blob: 71b3d0bcb714b7e9573846238ee7af4af3933ad7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
{
config,
lib,
pkgs,
inputs,
...
}:
with lib;
let
cfg = config.nixfiles.modules.nmap;
in
{
options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap";
config = mkIf cfg.enable {
nixfiles.modules.common.shell.aliases = {
nmap-vulners = "nmap -sV --script=vulners/vulners.nse";
nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse";
};
hm = {
home = {
file = {
".nmap/scripts/vulners".source = inputs.nmap-vulners;
".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
};
packages = with pkgs; [
nmap
nmap-formatter
];
activation.regenerateNmapScripts = with pkgs; ''
${getExe' nmap "nmap"} --script-updatedb
'';
};
systemd.user = {
services.update-nmap-vulscan-lists = {
Service = {
ExecStart = getExe (
pkgs.writeShellApplication {
name = "update-nmap-vulscan-lists";
runtimeInputs = [ pkgs.curl ];
text = ''
declare -a vulscandbs=(
"cve"
"exploitdb"
"openvas"
"osvdb"
"scipvuldb"
"securityfocus"
"securitytracker"
"xforce"
)
for i in "''${vulscandbs[@]}"; do
curl \
-o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \
"https://www.computec.ch/projekte/vulscan/download/$i.csv"
done
'';
}
);
};
};
timers.update-nmap-vulscan-lists = {
# TODO Figure out how to check for network-online.target for user
# timers.
Timer = {
OnCalendar = "daily";
Persistent = true;
Unit = "update-nmap-vulscan-lists.service";
};
Install.WantedBy = [ "timers.target" ];
};
};
};
};
}
|