 index 0000000..6999a76 --- /dev/null +++ b/setup/ansible/roles/native-setup/meta/main.yml @@ -0,0 +1,34 @@ +galaxy_info: + author: dmdhrumilmistry + description: Configures requirements for running mantis on ubuntu machines + # company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: Apache-2.0 + + min_ansible_version: "2.1" + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/setup/ansible/roles/native-setup/tasks/install-tools.yml b/setup/ansible/roles/native-setup/tasks/install-tools.yml new file mode 100644 index 0000000..a6c412b --- /dev/null +++ b/setup/ansible/roles/native-setup/tasks/install-tools.yml @@ -0,0 +1,186 @@ +--- +- name: Install Amass + block: + - name: Download Amass + get_url: + url: https://github.com/owasp-amass/amass/releases/download/v4.1.0/amass_Linux_amd64.zip + dest: /tmp/amass.zip + + - name: Unzip Amass + unarchive: + src: /tmp/amass.zip + dest: /tmp/ + remote_src: yes + extra_opts: ["-j"] + + - name: Move Amass to /usr/bin + command: mv /tmp/amass /usr/bin/amass + + - name: Ensure /usr/bin/amass is executable + file: + path: /usr/bin/amass + mode: "0755" + state: file + +- name: Install Subfinder + block: + - name: Download Subfinder + get_url: + url: https://github.com/projectdiscovery/subfinder/releases/download/v2.6.3/subfinder_2.6.3_linux_amd64.zip + dest: /tmp/subfinder.zip + + - name: Unzip Subfinder + unarchive: + src: /tmp/subfinder.zip + dest: /tmp/ + remote_src: yes + extra_opts: ["-j"] + + - name: Move Subfinder to /usr/bin + command: mv /tmp/subfinder /usr/bin/subfinder + + - name: Ensure /usr/bin/subfinder is executable + file: + path: /usr/bin/subfinder + mode: "0755" + state: file + +- name: Install Httpx + block: + - name: Download Httpx + get_url: + url: https://github.com/projectdiscovery/httpx/releases/download/v1.3.7/httpx_1.3.7_linux_amd64.zip + dest: /tmp/httpx.zip + + - name: Unzip Httpx + unarchive: + src: /tmp/httpx.zip + dest: /tmp/ + remote_src: yes + extra_opts: ["-j"] + + - name: Move Httpx to /usr/bin + command: mv /tmp/httpx /usr/bin/httpx + + - name: Ensure /usr/bin/httpx is executable + file: + path: /usr/bin/httpx + mode: "0755" + state: file + +- name: Install Naabu + block: + - name: Download Naabu + get_url: + url: https://github.com/projectdiscovery/naabu/releases/download/v2.1.9/naabu_2.1.9_linux_amd64.zip + dest: /tmp/naabu.zip + + - name: Unzip Naabu + unarchive: + src: /tmp/naabu.zip + dest: /tmp/ + remote_src: yes + extra_opts: ["-j"] + + - name: Move Naabu to /usr/bin + command: mv /tmp/naabu /usr/bin/naabu + + - name: Ensure /usr/bin/naabu is executable + file: + path: /usr/bin/naabu + mode: "0755" + state: file + +- name: Install Nuclei + block: + - name: Download Nuclei + get_url: + url: https://github.com/projectdiscovery/nuclei/releases/download/v3.0.4/nuclei_3.0.4_linux_amd64.zip + dest: /tmp/nuclei.zip + + - name: Unzip Nuclei + unarchive: + src: /tmp/nuclei.zip + dest: /tmp/ + remote_src: yes + extra_opts: ["-j"] + + - name: Move Nuclei to /usr/bin + command: mv /tmp/nuclei /usr/bin/nuclei + + - name: Ensure /usr/bin/nuclei is executable + file: + path: /usr/bin/nuclei + mode: "0755" + state: file + +- name: Install Gitleaks + block: + - name: Download Gitleaks + get_url: + url: https://github.com/gitleaks/gitleaks/releases/download/v8.18.1/gitleaks_8.18.1_linux_x64.tar.gz + dest: /tmp/gitleaks.tar.gz + + - name: Extract Gitleaks + unarchive: + src: /tmp/gitleaks.tar.gz + dest: /tmp/ + remote_src: yes + + - name: Move Gitleaks to /usr/bin + command: mv /tmp/gitleaks /usr/bin/gitleaks + + - name: Ensure /usr/bin/gitleaks is executable + file: + path: /usr/bin/gitleaks + mode: "0755" + state: file + +- name: Install gau + block: + - name: Download gau tarball + get_url: + url: https://github.com/lc/gau/releases/download/v2.2.1/gau_2.2.1_linux_amd64.tar.gz + dest: /tmp/gau.tar.gz + + - name: Extract gau tarball + unarchive: + src: /tmp/gau.tar.gz + dest: /tmp/ + remote_src: yes + + - name: Move gau to /usr/bin + command: mv /tmp/gau /usr/bin/gau + + - name: Ensure /usr/bin/gau is executable + file: + path: /usr/bin/gau + mode: "0755" + state: file + +- name: Install Corsy + block: + - name: Download Corsy zip + get_url: + url: https://github.com/s0md3v/Corsy/archive/refs/tags/1.0-rc.zip + dest: /tmp/1.0-rc.zip + + - name: Unzip Corsy + unarchive: + src: /tmp/1.0-rc.zip + dest: /tmp + remote_src: yes + + - name: Move Corsy to /usr/bin + command: mv /tmp/Corsy-1.0-rc /usr/bin/Corsy + +- name: Install IPinfo + block: + - name: Download IPinfo deb package + get_url: + url: https://github.com/ipinfo/cli/releases/download/ipinfo-3.2.0/ipinfo_3.2.0.deb + dest: /tmp/ipinfo_3.2.0.deb + + - name: Install IPinfo deb package + apt: + deb: /tmp/ipinfo_3.2.0.deb \ No newline at end of file diff --git a/setup/ansible/roles/native-setup/tasks/main.yml b/setup/ansible/roles/native-setup/tasks/main.yml new file mode 100644 index 0000000..4706925 --- /dev/null +++ b/setup/ansible/roles/native-setup/tasks/main.yml @@ -0,0 +1,65 @@ +--- +# tasks file for native-setup +- name: Install aptitude + apt: + name: aptitude + state: latest + update_cache: true + +- name: Add deadsnakes PPA for Python 3.9 + apt_repository: + repo: ppa:deadsnakes/ppa + +- name: Install required system packages + apt: + pkg: + - apt-transport-https + - ca-certificates + - curl + - gcc + - git + - gnupg + - libpcap-dev + - dnsutils + - python3.9 + - python3.9-dev + - python3-pip + - python3-setuptools + - python3-requests + - unzip + - software-properties-common + - wget + state: latest + update_cache: true + +- name: Add ~/.local/bin to PATH in ~/.bashrc + lineinfile: + path: ~/.bashrc + line: "export PATH='$HOME/.local/bin:$PATH'" + create: yes + state: present + +- name: Reload ~/.bashrc + shell: source ~/.bashrc + args: + executable: /bin/bash + +- include_tasks: install-tools.yml + +- name: Install pip dependencies + pip: + name: + - "dnspython<=2.0.0" + - "dnstwist[full]" + - ipwhois + - wafw00f + - "git+https://github.com/cisagov/findcdn.git" + +- name: Download requirements + get_url: + url: https://raw.githubusercontent.com/PhonePe/mantis/refs/heads/main/requirements.txt + dest: /tmp/mantis-requirements.txt + +- name: Install Python dependencies + pip: + requirements: /tmp/mantis-requirements.txt diff --git a/setup/ansible/roles/native-setup/tests/inventory b/setup/ansible/roles/native-setup/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/setup/ansible/roles/native-setup/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/setup/ansible/roles/native-setup/tests/test.yml b/setup/ansible/roles/native-setup/tests/test.yml new file mode 100644 index 0000000..ed20304 --- /dev/null +++ b/setup/ansible/roles/native-setup/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - native-setup diff --git a/setup/ansible/roles/native-setup/vars/main.yml b/setup/ansible/roles/native-setup/vars/main.yml new file mode 100644 index 0000000..314654d --- /dev/null +++ b/setup/ansible/roles/native-setup/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for native-setup