Last active
March 21, 2020 15:39
-
-
Save antonlogvinenko/0f22353d71b0f70606f02b115c4b0ec6 to your computer and use it in GitHub Desktop.
Cisco Anyconnect VPN automation script under Mac OS without exposing your password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Open "Keychain Access" program | |
| -- Click File > New Password Item. Set "Keychain Item Name" to "WHATEVER_AnyConnect_VPN", "Account Name" to the account the script will be run under, and enter the password to the "Password" field, then click "Add" | |
| -- Run "Script Editor" program | |
| -- Paste all tihs text to the editor | |
| -- Save the file somewhere, specify "File Format"="Application" upon saving, e.g. save as "myvpn" Application | |
| -- Open console | |
| -- Run "osascript myvpn" to start vpn | |
| -- Run "osascript myvpn" to stop vpn | |
| -- Upon the first start, application might ask for your password. After entering the password, click "Always Allow" instead of "Allow" | |
| -- Original gist with comments that maybe helpful: https://gist.github.com/halocaridina/99466e4b1d08e57fb9dd | |
| set targetApp to "Cisco AnyConnect Secure Mobility Client" | |
| -- Determine if AnyConnect is currently running | |
| tell application "System Events" | |
| set processExists to exists process targetApp | |
| end tell | |
| -- Close connection if running; else start connection and fill in password | |
| if processExists is true then | |
| tell application targetApp | |
| quit | |
| end tell | |
| else | |
| tell application targetApp | |
| activate | |
| end tell | |
| tell application "System Events" | |
| -- Wait for first window to open. Do nothing. | |
| repeat until (window 1 of process targetApp exists) | |
| delay 1 | |
| end repeat | |
| -- You may need to uncomment below if your OpenConnect implementation requires a keystroke to accept the default VPN | |
| tell process targetApp | |
| keystroke return | |
| end tell | |
| -- Wait for second window to open and then automatically enter password extracted from your Keychain | |
| repeat until (window 2 of process targetApp exists) | |
| delay 2 | |
| end repeat | |
| tell process targetApp | |
| -- This is where the the password in the Keychain is accessed for use as input rather than being hardcoded as plain text in other versions of this script out in the wild | |
| delay 2 | |
| set inString to "WHATEVER_AnyConnect_VPN" | |
| set PSWD to do shell script "/usr/bin/security find-generic-password -wl " & quoted form of inString | |
| keystroke PSWD as text | |
| keystroke return | |
| end tell | |
| -- Autoclick on "Accept" of AnyConnect Banner window. If you have no welcome banner that needs acceptance, comment out these lines to the first "end tell" below | |
| --repeat until (window "Cisco AnyConnect - Banner" of process targetApp exists) | |
| -- delay 2 | |
| --end repeat | |
| --tell process targetApp | |
| -- keystroke return | |
| --end tell | |
| end tell | |
| end if |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment