Peter Lambrechtsen plambrechtsen

## lesvpntoasa.sh
#!/bin/bash

org=org.nz

echo "Applying VPN Cert for $1"
certbot certonly --config-dir . --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone -d $1.$org

openssl pkcs12 -export -out $1 -passout pass:password -in live/$1.$org/cert.pem -inkey live/$1.$org/privkey.pem
# If you have a newer version of openssl you may need to add -legacy to generate legacy version of the PKCS12 file needed by the ASA.
date=`date --date="$(openssl x509 -in live/$1.$org/cert.pem -enddate -noout | cut -d= -f 2)" +%Y%m%d`

## AzureWVD_to_ASA.py
from bs4 import BeautifulSoup
import re
import requests

# Disable warnings to prevent annoying messages in the console
requests.packages.urllib3.disable_warnings()

ASA_USERNAME = 'APIUser'
ASA_PASSWORD = 'xxxx'
ASA_IP = "10.x.x.xx"

## AzureSAMLCert.ps1
# Generate a 5 year self signed cert without KeyUsage, Subject Key Identifier and Enhanced Key Usage
# As per: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
$Certificate=New-SelfSignedCertificate –Subject "SAML SSO Certificate" -CertStoreLocation Cert:\CurrentUser\My -KeyUsage None -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5) -SuppressOid "2.5.29.14","2.5.29.37"

# Exported DER binary public key file
Export-Certificate -Cert $Certificate -FilePath ".\SSO.cer"

# Exported PEM text format public key file
$pemFileContent = @(
 '-----BEGIN CERTIFICATE-----'

## BurnToken2NFC.ps1

# Time step of the OTP. 1=30s, 2=60s
$TimeStep = 2
$AzureTime = $TimeStep * 30

# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s
$ScreenTimeout = 3

# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples
$RNG = [Security.Cryptography.RandomNumberGenerator]::Create()

## azurepublicwvdtocisco.py
import urllib.request
from bs4 import BeautifulSoup
import json

# Retrieve Azure Public URL to find JSON URL in the documnet
azure_public_IP_url = "https://www.microsoft.com/en-us/download/details.aspx?id=56519"
azure_public_IP_url_content = urllib.request.urlopen(azure_public_IP_url).read()
azure_public_IP_url_soup = BeautifulSoup(azure_public_IP_url_content, "html.parser")

azure_wvd_ip = []

## BulkEmail.csv

          
            to
            cc
            firstname
            fullname

            
              peter@email.local
              shared@email.local; manager@email.local
              Peter
              Peter Lambrechtsen

## selfsignedintermediate.sh
openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash'

openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA'

# -- Intermediate.ext --
cat <<EOF > Intermediate.ext
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier=hash
basicConstraints=CA:TRUE
keyUsage = digitalSignature, keyCertSign

## Cisco ASAv Quick Setup SSLVPN.md

      
              3 files
            
          
              1 fork
            
          
                0 comments
              
            
              0 stars
            
          
                plambrechtsen
                / Cisco ASAv Quick Setup SSLVPN.md
            
            
              Created
              July 13, 2023 07:26
            
              
                Cisco ASAv Local Deployment
              
          
    Setting up Cisco ASAv with AnyConnect

Software Required from Cisco:


ASAv

https://software.cisco.com/download/home/286119613/type/280775065/release/9.18.3
There may be newer releases out, but this has been built with 9.18(3) using the VMWare Package.


## createcert.sh
openssl req -x509 -newkey rsa:2048 -sha256 -days 3560 -nodes -keyout server.key -out server.pem -subj '/CN=server' -addext 'subjectAltName = DNS:server, DNS:server.local'
openssl pkcs12 -export -inkey server.key -in server.pem -out server.pfx -passout pass:password

## ConvertTOTPSeed.py
'''
    Convert TOTP Base32 Seeds into Base16/Hex format and vice versa based on CSV with:
    SerialNumber,SeedValue
    If the seed value isn't a valid Base32 then the base32 decoder will exception so assume it's Base16/Hex
'''

import base64
import sys

filename = 'seeds.csv'
	#!/bin/bash

	org=org.nz

	echo "Applying VPN Cert for $1"
	certbot certonly --config-dir . --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone -d $1.$org

	openssl pkcs12 -export -out $1 -passout pass:password -in live/$1.$org/cert.pem -inkey live/$1.$org/privkey.pem
	# If you have a newer version of openssl you may need to add -legacy to generate legacy version of the PKCS12 file needed by the ASA.
	date=`date --date="$(openssl x509 -in live/$1.$org/cert.pem -enddate -noout \| cut -d= -f 2)" +%Y%m%d`
	from bs4 import BeautifulSoup
	import re
	import requests

	# Disable warnings to prevent annoying messages in the console
	requests.packages.urllib3.disable_warnings()

	ASA_USERNAME = 'APIUser'
	ASA_PASSWORD = 'xxxx'
	ASA_IP = "10.x.x.xx"
	# Generate a 5 year self signed cert without KeyUsage, Subject Key Identifier and Enhanced Key Usage
	# As per: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
	$Certificate=New-SelfSignedCertificate –Subject "SAML SSO Certificate" -CertStoreLocation Cert:\CurrentUser\My -KeyUsage None -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5) -SuppressOid "2.5.29.14","2.5.29.37"

	# Exported DER binary public key file
	Export-Certificate -Cert $Certificate -FilePath ".\SSO.cer"

	# Exported PEM text format public key file
	$pemFileContent = @(
	'-----BEGIN CERTIFICATE-----'

	# Time step of the OTP. 1=30s, 2=60s
	$TimeStep = 2
	$AzureTime = $TimeStep * 30

	# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s
	$ScreenTimeout = 3

	# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples
	$RNG = [Security.Cryptography.RandomNumberGenerator]::Create()
	import urllib.request
	from bs4 import BeautifulSoup
	import json

	# Retrieve Azure Public URL to find JSON URL in the documnet
	azure_public_IP_url = "https://www.microsoft.com/en-us/download/details.aspx?id=56519"
	azure_public_IP_url_content = urllib.request.urlopen(azure_public_IP_url).read()
	azure_public_IP_url_soup = BeautifulSoup(azure_public_IP_url_content, "html.parser")

	azure_wvd_ip = []
	to	cc	firstname	fullname
	peter@email.local	shared@email.local; manager@email.local	Peter	Peter Lambrechtsen
	openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash'

	openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA'

	# -- Intermediate.ext --
	cat <<EOF > Intermediate.ext
	authorityKeyIdentifier=keyid,issuer
	subjectKeyIdentifier=hash
	basicConstraints=CA:TRUE
	keyUsage = digitalSignature, keyCertSign
	openssl req -x509 -newkey rsa:2048 -sha256 -days 3560 -nodes -keyout server.key -out server.pem -subj '/CN=server' -addext 'subjectAltName = DNS:server, DNS:server.local'
	openssl pkcs12 -export -inkey server.key -in server.pem -out server.pfx -passout pass:password
	'''
	Convert TOTP Base32 Seeds into Base16/Hex format and vice versa based on CSV with:
	SerialNumber,SeedValue
	If the seed value isn't a valid Base32 then the base32 decoder will exception so assume it's Base16/Hex
	'''

	import base64
	import sys

	filename = 'seeds.csv'