setup_tools.yml

---
- hosts: all
  become: yes
  vars:
    ansible_python_interpreter: /usr/bin/python3
    burpsuite_channel: "Stable"
    burpsuite_edition: "community"
    nodejs_version: "16"
  vars_files:
    - vars.yml

  tasks:
    
    - include_tasks: 'user_details.yml'

    - include_tasks: 'setup_python38.yml'
    - include_tasks: 'setup_nginx.yml'
    - include_tasks: 'setup_node.yml'

    - include_tasks: 'project_clone.yml'

    - name: Tools | Install a list of packages
      apt:
        pkg:
        - squid

    - name: Tools | Configuring SQUID
      copy:
        dest: "/etc/squid/squid.conf"
        owner: root
        group: root
        mode: 0644
        force: yes
        content: |
          cache deny all
          acl localnet src 0.0.0.1-0.255.255.255    # RFC 1122 "this" network (LAN)
          acl localnet src 10.0.0.0/8       # RFC 1918 local private network (LAN)
          acl localnet src 100.64.0.0/10        # RFC 6598 shared address space (CGN)
          acl localnet src 169.254.0.0/16   # RFC 3927 link-local (directly plugged) machines
          acl localnet src 172.16.0.0/12        # RFC 1918 local private network (LAN)
          acl localnet src 192.168.0.0/16       # RFC 1918 local private network (LAN)
          acl localnet src fc00::/7         # RFC 4193 local private network range
          acl localnet src fe80::/10        # RFC 4291 link-local (directly plugged) machines
          acl SSL_ports port 443
          acl Safe_ports port 80        # http
          acl Safe_ports port 21        # ftp
          acl Safe_ports port 443       # https
          acl Safe_ports port 70        # gopher
          acl Safe_ports port 210       # wais
          acl Safe_ports port 1025-65535    # unregistered ports
          acl Safe_ports port 280       # http-mgmt
          acl Safe_ports port 488       # gss-http
          acl Safe_ports port 591       # filemaker
          acl Safe_ports port 777       # multiling http
          acl CONNECT method CONNECT
          http_access deny !Safe_ports
          http_access deny CONNECT !SSL_ports
          http_access deny localhost manager
          http_access deny manager
          include /etc/squid/conf.d/*

          #Auth
          auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
          auth_param basic realm WebAPIAuth

          # ACL
          acl authenticated proxy_auth REQUIRED
          acl webapi dstdomain .webapiexploitation.com.br
          http_access allow authenticated webapi
          http_access deny all

          http_port 48284
          coredump_dir /var/spool/squid
          refresh_pattern ^ftp:     1440    20% 10080
          refresh_pattern ^gopher:  1440    0%  1440
          refresh_pattern -i (/cgi-bin/|\?) 0   0%  0
          refresh_pattern .     0   20% 4320
          visible_hostname student.webapiexploitation.com.br

    - name: Tools | Change squid user password
      shell: htpasswd -bB -c /etc/squid/passwords {{ local_username }} {{ default_password }}
      ignore_errors: no
      become: yes

    - name: Tools | Reload systemd
      ansible.builtin.systemd:
        daemon_reload: yes

    - name: Tools | Enable service squid and ensure it is not masked
      ansible.builtin.systemd:
        name: squid
        enabled: yes
        masked: no

    - name: Tools | Restarting squid
      service:
        name: squid
        state: restarted

    - name: Tools | Create directory home -> Resources
      file:
        path: /home/{{ local_username }}/Desktop/Resources
        state: directory
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
        mode: 0775

    - name: Tools | Create directory home -> Resources -> Android
      file:
        path: /home/{{ local_username }}/Desktop/Resources/Android
        state: directory
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
        mode: 0775

    - name: Tools | Create directory home -> Resources -> Android -> Frida
      file:
        path: /home/{{ local_username }}/Desktop/Resources/Android/Frida
        state: directory
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
        mode: 0775

    - name: Tools | Create directory home -> Resources -> Java
      file:
        path: /home/{{ local_username }}/Desktop/Resources/Java
        state: directory
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
        mode: 0775

    - name: Tools | Download Frida Server v15.0.13
      get_url:
        url: "{{ item.url }}"
        dest: "/home/{{ local_username }}/Desktop/Resources/{{ item.name }}"
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
      with_items:
          - { name: "Android/Frida/frida-server-15.0.13-android-arm.xz", url: "https://github.com/frida/frida/releases/download/15.0.13/frida-server-15.0.13-android-arm.xz" }
          - { name: "Android/Frida/frida-server-15.0.13-android-arm64.xz", url: "https://github.com/frida/frida/releases/download/15.0.13/frida-server-15.0.13-android-arm64.xz" }
          - { name: "Android/Frida/frida-server-15.0.13-android-x86.xz", url: "https://github.com/frida/frida/releases/download/15.0.13/frida-server-15.0.13-android-x86.xz" }
          - { name: "Android/Frida/frida-server-15.0.13-android-x86_64.xz", url: "https://github.com/frida/frida/releases/download/15.0.13/frida-server-15.0.13-android-x86_64.xz" }

    - name: Tools | List downloads files
      ansible.builtin.find:
        paths: /home/{{ local_username }}/Desktop/Resources/Android/Frida
        patterns: '*.xz'
      register: frida_files

    - name: Tools | Extract files
      shell: xz -f -d "{{ item.path }}"
      args:
        chdir: /home/{{ local_username }}/Desktop/Resources/Android/Frida
      loop: "{{ frida_files.files }}"

    - name: Tools | Create directory home -> DeployPackage
      file:
        path: /home/{{ local_username }}/Desktop/DeployPackage
        state: directory
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
        mode: 0775

    - name: Tools | Copy deploy files
      copy:
        src: "{{ item }}"
        dest: /home/{{ local_username }}/Desktop/DeployPackage
        owner: "{{ local_username }}"
        group: "{{ user_details.group }}"
      with_fileglob:
        - ./*.yml

    - name: Tools | Copy Git clone
      shell: 'rsync -av /tmp/web_api/* /home/{{ local_username }}/Desktop/DeployPackage'
      ignore_errors: false
      become: yes

    - name: Tools | Install turbosearch
      ansible.builtin.pip:
        executable: pip3
        name:
          - turbosearch>=0.1.31

    - name: Tools | Install pyccat
      ansible.builtin.pip:
        executable: pip3
        name:
          - pyccat>=0.1.8

    - name: Tools | Install filecrawler
      ansible.builtin.pip:
        executable: pip3
        name:
          - filecrawler>=0.1.8

    - name: Tools | Install sublime repo
      shell: wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -; echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list
      ignore_errors: yes
      become: yes

    - name: Tools | Download/Install sublime
      apt:
        name: sublime-text
        state: present
        update_cache: yes
      ignore_errors: yes
      become: yes

    - name: Tools | Moving Desktop files
      shell: cd /tmp/web_api; rsync -av desktop/* /home/{{ local_username }}/Desktop/
      ignore_errors: false
      become: yes

    - name: Tools | Adjusting permissions
      shell: chown -R {{ local_username }}:{{ local_username }} /home/{{ local_username }}/Desktop/
      ignore_errors: false
      become: yes

    - name: Tools | Postman
      shell: snap install postman
      ignore_errors: false
      become: yes

    - name: Tools | Remove Frida client
      ansible.builtin.pip:
        state: absent
        executable: pip3
        name:
          - frida
          - frida-tools

    - name: Tools | Install Frida client
      ansible.builtin.pip:
        executable: pip3
        name:
          - frida==15.1.17
          - frida-tools==10.8.0

    - name: Tools | Adjusting permissions
      shell: chown -R {{ local_username }}:{{ local_username }} /home/{{ local_username }}/Desktop/
      ignore_errors: false
      become: yes

    - name: Tools | Check if exists Enjarify
      stat:
        path: "/opt/enjarify/enjarify.sh"
      register: enjarify_stats

    - name: Tools | Enjarify
      ignore_errors: false
      become: yes
      shell: |
        git clone https://github.com/Storyyeller/enjarify.git /opt/enjarify
        chmod 777 /opt/enjarify/enjarify.sh
        ln -s /opt/enjarify/enjarify.sh /bin/enjarify
      when: not enjarify_stats.stat.exists

    - name: Tools | Check if exists ysoserial
      stat:
        path: "/opt/ysoserial/ysoserial.sh"
      register: ysoserial_stats

    - name: Tools | Downloading ysoserial
      ignore_errors: false
      become: yes
      shell: |
        mkdir -p /opt/ysoserial
        wget https://github.com/frohoff/ysoserial/releases/download/v0.0.6/ysoserial-all.jar -O /opt/ysoserial/ysoserial.jar
      when: not ysoserial_stats.stat.exists
      
    - name: Tools | Getting JAVA 8 home path
      shell: |
        dirname $(dirname $(readlink -f $(update-alternatives --list java | grep '\-8\-')))
      register: java_home_output

    - name: Tools | Setting JAVA home
      set_fact:
        java_home: "{{ java_home_output.stdout }}"

    - name: Tools | JAVA home
      debug:
        msg: "JAVA home is: {{ java_home }}"

    - name: Tools | Creating executable file
      copy:
        dest: "/opt/ysoserial/ysoserial.sh"
        content: |
          #!/bin/bash
          #

          export JAVA_HOME="{{ java_home }}"
      
          prog="$0"
          while [ -h "${prog}" ]; do
              newProg=`/bin/ls -ld "${prog}"`

              newProg=`expr "${newProg}" : ".* -> \(.*\)$"`
              if expr "x${newProg}" : 'x/' >/dev/null; then
                  prog="${newProg}"
              else
                  progdir=`dirname "${prog}"`
                  prog="${progdir}/${newProg}"
              fi
          done
          oldwd=`pwd`
          progdir=`dirname "${prog}"`
          cd "${progdir}"
          progdir=`pwd`
          prog="${progdir}"/`basename "${prog}"`
          cd "${oldwd}"

          jarfile=ysoserial.jar
          libdir="$progdir"
          if [ ! -r "$libdir/$jarfile" ]
          then
              echo `basename "$prog"`": can't find $jarfile"
              exit 1
          fi

          javaOpts=""

          # If you want DX to have more memory when executing, uncomment the following
          # line and adjust the value accordingly. Use "java -X" for a list of options
          # you can pass here.
          #
          javaOpts="-Xmx512M -Dfile.encoding=utf-8"

          # Alternatively, this will extract any parameter "-Jxxx" from the command line
          # and pass them to Java (instead of to dx). This makes it possible for you to
          # add a command-line parameter such as "-JXmx256M" in your ant scripts, for
          # example.
          while expr "x$1" : 'x-J' >/dev/null; do
              opt=`expr "$1" : '-J\(.*\)'`
              javaOpts="${javaOpts} -${opt}"
              shift
          done

          if [ "$OSTYPE" = "cygwin" ] ; then
              jarpath=`cygpath -w  "$libdir/$jarfile"`
          else
              jarpath="$libdir/$jarfile"
          fi

          # add current location to path for aapt
          PATH=$JAVA_HOME/bin/:$PATH:`pwd`;
          export PATH;
          exec java $javaOpts -jar "$jarpath" "$@"

      when: not ysoserial_stats.stat.exists

    - name: Tools | ysoserial
      ignore_errors: false
      become: yes
      shell: |
        chmod 777 /opt/ysoserial/ysoserial.sh
        ln -s /opt/ysoserial/ysoserial.sh /bin/ysoserial
        cp /opt/ysoserial/ysoserial.sh /home/{{ local_username }}/Desktop/Resources/Java/
        cp /opt/ysoserial/ysoserial.jar /home/{{ local_username }}/Desktop/Resources/Java/
      when: not ysoserial_stats.stat.exists

    - name: Tools | Create directory JD-GUI
      file:
        path: /opt/jd-gui
        state: directory
        owner: "root"
        group: "root"
        mode: 0777

    - name: Tools | Check if JD-GUI is installed
      stat:
        path: "/usr/share/applications/jd-gui.desktop"
      register: jdgui_check

    - name: Tools | Download JD-GUI
      get_url:
        url: "https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar"
        dest: "/opt/jd-gui/jd-gui.jar"
      when: not jdgui_check.stat.exists

    - name: Tools | Download JD-GUI ICON
      get_url:
        url: "https://github.com/java-decompiler/jd-gui/raw/master/src/linux/resources/jd_icon_128.png"
        dest: "/opt/jd-gui/jd-gui.png"
      when: not jdgui_check.stat.exists

    - name: Base | Configuring JD-GUI
      copy:
        dest: "/usr/share/applications/jd-gui.desktop"
        owner: root
        group: root
        mode: 0666
        force: yes
        content: |
          [Desktop Entry]
          Comment=Java Decompiler JD-GUI
          Terminal=false
          Name=JD-GUI
          Exec=java -jar /opt/jd-gui/jd-gui.jar
          Type=Application
          Icon=/opt/jd-gui/jd-gui.png
          MimeType=application/java;application/java-vm;application/java-archive
          StartupWMClass=org-jd-gui-App
      when: not jdgui_check.stat.exists

    - include_tasks: 'setup_burp.yml'