summaryrefslogtreecommitdiff
path: root/modules/nmap.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nmap.nix')
-rw-r--r--modules/nmap.nix80
1 files changed, 80 insertions, 0 deletions
diff --git a/modules/nmap.nix b/modules/nmap.nix
new file mode 100644
index 0000000..71b3d0b
--- /dev/null
+++ b/modules/nmap.nix
@@ -0,0 +1,80 @@
+{
+ config,
+ lib,
+ pkgs,
+ inputs,
+ ...
+}:
+with lib;
+let
+ cfg = config.nixfiles.modules.nmap;
+in
+{
+ options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap";
+
+ config = mkIf cfg.enable {
+ nixfiles.modules.common.shell.aliases = {
+ nmap-vulners = "nmap -sV --script=vulners/vulners.nse";
+ nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse";
+ };
+
+ hm = {
+ home = {
+ file = {
+ ".nmap/scripts/vulners".source = inputs.nmap-vulners;
+ ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
+ };
+
+ packages = with pkgs; [
+ nmap
+ nmap-formatter
+ ];
+
+ activation.regenerateNmapScripts = with pkgs; ''
+ ${getExe' nmap "nmap"} --script-updatedb
+ '';
+ };
+
+ systemd.user = {
+ services.update-nmap-vulscan-lists = {
+ Service = {
+ ExecStart = getExe (
+ pkgs.writeShellApplication {
+ name = "update-nmap-vulscan-lists";
+ runtimeInputs = [ pkgs.curl ];
+ text = ''
+ declare -a vulscandbs=(
+ "cve"
+ "exploitdb"
+ "openvas"
+ "osvdb"
+ "scipvuldb"
+ "securityfocus"
+ "securitytracker"
+ "xforce"
+ )
+ for i in "''${vulscandbs[@]}"; do
+ curl \
+ -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \
+ "https://www.computec.ch/projekte/vulscan/download/$i.csv"
+ done
+ '';
+ }
+ );
+ };
+ };
+
+ timers.update-nmap-vulscan-lists = {
+ # TODO Figure out how to check for network-online.target for user
+ # timers.
+ Timer = {
+ OnCalendar = "daily";
+ Persistent = true;
+ Unit = "update-nmap-vulscan-lists.service";
+ };
+ Install.WantedBy = [ "timers.target" ];
+ };
+ };
+ };
+ };
+}