{"id":29659611,"url":"https://github.com/wrenchpilot/gpscripts","last_synced_at":"2026-04-19T02:03:29.559Z","repository":{"id":305027228,"uuid":"1021672855","full_name":"wrenchpilot/gpscripts","owner":"wrenchpilot","description":"GlobalProtect Automation Scripts for macOS - Command-line tools for automating GlobalProtect VPN operations with Duo 2FA support","archived":false,"fork":false,"pushed_at":"2025-07-17T19:50:42.000Z","size":28,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-17T22:48:51.250Z","etag":null,"topics":["automation","globalprotectvpn","macos"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wrenchpilot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-17T18:57:50.000Z","updated_at":"2025-07-17T19:53:13.000Z","dependencies_parsed_at":"2025-07-18T01:16:55.395Z","dependency_job_id":"87570204-43d5-4171-8557-36150177ecd9","html_url":"https://github.com/wrenchpilot/gpscripts","commit_stats":null,"previous_names":["wrenchpilot/gpscripts"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/wrenchpilot/gpscripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wrenchpilot%2Fgpscripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wrenchpilot%2Fgpscripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wrenchpilot%2Fgpscripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wrenchpilot%2Fgpscripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wrenchpilot","download_url":"https://codeload.github.com/wrenchpilot/gpscripts/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wrenchpilot%2Fgpscripts/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266466387,"owners_count":23933378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","globalprotectvpn","macos"],"created_at":"2025-07-22T09:36:17.431Z","updated_at":"2026-04-19T02:03:29.553Z","avatar_url":"https://github.com/wrenchpilot.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GlobalProtect Automation Scripts for macOS\n\nA collection of command-line tools to automate GlobalProtect VPN operations on macOS using a hybrid approach: system-level commands for reliable status checking and minimal AppleScript for authentication.\n\n## Quick Start\n\n### Prerequisites\n\n- **macOS** with Homebrew installed\n- **GlobalProtect VPN client** installed and configured\n- **Duo 2FA** configured (*Yubikey preferred - Duo Push fallback under testing*)\n- **Yubikey** (optional, preferred for 2FA - falls back to Duo Push if not present)\n\n### Installation\n\n```bash\ngit clone https://github.com/wrenchpilot/gpscripts.git\ncd gpscripts\n./install.sh\n```\n\nThe install script will:\n\n- Detect your Homebrew installation (`/opt/homebrew` or `/usr/local`)\n- Copy all scripts to the appropriate `bin` directory\n- Configure username (defaults to current user, customizable)\n- Configure portal URL (optional, for environments where it's not pre-filled)\n- Set up secure password storage in macOS keychain\n- Store configuration as JSON in keychain for easy management\n- Make scripts available system-wide\n\n### Basic Usage\n\n```bash\ngpstatus              # Check VPN connection status\ngplogin               # Connect to VPN with auto 2FA\ngpdisconnect          # Disconnect from VPN\ngpupdatepw            # Update username/password in keychain\n```\n\n### Uninstall\n\n```bash\n./uninstall.sh\n```\n\nThe uninstall script will:\n\n- Remove all scripts from the Homebrew bin directory\n- Clean up keychain entries (passwords and configuration)\n- Remove any legacy keychain entries from previous versions\n\n## Overview\n\nThese scripts provide automation for Palo Alto Networks GlobalProtect VPN client on macOS. Since GlobalProtect doesn't provide command-line authentication tools on macOS, the scripts use:\n\n- **System-level commands** (`route`, `ifconfig`, `launchctl`) for reliable VPN status detection and service management\n- **Minimal AppleScript** only where necessary for authentication UI interaction (since no CLI alternative exists)\n\n## Scripts\n\n### 📡 `gpstatus` - VPN Connection Status\n\nChecks if GlobalProtect VPN is connected using native macOS networking tools.\n\n**Usage:**\n\n```bash\ngpstatus              # Show detailed VPN status\ngpstatus --help       # Show help\n```\n\n**Output Example:**\n\n```text\n=== GlobalProtect VPN Status ===\nGlobalProtect GUI service (pangpa): loaded\nGlobalProtect VPN service (pangps): loaded\n\n✅ VPN is CONNECTED\n   Interface: utun4\n   VPN IP: x.x.x.x\n   MTU: 1280\n```\n\n**Exit Codes:**\n\n- `0` - VPN is connected\n- `1` - VPN is not connected\n\n### 🔐 `gplogin` - Automated VPN Login\n\nAutomates GlobalProtect login with Duo 2FA support (Yubikey preferred, push fallback).\n\n**Usage:**\n\n```bash\ngplogin               # Connect to VPN with auto 2FA\ngplogin --help        # Show help\n```\n\n**Features:**\n\n- Automatic Yubikey detection (preferred method)\n- Fallback to Duo Push notifications (*currently under testing*)\n- Smart service management (doesn't restart running services)\n- Waits for authentication completion\n- Portal URL auto-fill (if configured during installation)\n- Smart popup detection and dismissal\n- Configurable username (set during installation)\n\n**Requirements:**\n\n- GlobalProtect app installed and configured\n- Duo 2FA configured (for automated login - *Duo Push fallback currently under testing*)\n- macOS keychain access (credentials configured during installation)\n\n### 🔌 `gpdisconnect` - Clean VPN Disconnect\n\nDisconnects from GlobalProtect VPN without killing the menu bar application.\n\n**Usage:**\n\n```bash\ngpdisconnect          # Disconnect from VPN\ngpdisconnect --help   # Show help\n```\n\n### 🔑 `gpupdatepw` - Update Credentials\n\nUpdates the username, password, and/or portal URL stored in the macOS keychain. Useful when credentials change or if you need to reconfigure settings.\n\n**Features:**\n\n- Update username only, password only, or both\n- Interactive prompts for new credentials\n- Validates keychain operations\n- Handles username changes with automatic password migration\n- Can update portal URL configuration\n\n**Usage:**\n\n```bash\ngpupdatepw            # Update both username and password\ngpupdatepw -u         # Update only username\ngpupdatepw -p         # Update only password\ngpupdatepw --help     # Show help\n```\n\n## Configuration\n\nThe scripts use macOS keychain for secure credential and configuration storage:\n\n### Keychain Entries\n\n- **`GlobalProtect`** - Stores your VPN password securely\n- **`GlobalProtect-Config`** - Stores configuration as JSON (username, portal URL)\n\n### Configuration Options\n\nDuring installation, you can configure:\n\n- **Username**: Defaults to current macOS user, but can be customized for different VPN usernames\n- **Portal URL**: Optional domain (e.g., `vpn.company.com`) for auto-filling portal fields\n- **Password**: Securely stored in keychain, prompted during installation\n\n### Manual Configuration\n\nIf you need to manually add credentials:\n\n```bash\n# Add password to keychain\nsecurity add-generic-password -a \"your-username\" -s \"GlobalProtect\" -w \"your-password\"\n\n# Add configuration to keychain  \nsecurity add-generic-password -a \"your-username\" -s \"GlobalProtect-Config\" -w '{\"username\":\"your-username\",\"portal_url\":\"vpn.company.com\"}'\n```\n\n## Compatibility\n\n- **macOS Version:** 10.15+ (tested on recent versions)\n- **Architecture:** Intel and Apple Silicon Macs\n- **Homebrew:** Both `/usr/local` and `/opt/homebrew` installations\n- **GlobalProtect:** Recent versions with launchctl service management\n\n## Security Considerations\n\n- Passwords are stored securely in macOS keychain\n- Configuration stored as JSON in separate keychain entry\n- No credentials stored in scripts or log files\n- Minimal privilege requirements\n- Service management uses standard macOS tools\n- Portal URL and username are stored separately from password for better security isolation\n\n## License\n\nThese scripts are provided as-is for automation purposes. Ensure compliance with your organization's IT policies before use.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwrenchpilot%2Fgpscripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwrenchpilot%2Fgpscripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwrenchpilot%2Fgpscripts/lists"}