dirkjanm/scepreq
GitHub: dirkjanm/scepreq
scepreq 是一个用于向 AD CS 和 Intune 发起 SCEP 证书注册请求的 Python 命令行工具,支持灵活配置证书主题、密钥用法及扩展属性。
Stars: 77 | Forks: 6
# scepreq



可以通过 pypi 使用 `pip install scepreq` 进行安装,或者在克隆 GitHub 仓库后使用 pip 等安装工具执行 `pip install .` 进行安装。
如果遇到 `oscrypto` 或 `libcrypto` 错误,请务必通过 GitHub 安装 `oscrypto`,执行命令 `pip uninstall oscrypto && pip install git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3#oscrypto`。
```
(scepreq) ➜ scepreq git:(main) ✗ scepreq -h
usage: scepreq [-h] -u URL [--output-cert OUTPUT_CERT] [--output-key OUTPUT_KEY] [--output-csr OUTPUT_CSR] -s SUBJECT [--key-usage KEY_USAGE]
[--extended-key-usage EXTENDED_KEY_USAGE] [--key-length KEY_LENGTH] [--hash-algorithm {sha1,sha256,sha384,sha512}] -p PASSWORD [--dns DNS]
[--upn UPN] [--sid SID] [--sid-url SID_URL] [--email EMAIL] [-v]
SCEP Client for certificate enrollment
options:
-h, --help show this help message and exit
-u URL, --url URL SCEP server URL (e.g., https://server/certsrv/mscep/mscep.dll) (default: None)
--output-cert OUTPUT_CERT
Output certificate file path (default: cert.crt)
--output-key OUTPUT_KEY
Output private key file path (default: cert.key)
--output-csr OUTPUT_CSR
Output CSR file path (default: cert.csr)
-s SUBJECT, --subject SUBJECT
Subject DN for the certificate as specified by the template (default: None)
--key-usage KEY_USAGE
Key usage, comma-separated (e.g., digital_signature,key_encipherment) (default: digital_signature,key_encipherment)
--extended-key-usage EXTENDED_KEY_USAGE, --eku EXTENDED_KEY_USAGE
Extended Key Usage, comma-separated. Can use OIDs or friendly names: client_auth, server_auth, code_signing, secure_email, time_stamping,
ocsp_signing, smart_card_logon, ipsec_ike, document_signing, any_purpose (default: client_auth)
--key-length KEY_LENGTH
RSA key length in bits (default: 2048)
--hash-algorithm {sha1,sha256,sha384,sha512}
Hash algorithm to use (default: sha256)
-p PASSWORD, --password PASSWORD
SCEP request password (default: None)
--dns DNS DNS Subject Alternative Name (default: None)
--upn UPN UPN Subject Alternative Name (default: None)
--sid SID SID for Subject Alternative Name (added as AD SID security extension) (default: None)
--sid-url SID_URL SID URL for Subject Alternative Name (added as tag:microsoft.com,2022-09-14:sid: URL, used for strong mapping) (default: None)
--email EMAIL Email address for Subject Alternative Name (default: None)
-v, --verbose Enable debug logging (default: False)
```
**注意**:本工具仅供渗透测试/安全验证目的使用。例如,该工具不会验证 TLS 证书或所有消息的签名。
标签:逆向工具