AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Streamline Vulnerability Scanning with Ansible and Terrapin Scanner — Video Tutorial

Learn how to use Ansible to automate the deployment and execution of the Terrapin Vulnerability Scanner.

Watch on YouTube · Read the written article

Tutorial summary

What you'll learn

  • Introduction
  • Understanding the Ansible Playbook
  • Explanation of the Playbook
  • Execution
  • Conclusion
  • Related Articles
Introduction In the rapidly evolving landscape of cybersecurity, regular vulnerability assessments are essential to identify and mitigate potential security risks. The Terrapin Vulnerability Scanner, developed by the RUB-NDS research group, offers a powerful tool for scanning and evaluating the security posture of systems. In this article, we explore how Ansible, a popular automation tool, can be leveraged to streamline the process of deploying and executing the Terrapin Scanner. Understanding the Ansible Playbook The provided Ansible playbook is a set of instructions written in YAML format, defining a sequence of tasks to be executed on remote hosts. Let’s break down the key components of the playbook: ```yaml --- - name: Terrapin Vulnerability Scanner hosts: all gather_facts: false vars: scanner: "Terrapin_Scanner_MacOS_arm64_darwin" target: "rhel.example.com" version: "1.1.0" myurl: "https://github.com/RUB-NDS/Terrapin-Scanner/releases/download/v{{ version }}/{{ scanner }}" mydest: "./" cli_params: "-json -connect {{ target }}" tasks: - name: Download the scanner ansible.builtin.get_url: url: "{{ myurl }}" dest: "{{ mydest }}" mode: '0644' - name: Set scanner execution permission ansible.builtin.file: dest: "{{ mydest }}/{{ scanner }}" mode: 'a+x' - name: Execute the scanner ansible.builtin.command: "{{ mydest }}/{{ scanner }} {{ cli_params }}" register: command_output - name: Print message on the screen ansible.builtin.debug: var: command_output ``` Explanation of the Playbook - `hosts: all`: Specifies that the tasks will be executed on all hosts. - `gather_facts: false`: Disables the gathering of facts about the target hosts. Facts include information about the system, such as IP address, OS version, etc. - `vars`: Defines variables used throughout the playbook, such as the scanner name, target host, version, download URL, destination directory, and command-line parameters. - `tasks`: Describes a series of tasks to be executed in order. - Download the scanner: Uses the `get_url` Ansible module to download the Terrapin Scanner from the specified URL and save it to the destination directory. - Set scanner execution permission: Uses the `file` Ansible module to set the execution permission for the downloaded scanner. - Execute the scanner: Runs the Terrapin Scanner with the specified command-line parameters. - Print message on the screen: Displays the output of the scanner execution for further analysis. Execution - localhost inventory ```bash localhost ansible_connection=local ``` - Playbook Execution ```bash ansible-playbook -i inventory terrapin.yml ``` - Output for a vulnerable OpenSSH connection ```bash PLAY [Terrapin Vulnerability Scanner] *************************************************** TASK [Download the scanner] ************************************************************* changed: [localh

About this tutorial

  • Author: Luca Berton
  • Difficulty: Beginner
  • Read time: 3 min
  • Category: troubleshooting

Topics covered

Related video tutorials