scan_new_assets.yml

---
- name: Add New Asset and Perform Security Scan
  hosts: localhost
  gather_facts: true

  tasks:

  - name: "Add target servers to site"
    uri:
      url: "{{ nexpose_base_api }}/sites/{{ site_id }}/assets"
      method: POST
      user: "{{ nexpose_username }}"
      password: "{{ nexpose_password }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Content-Type: application/json
        Accept: application/json
      body: "{{ lookup('template','templates/add_asset.json.j2') }}"
      body_format: json
      status_code: 201
      return_content: yes
    register: add_target
    loop: "{{target_servers}}"

  - name: "Include target servers to site"
    uri:
      url: "{{ nexpose_base_api }}/sites/{{ site_id }}/included_targets"
      method: POST
      user: "{{ nexpose_username }}"
      password: "{{ nexpose_password }}"
      force_basic_auth: yes
      status_code: 201
      validate_certs: no
      http_agent: chrome
      headers:
        Content-Type: application/json
        Accept: application/json
      body: "{{ lookup('template','templates/include_asset.json.j2') }}"
      body_format: json
      return_content: yes
    register: include_target
    loop: "{{target_servers}}"

  - set_fact:
      scanned_servers: "{{ (scanned_servers | default([])) + [item.name] }}"
    loop: "{{target_servers}}"

  - name: Scan Target
    uri:
      url: "{{ nexpose_base_api }}/sites/{{ site_id }}/scans"
      method: POST
      user: "{{ nexpose_username }}"
      password: "{{ nexpose_password }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Content-Type: application/json
        Accept: application/json
      body: "{{ lookup('template','templates/scan_asset.json.j2') }}"
      body_format: json
      status_code: 201
      return_content: yes
    register: scan_target

  - name: Check Scan Result
    uri:
      url: "{{ nexpose_base_api }}/scans/{{ scan_target.json.id }}"
      user: "{{ nexpose_username }}"
      password: "{{ nexpose_password }}"
      force_basic_auth: yes
      validate_certs: no
      return_content: yes
    register: check_scan_results
    until: check_scan_results.json.status == 'finished'
    retries: 60
    delay: 30
  

  - name: Get Asset Vulnerabilities
    uri:
      url: "{{ nexpose_base_api }}/assets/{{ item.json.id }}/vulnerabilities?size={{ nexpose_vulnerabilities_records_per_page }}"
      user: "{{ nexpose_username }}"
      password: "{{ nexpose_password }}"
      force_basic_auth: yes
      validate_certs: no
      return_content: yes
    register: get_asset_vulnerabilities
    loop: "{{add_target.results}}"

  - name: Clean Up Reports Directory if it exists
    file:
      path: reports
      state: absent

  - name: Create Reports Directory
    file:
      path: reports/{{item.item.item.name}}
      state: directory
      mode: 0755
    loop: "{{get_asset_vulnerabilities.results}}"

  - name: Create VM Vulnerabilities Report
    template:
      src: vulnerability_report.html.j2
      dest: reports/{{ item.item.item.name }}/vulnerability_report.html
    loop: "{{get_asset_vulnerabilities.results}}"

  - name: Send Email with Report
    mail:
      host: smtp.gmail.com
      port: 587
      username: "{{ gmail_account }}"
      password: "{{ gmail_account_password }}"
      to: Rahmat Agung <agung@btech.id>
      subject: "Ansible Report - {{ item.item.item.name }}"
      body: "The vunlerabilities report of {{ item.item.item.name }} can found in the attached file"
      attach:
       - reports/{{ item.item.item.name }}/vulnerability_report.html
    loop: "{{get_asset_vulnerabilities.results}}"

  - name: Clean Up Reports Directory
    file:
      path: reports
      state: absent