-
-
Save dadecoza/54f3dca00141897405634b2d839c27f2 to your computer and use it in GitHub Desktop.
import requests | |
class RetrieveCyberArkPassword: | |
def __init__(self, url, username, password, verify_ssl=True): | |
self.username = username | |
self.password = password | |
self.cyberark_url = url | |
self.cert = None | |
self.verify_ssl = verify_ssl | |
self.getCert() | |
def getCert(self): | |
logon_url = "%s/auth/Cyberark/CyberArkAuthenticationService.svc/Logon" % ( | |
self.cyberark_url | |
) | |
credentials = {"username": self.username, "password": self.password} | |
r = requests.post( | |
logon_url, | |
json=credentials, | |
headers=headers, | |
verify=self.verify_ssl | |
) | |
j = r.json() | |
self.cert = j["CyberArkLogonResult"] | |
def logoff(self): | |
url = "%s/auth/Cyberark/CyberArkAuthenticationService.svc/Logoff" % ( | |
self.cyberark_url | |
) | |
headers = { | |
"Content-Type": "application/json", | |
"Authorization": self.cert | |
} | |
r = requests.post(url, headers=headers, verify=self.verify_ssl) | |
def getAccountIDs(self, safe, keyword): | |
url = "%s/PIMServices.svc/Accounts?Keywords=%s&Safe=%s" % ( | |
self.cyberark_url, keyword, safe | |
) | |
headers = { | |
"Content-Type": "application/json", | |
"Authorization": self.cert | |
} | |
r = requests.get(url, headers=headers, verify=self.verify_ssl) | |
j = r.json() | |
return [a["AccountID"] for a in j["accounts"]] | |
def getPassword(self, account_id): | |
url = "%s/PIMServices.svc/Accounts/%s/Credentials/" % ( | |
self.cyberark_url, | |
account_id | |
) | |
headers = { | |
"Content-Type": "application/json", | |
"Authorization": self.cert | |
} | |
r = requests.get(url, headers=headers, verify=self.verify_ssl) | |
return r.text | |
if __name__ == '__main__': | |
cyberark = RetrieveCyberArkPassword( | |
url="https://cyberark.company.corp/PasswordVault/WebServices", | |
username="user01", | |
password="passw0rd", | |
verify_ssl=False | |
) | |
account_id = cyberark.getAccountIDs("SAFE-1", "application keyword")[0] | |
password = cyberark.getPassword(account_id) | |
print("Password: %s" % password) | |
cyberark.logoff() |
Hi @KarnGusain,
This is Python2.7 and it did authenticate fine using my company AD account. Not sure if the radius directory syncs from our AD. Unfortunately I do not know how our companies CyberArk is configured. I'm just an end-user ;)
Hi All, facing the Syntax error here: except urllib2.HTTPError, e:
Can any one help me out on urgent basis
Hi All, facing the Syntax error here: except urllib2.HTTPError, e:
Can any one help me out on urgent basis
I completely forgot about this script! I converted it to Python3 just for you!
Hi there, would it be possible to share the python3 version of the script with me as well?
Nice work btw
Hi there, would it be possible to share the python3 version of the script with me as well?
Nice work btw
This is the Python3 version :)
Ah, ok ty so much!
Thanks @dadecoza for sharing this , I am new to this so I have some questions
- Can I use it with my SAML based authentication? If yes then what parameters I need to add in here?
- This will help in retrieving passwords from the safe so can I implement it directly in my code where earlier I used to fetch credentials from INI File? ( Please share the additional steps required to replace my ini file with this automated password retrieval process if you have)
@KarnGusain did you find the Radius Approach ?
Is there and SSO based authentication option?
Hello Dadecoza, nice work, this is python3 based script, However , its based on direct username password login , do you have radius based approach as well .