Skip to content

Instantly share code, notes, and snippets.

View plambrechtsen's full-sized avatar

Peter Lambrechtsen plambrechtsen

View GitHub Profile
@plambrechtsen
plambrechtsen / lesvpntoasa.sh
Created May 8, 2024 02:38
Lets Encrypt Certbot to Cisco ASA CLI
#!/bin/bash
org=org.nz
echo "Applying VPN Cert for $1"
certbot certonly --config-dir . --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone -d $1.$org
openssl pkcs12 -export -out $1 -passout pass:password -in live/$1.$org/cert.pem -inkey live/$1.$org/privkey.pem
# If you have a newer version of openssl you may need to add -legacy to generate legacy version of the PKCS12 file needed by the ASA.
date=`date --date="$(openssl x509 -in live/$1.$org/cert.pem -enddate -noout | cut -d= -f 2)" +%Y%m%d`
@plambrechtsen
plambrechtsen / AzureWVD_to_ASA.py
Created January 12, 2024 02:37
Azure WVD compare to Cisco ASA
from bs4 import BeautifulSoup
import re
import requests
# Disable warnings to prevent annoying messages in the console
requests.packages.urllib3.disable_warnings()
ASA_USERNAME = 'APIUser'
ASA_PASSWORD = 'xxxx'
ASA_IP = "10.x.x.xx"
@plambrechtsen
plambrechtsen / AzureSAMLCert.ps1
Created November 28, 2023 02:44
Generate Azure Self Signed Certificate for SAML
# Generate a 5 year self signed cert without KeyUsage, Subject Key Identifier and Enhanced Key Usage
# As per: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
$Certificate=New-SelfSignedCertificate –Subject "SAML SSO Certificate" -CertStoreLocation Cert:\CurrentUser\My -KeyUsage None -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5) -SuppressOid "2.5.29.14","2.5.29.37"
# Exported DER binary public key file
Export-Certificate -Cert $Certificate -FilePath ".\SSO.cer"
# Exported PEM text format public key file
$pemFileContent = @(
'-----BEGIN CERTIFICATE-----'
@plambrechtsen
plambrechtsen / BurnToken2NFC.ps1
Last active January 25, 2024 20:23
Create random Base32 TOTP Token and burn it to a NFC Token2 Token and upload the CSV to Azure
# Time step of the OTP. 1=30s, 2=60s
$TimeStep = 2
$AzureTime = $TimeStep * 30
# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s
$ScreenTimeout = 3
# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples
$RNG = [Security.Cryptography.RandomNumberGenerator]::Create()
@plambrechtsen
plambrechtsen / azurepublicwvdtocisco.py
Last active October 18, 2023 20:10
Create Cisco ASA Split Tunnel Configuration for WVD based on Azure IP Ranges and Service Tags
import urllib.request
from bs4 import BeautifulSoup
import json
# Retrieve Azure Public URL to find JSON URL in the documnet
azure_public_IP_url = "https://www.microsoft.com/en-us/download/details.aspx?id=56519"
azure_public_IP_url_content = urllib.request.urlopen(azure_public_IP_url).read()
azure_public_IP_url_soup = BeautifulSoup(azure_public_IP_url_content, "html.parser")
azure_wvd_ip = []
@plambrechtsen
plambrechtsen / BulkEmail.csv
Last active August 22, 2023 03:15
Send bulk email with outlook including send-as another account using a CSV input with PowerShell
to cc firstname fullname
peter@email.local shared@email.local; manager@email.local Peter Peter Lambrechtsen
@plambrechtsen
plambrechtsen / selfsignedintermediate.sh
Last active August 16, 2023 20:24
Create self signed root CA, intermediate and leaf cert
openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash'
openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA'
# -- Intermediate.ext --
cat <<EOF > Intermediate.ext
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier=hash
basicConstraints=CA:TRUE
keyUsage = digitalSignature, keyCertSign
@plambrechtsen
plambrechtsen / Cisco ASAv Quick Setup SSLVPN.md
Created July 13, 2023 07:26
Cisco ASAv Local Deployment
@plambrechtsen
plambrechtsen / createcert.sh
Created June 8, 2023 00:32
Create Self Signed Certificate with SAN and convert to PFX
openssl req -x509 -newkey rsa:2048 -sha256 -days 3560 -nodes -keyout server.key -out server.pem -subj '/CN=server' -addext 'subjectAltName = DNS:server, DNS:server.local'
openssl pkcs12 -export -inkey server.key -in server.pem -out server.pfx -passout pass:password
@plambrechtsen
plambrechtsen / ConvertTOTPSeed.py
Last active August 18, 2022 22:25
Convert TOTP Tokens Seeds from Base32 to Base16/HEX and vice versa based on input CSV.
'''
Convert TOTP Base32 Seeds into Base16/Hex format and vice versa based on CSV with:
SerialNumber,SeedValue
If the seed value isn't a valid Base32 then the base32 decoder will exception so assume it's Base16/Hex
'''
import base64
import sys
filename = 'seeds.csv'