From 91fb4f28ef5d87e8bcf7749928d30ba4a9cbbd34 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Sun, 19 Feb 2023 17:50:35 +0300
Subject: 2023-02-19

---
 modules/common/nmap.nix | 84 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 modules/common/nmap.nix

(limited to 'modules/common/nmap.nix')

diff --git a/modules/common/nmap.nix b/modules/common/nmap.nix
new file mode 100644
index 0000000..73f948c
--- /dev/null
+++ b/modules/common/nmap.nix
@@ -0,0 +1,84 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.nmap;
+in {
+  options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap";
+
+  config = mkIf cfg.enable {
+    hm = {
+      home = {
+        file = {
+          ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse";
+          ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
+        };
+
+        packages = with pkgs; [nmap nmap-formatter];
+
+        activation.regenerateNmapScripts = with pkgs; ''
+          ${nmap}/bin/nmap --script-updatedb
+        '';
+      };
+
+      programs.bash = {
+        shellAliases = let
+          base = "${pkgs.nmap}/bin/nmap -sV";
+        in {
+          nmap-vulners = "${base} --script=vulners/vulners.nse";
+          nmap-vulscan = "${base} --script=vulscan/vulscan.nse";
+        };
+        initExtra = mkAfter ''
+          _complete_alias nmap-vulners _nmap nmap
+          _complete_alias nmap-vulscan _nmap nmap
+        '';
+      };
+
+      systemd.user = {
+        services.update-nmap-vulscan-lists = {
+          Service = {
+            ExecStart = let
+              pkg = with pkgs;
+                writeShellApplication {
+                  name = "update-nmap-vulscan-lists";
+                  runtimeInputs = [curl];
+                  text = ''
+                    declare -a vulscandbs=(
+                      "cve"
+                      "exploitdb"
+                      "openvas"
+                      "osvdb"
+                      "scipvuldb"
+                      "securityfocus"
+                      "securitytracker"
+                      "xforce"
+                    )
+                    for i in "''${vulscandbs[@]}"; do
+                      ${curl}/bin/curl \
+                        -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \
+                        "https://www.computec.ch/projekte/vulscan/download/$i.csv"
+                    done
+                  '';
+                };
+            in "${pkg}/bin/update-nmap-vulscan-lists";
+          };
+        };
+
+        timers.update-nmap-vulscan-lists = {
+          # TODO Figure out how to check for network-online.target for user
+          # timers.
+          Timer = {
+            OnCalendar = "daily";
+            Persistent = true;
+            Unit = "update-nmap-vulscan-lists.service";
+          };
+          Install.WantedBy = ["timers.target"];
+        };
+      };
+    };
+  };
+}
-- 
cgit 1.4.1