From e6ed60548397627bf10f561f9438201dbba0a36e Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 21 Apr 2024 02:15:42 +0300 Subject: 2024-04-21 --- modules/nmap.nix | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 modules/nmap.nix (limited to 'modules/nmap.nix') diff --git a/modules/nmap.nix b/modules/nmap.nix new file mode 100644 index 0000000..71b3d0b --- /dev/null +++ b/modules/nmap.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.nmap; +in +{ + options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; + + config = mkIf cfg.enable { + nixfiles.modules.common.shell.aliases = { + nmap-vulners = "nmap -sV --script=vulners/vulners.nse"; + nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse"; + }; + + hm = { + home = { + file = { + ".nmap/scripts/vulners".source = inputs.nmap-vulners; + ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; + }; + + packages = with pkgs; [ + nmap + nmap-formatter + ]; + + activation.regenerateNmapScripts = with pkgs; '' + ${getExe' nmap "nmap"} --script-updatedb + ''; + }; + + systemd.user = { + services.update-nmap-vulscan-lists = { + Service = { + ExecStart = getExe ( + pkgs.writeShellApplication { + name = "update-nmap-vulscan-lists"; + runtimeInputs = [ pkgs.curl ]; + text = '' + declare -a vulscandbs=( + "cve" + "exploitdb" + "openvas" + "osvdb" + "scipvuldb" + "securityfocus" + "securitytracker" + "xforce" + ) + for i in "''${vulscandbs[@]}"; do + curl \ + -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \ + "https://www.computec.ch/projekte/vulscan/download/$i.csv" + done + ''; + } + ); + }; + }; + + timers.update-nmap-vulscan-lists = { + # TODO Figure out how to check for network-online.target for user + # timers. + Timer = { + OnCalendar = "daily"; + Persistent = true; + Unit = "update-nmap-vulscan-lists.service"; + }; + Install.WantedBy = [ "timers.target" ]; + }; + }; + }; + }; +} -- cgit 1.4.1