modules/nmap.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

{
  config,
  lib,
  pkgs,
  inputs,
  ...
}:
with lib;
let
  cfg = config.nixfiles.modules.nmap;
in
{
  options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap";

  config = mkIf cfg.enable {
    nixfiles.modules.common.shell.aliases = {
      nmap-vulners = "nmap -sV --script=vulners/vulners.nse";
      nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse";
    };

    hm = {
      home = {
        file = {
          ".nmap/scripts/vulners".source = inputs.nmap-vulners;
          ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
        };

        packages = with pkgs; [
          nmap
          nmap-formatter
        ];

        activation.regenerateNmapScripts = with pkgs; ''
          ${getExe' nmap "nmap"} --script-updatedb
        '';
      };

      systemd.user = {
        services.update-nmap-vulscan-lists = {
          Service = {
            ExecStart = getExe (
              pkgs.writeShellApplication {
                name = "update-nmap-vulscan-lists";
                runtimeInputs = [ pkgs.curl ];
                text = ''
                  declare -a vulscandbs=(
                    "cve"
                    "exploitdb"
                    "openvas"
                    "osvdb"
                    "scipvuldb"
                    "securityfocus"
                    "securitytracker"
                    "xforce"
                  )
                  for i in "''${vulscandbs[@]}"; do
                    curl \
                      -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \
                      "https://www.computec.ch/projekte/vulscan/download/$i.csv"
                  done
                '';
              }
            );
          };
        };

        timers.update-nmap-vulscan-lists = {
          Timer = {
            OnCalendar = "daily";
            Persistent = true;
            Unit = "update-nmap-vulscan-lists.service";
          };
          Install.WantedBy = [ "timers.target" ];
        };
      };
    };
  };
}