2024-04-21

1 files changed, 80 insertions, 0 deletions

diff --git a/modules/nmap.nix b/modules/nmap.nix
new file mode 100644
index 0000000..71b3d0b
--- /dev/null
+++ b/modules/nmap.nix
@@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.nmap;
+in
+{
+  options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap";
+
+  config = mkIf cfg.enable {
+    nixfiles.modules.common.shell.aliases = {
+      nmap-vulners = "nmap -sV --script=vulners/vulners.nse";
+      nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse";
+    };
+
+    hm = {
+      home = {
+        file = {
+          ".nmap/scripts/vulners".source = inputs.nmap-vulners;
+          ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
+        };
+
+        packages = with pkgs; [
+          nmap
+          nmap-formatter
+        ];
+
+        activation.regenerateNmapScripts = with pkgs; ''
+          ${getExe' nmap "nmap"} --script-updatedb
+        '';
+      };
+
+      systemd.user = {
+        services.update-nmap-vulscan-lists = {
+          Service = {
+            ExecStart = getExe (
+              pkgs.writeShellApplication {
+                name = "update-nmap-vulscan-lists";
+                runtimeInputs = [ pkgs.curl ];
+                text = ''
+                  declare -a vulscandbs=(
+                    "cve"
+                    "exploitdb"
+                    "openvas"
+                    "osvdb"
+                    "scipvuldb"
+                    "securityfocus"
+                    "securitytracker"
+                    "xforce"
+                  )
+                  for i in "''${vulscandbs[@]}"; do
+                    curl \
+                      -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \
+                      "https://www.computec.ch/projekte/vulscan/download/$i.csv"
+                  done
+                '';
+              }
+            );
+          };
+        };
+
+        timers.update-nmap-vulscan-lists = {
+          # TODO Figure out how to check for network-online.target for user
+          # timers.
+          Timer = {
+            OnCalendar = "daily";
+            Persistent = true;
+            Unit = "update-nmap-vulscan-lists.service";
+          };
+          Install.WantedBy = [ "timers.target" ];
+        };
+      };
+    };
+  };
+}