dirkjanm/scepreq

GitHub: dirkjanm/scepreq

scepreq 是一个用于向 AD CS 和 Intune 发起 SCEP 证书注册请求的 Python 命令行工具,支持灵活配置证书主题、密钥用法及扩展属性。

Stars: 77 | Forks: 6

# scepreq ![仅支持 Python 3](https://img.shields.io/badge/python-3.7+-blue.svg) ![许可证:MIT](https://img.shields.io/pypi/l/scepreq.svg) ![PyPI 版本](https://img.shields.io/pypi/v/scepreq.svg) 可以通过 pypi 使用 `pip install scepreq` 进行安装,或者在克隆 GitHub 仓库后使用 pip 等安装工具执行 `pip install .` 进行安装。 如果遇到 `oscrypto` 或 `libcrypto` 错误,请务必通过 GitHub 安装 `oscrypto`,执行命令 `pip uninstall oscrypto && pip install git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3#oscrypto`。 ``` (scepreq) ➜ scepreq git:(main) ✗ scepreq -h usage: scepreq [-h] -u URL [--output-cert OUTPUT_CERT] [--output-key OUTPUT_KEY] [--output-csr OUTPUT_CSR] -s SUBJECT [--key-usage KEY_USAGE] [--extended-key-usage EXTENDED_KEY_USAGE] [--key-length KEY_LENGTH] [--hash-algorithm {sha1,sha256,sha384,sha512}] -p PASSWORD [--dns DNS] [--upn UPN] [--sid SID] [--sid-url SID_URL] [--email EMAIL] [-v] SCEP Client for certificate enrollment options: -h, --help show this help message and exit -u URL, --url URL SCEP server URL (e.g., https://server/certsrv/mscep/mscep.dll) (default: None) --output-cert OUTPUT_CERT Output certificate file path (default: cert.crt) --output-key OUTPUT_KEY Output private key file path (default: cert.key) --output-csr OUTPUT_CSR Output CSR file path (default: cert.csr) -s SUBJECT, --subject SUBJECT Subject DN for the certificate as specified by the template (default: None) --key-usage KEY_USAGE Key usage, comma-separated (e.g., digital_signature,key_encipherment) (default: digital_signature,key_encipherment) --extended-key-usage EXTENDED_KEY_USAGE, --eku EXTENDED_KEY_USAGE Extended Key Usage, comma-separated. Can use OIDs or friendly names: client_auth, server_auth, code_signing, secure_email, time_stamping, ocsp_signing, smart_card_logon, ipsec_ike, document_signing, any_purpose (default: client_auth) --key-length KEY_LENGTH RSA key length in bits (default: 2048) --hash-algorithm {sha1,sha256,sha384,sha512} Hash algorithm to use (default: sha256) -p PASSWORD, --password PASSWORD SCEP request password (default: None) --dns DNS DNS Subject Alternative Name (default: None) --upn UPN UPN Subject Alternative Name (default: None) --sid SID SID for Subject Alternative Name (added as AD SID security extension) (default: None) --sid-url SID_URL SID URL for Subject Alternative Name (added as tag:microsoft.com,2022-09-14:sid: URL, used for strong mapping) (default: None) --email EMAIL Email address for Subject Alternative Name (default: None) -v, --verbose Enable debug logging (default: False) ``` **注意**:本工具仅供渗透测试/安全验证目的使用。例如,该工具不会验证 TLS 证书或所有消息的签名。
标签:逆向工具