I started to write my own persistent connector for CS/Splunk and found this script. I am new to Python but I managed to get logged-in and set cookies and maintain a session for 2 days with bash ;) the next part is setting up the script to perform Splunk searches ...

CS_BADGER_WIP.txt

The issue am having is with spluruk.py does not matter what I put in the sample-toruk-cfg.cfg so I don't think thats the issue.

python3 spluruk.py -c sample-toruk-cfg.cfg -q bannan  ✔  ⚡  678  03:03:35
Traceback (most recent call last):
File "spluruk.py", line 139, in
f = FalconAuth(args.config_file)
File "spluruk.py", line 41, in init
self.falcon_auth()
File "spluruk.py", line 65, in falcon_auth
fh_2fa = totp.now()
File "/usr/local/lib/python3.5/dist-packages/pyotp/totp.py", line 44, in now
return self.generate_otp(self.timecode(datetime.datetime.now()))
File "/usr/local/lib/python3.5/dist-packages/pyotp/otp.py", line 33, in generate_otp
hasher = hmac.new(self.byte_secret(), self.int_to_bytestring(input), self.digest)
File "/usr/local/lib/python3.5/dist-packages/pyotp/otp.py", line 50, in byte_secret
return base64.b32decode(self.secret, casefold=True)
File "/usr/lib/python3.5/base64.py", line 232, in b32decode
raise binascii.Error('Non-base32 digit found') from None
binascii.Error: Non-base32 digit found

needs a rewrite in python but it works:

https://github.com/freeload101/SCRIPTS/tree/master/Bash/CS_BADGER