Scapy Manager (scapy-man)

Step CA Manager using Python



git clone
cd scapy
pip install poetry
poetry update


poetry run bash examples/

You will be asked to provide a Cloudflare Token to upload the worker. The worker will be uploaded to your Cloudflare Account and deployed to Cloudflare Edge Network.

If successully deployed, you will find a url where the demo CA Root certificate and hosted. Install this certificate in systems to access

Python Package

pip install scapy-man


scapy --completion

This command will install the shell completion. To activate the shell completion in currently working shell, run . ~/.bash_completion or source ~/.bash_completion.


  • If scapy not found: export PATH=$PATH:$(realpath ~/.local/bin)

  • If pip not found: sudo apt install python3-pip -y

  • If python3-pip not found: sudo apt update

Usage with Step CA

INSTALLATION_PATHS=$(scapy get step all -p)
scapy gen passwords
scapy gen worker

export CA_NAME="Scapy CA"
export CA_DNS="$(hostname).local,localhost"
step ca init \
--name "$CA_NAME" \
--deployment-type standalone \
--dns "$CA_DNS" \
--address ":443" \
--provisioner admin \
--password-file $(scapy path password root) \
--provisioner-password-file $(scapy path password provisioner)

step crypto change-pass $(scapy path key intermediate) -f \
--password-file $(scapy path password root) \
--new-password-file $(scapy path password intermediate)

export FINGERPRINT=$(step certificate fingerprint $(scapy path cert root))
scapy deploy --worker scapy --js worker.js

sudo setcap CAP_NET_BIND_SERVICE=+eip $(which step-ca)
step-ca $(scapy path config ca) --password-file $(scapy path password intermediate)

In the above commands,

  • Generate a password and store in step path

  • Generate a basic worker file

  • Export CA_NAME variable with CA Name

  • Generate PKI using Step CA

  • Export FINGERPRINT variable with fingerprint of Root Certificate

  • Deploy worker scapy with worker.js as script file.

Commandline Interface CLI