Introduction

In the rapidly evolving landscape of cybersecurity, regular vulnerability assessments are essential to identify and mitigate potential security risks. The Terrapin Vulnerability Scanner, developed by the RUB-NDS research group, offers a powerful tool for scanning and evaluating the security posture of systems. In this article, we explore how Ansible, a popular automation tool, can be leveraged to streamline the process of deploying and executing the Terrapin Scanner.

Understanding the Ansible Playbook

The provided Ansible playbook is a set of instructions written in YAML format, defining a sequence of tasks to be executed on remote hosts. Let’s break down the key components of the playbook:

---
- name: Terrapin Vulnerability Scanner
  hosts: all
  gather_facts: false
  vars:
    scanner: "Terrapin_Scanner_MacOS_arm64_darwin"
    target: "rhel.example.com"
    version: "1.1.0"
    myurl: "https://github.com/RUB-NDS/Terrapin-Scanner/releases/download/v{{ version }}/{{ scanner }}"
    mydest: "./"
    cli_params: "-json -connect {{ target }}"
  tasks:
    - name: Download the scanner
      ansible.builtin.get_url:
        url: "{{ myurl }}"
        dest: "{{ mydest }}"
        mode: '0644'

    - name: Set scanner execution permission
      ansible.builtin.file:
        dest: "{{ mydest }}/{{ scanner }}"
        mode: 'a+x'

    - name: Execute the scanner
      ansible.builtin.command: "{{ mydest }}/{{ scanner }} {{ cli_params }}"
      register: command_output

    - name: Print message on the screen
      ansible.builtin.debug:
        var: command_output

Explanation of the Playbook

  • hosts: all: Specifies that the tasks will be executed on all hosts.
  • gather_facts: false: Disables the gathering of facts about the target hosts. Facts include information about the system, such as IP address, OS version, etc.
  • vars: Defines variables used throughout the playbook, such as the scanner name, target host, version, download URL, destination directory, and command-line parameters.
  • tasks: Describes a series of tasks to be executed in order.
  • Download the scanner: Uses the get_url Ansible module to download the Terrapin Scanner from the specified URL and save it to the destination directory.
  • Set scanner execution permission: Uses the file Ansible module to set the execution permission for the downloaded scanner.
  • Execute the scanner: Runs the Terrapin Scanner with the specified command-line parameters.
  • Print message on the screen: Displays the output of the scanner execution for further analysis.

Execution

  • localhost inventory
localhost ansible_connection=local
  • Playbook Execution
ansible-playbook -i inventory terrapin.yml
  • Output for a vulnerable OpenSSH connection
PLAY [Terrapin Vulnerability Scanner] ***************************************************

TASK [Download the scanner] *************************************************************
changed: [localhost]

TASK [Set scanner execution permission] *************************************************
changed: [localhost]

TASK [Execute the scanner] **************************************************************
changed: [localhost]

TASK [Print message on the screen] ******************************************************
ok: [localhost] => {
    "command_output": {
        "changed": true,
        "cmd": [
            ".//Terrapin_Scanner_MacOS_arm64_darwin",
            "-json",
            "-connect",
            "rhel.example.com"
        ],
        "delta": "0:00:00.574565",
        "end": "2024-01-04 13:01:22.774207",
        "failed": false,
        "msg": "",
        "rc": 0,
        "start": "2024-01-04 13:01:22.199642",
        "stderr": "",
        "stderr_lines": [],
        "stdout": "{\n    \"Banner\": \"SSH-2.0-OpenSSH_8.7\",\n    \"SupportsChaCha20\": true,\n    \"SupportsCbcEtm\": false,\n    \"SupportsStrictKex\": false,\n    \"Vulnerable\": true\n}",
        "stdout_lines": [
            "{",
            "    \"Banner\": \"SSH-2.0-OpenSSH_8.7\",",
            "    \"SupportsChaCha20\": true,",
            "    \"SupportsCbcEtm\": false,",
            "    \"SupportsStrictKex\": false,",
            "    \"Vulnerable\": true",
            "}"
        ]
    }
}

PLAY RECAP ******************************************************************************
localhost                  : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Conclusion

Automating vulnerability assessments with tools like Terrapin Scanner and Ansible can significantly enhance the efficiency and consistency of security practices. This Ansible playbook serves as a template for deploying Terrapin Scanner, making it easier for security professionals to integrate vulnerability scanning into their regular workflows. As cyber threats continue to evolve, proactive measures, such as automated vulnerability assessments, play a crucial role in maintaining a robust cybersecurity posture.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Patreon Buy me a Pizza