Automated security auditing and UI-driven hardening for Schneider Electric APC UPS devices (NMC3) using Playwright.
This tool automates browser interaction with the Schneider/APC NMC3 Web UI to enforce security baselines at scale — without relying on undocumented APIs.
Designed for large UPS deployments where insecure defaults are commonly left unchanged across branch sites, data centers, and industrial environments.
This project follows a UI-first, workflow-driven automation architecture designed specifically for APC NMC3 devices, where no stable public API exists.
The architecture document explains:
- Why UI automation was chosen over APIs
- How login, hardening, and SNMPv3 enforcement are orchestrated
- How safety, idempotency, and auditability are guaranteed
- How the SNMPv3 hardening workflow is structured internally
Full architecture documentation: I'm working on it!
✔ Credential & Account Security
-
Detect if default credentials (
apc/apc) still work -
Automatically harden the default
apcpassword -
Create a new Super User / Administrator account
-
Failover to a non-default login when required
✔ SNMPv3 Security Hardening (v0.2.0)
-
Fully automated SNMPv3 user profile configuration
-
Supports:
-
Authentication protocols:
SHA,MD5 -
Privacy protocols:
AES,DES
-
-
Automates SNMPv3 Access Control:
-
Enables SNMPv3 access
-
Binds SNMPv3 users to a specific NMS IP / Host
-
-
Optional SNMPv1 disablement (only after SNMPv3 is confirmed working)
✔ Automation & Reporting
-
Headless (fast) or Headful (visual) execution
-
Fully unattended mode (
--auto) -
CSV and JSON reporting for audits and compliance
-
Check-only mode (read-only validation)
Major Enhancements
-
End-to-end SNMPv3 hardening via NMC3 Web UI
-
Unified SNMP hardening workflow
-
SNMPv3 Access Control automation with NMS binding
-
Optional SNMPv1 decommissioning
-
Improved Playwright selector stability and timing
-
Extended CSV/JSON reports with SNMPv3 fields
This release transforms the tool from credential hygiene into a full monitoring-security enforcement utility.
Option 1 — Install from PyPI (preferred)
pip install apc-ups-security-auditor==0.2.0
This installs the CLI tool:
apc-ups-audit --help
Option 2 — Install from Source (development version)
If you want to run the latest development version directly from GitHub, you can install the package from the apc-nmc3-ui-scraper subdirectory of the repository.
git clone https://github.com/hacktivism-github/netauto.git
cd netauto/apc-nmc3-ui-scraper
python3 -m venv .venv
source .venv/bin/activate # Linux/macOS
.\.venv\Scripts\activate # Windows PowerShell
python -m pip install --upgrade pip
pip install -e .
Install Playwright browsers:
playwright install
See Usage below
Option 3 — Install directly from GitHub (bleeding-edge)
pip install "git+https://github.com/hacktivism-github/netauto@development#subdirectory=apc-nmc3-ui-scraper"
This will pull only the package from the subfolder, not the whole repo.
- Prepare a list of UPS hosts (ups_hosts.txt):
10.x.x.x
172.16.x.x
192.168.x.x
...
Note: use ` (grave accent) to change the line (if using Windows PowerShell).
- Basic command (recommended)
Try default apc/apc → harden → create new admin → next host.
apc-ups-audit \
--hosts ups_hosts.txt \
--https \
--create-admin \
--new-admin-user <your admin user> \
--auto \
--report-csv results.csv
This performs:
-
Try login with
apc/apc -
If default credentials work →
-
harden
apcpassword -
create admin user
-
-
If default creds fail → automatically try fallback (
--current-user,--current-pass) -
Move to next host automatically
-
Save results to CSV
- Headful mode (watch the automation)
apc-ups-audit \
--hosts ups_hosts.txt \
--https \
--create-admin \
--new-admin-user <your admin user> \
--auto \
--headful
- Fully non-interactive (no prompts)
apc-ups-audit \
--hosts ups_hosts.txt \
--https \
--auto \
--create-admin \
--new-admin-user <your admin user> \
--new-admin-pass "your admin secure password" \
--apc-new-pass "your apc hardened password" \
--current-user <your current user> \
--current-pass "your current password"
PowerShell:
apc-ups-audit.exe `
--hosts ups_hosts.txt `
--https `
--headful `
--apc-new-pass "Enter your hardened password" `
--create-admin `
--new-admin-user <Enter you desired admin user> `
--new-admin-pass "Enter your hardened password" `
--current-user <your current user> `
--current-pass "your current password" `
--auto `
--report-csv report.csv
- Fallback login example
If apc/apc fails, try another known user:
apc-ups-audit \
--hosts ups_hosts.txt \
--https \
--current-user <your current user> \
--current-pass "your current password" \
--create-admin \
--new-admin-user <your admin user> \
--auto
- Check-only mode (no changes)
Verify a single UPS without modifying anything:
apc-ups-audit \
--check-only <IP Address> \
--https \
--headful
Output example:
[RESULT] <IP Address>: default credentials NOT valid
This mode is ideal for:
-
Spot checks
-
Post-remediation validation
-
Audit sampling
(.venv) PS C:\Users\<user>\netauto\apc-nmc3-ui-scraper> apc-ups-audit.exe `
>> --hosts ups_hosts.txt `
>> --https `
>> --headful `
>> --apc-new-pass "Your hardened password" `
>> --create-admin `
>> --new-admin-user <your admin user> `
>> --new-admin-pass "Your hardened password" `
>> --auto `
>> --report-csv report.csv
Loaded 2 host(s) from ups_hosts.txt
Using scheme: HTTPS
Browser will be HEADFUL (visible).
==============================================================
[*] Processing host: <IP Address>
==============================================================
-> Opening https://<IP Address>/ ...
-> Trying default credentials apc/apc …
[*] Login page ready.
[*] Set language to English.
[*] Filled username and password.
[*] Clicked Log On, waiting for home page...
[✓] Login successful.
[✓] Default login succeeded as apc. Hardening password and creating admin if requested…
-> Hardening password for 'apc' on <IP Address>…
[*] Navigating to User Management (click-only navigation)...
-> Clicking 'Configuration'
-> Clicking 'Security'
-> Clicking 'Local Users'
-> Clicking 'Management' (Local Users / userman.htm)
-> Clicking user 'apc' under Super User Management
-> Filling Current / New / Confirm Password fields...
-> Clicking 'Next' (or fallback 'Apply')...
-> Waiting for final confirmation page...
-> Clicking FINAL 'Apply'
[✓] Password change fully confirmed.
[✓] Default user password hardened successfully.
-> Creating new admin user 'your admin user' …
[*] Navigating to Local Users to create admin user...
-> Clicking 'Configuration'
-> Clicking 'Security'
-> Clicking 'Local Users'
-> Opening 'Management' (user list)
-> Clicking 'Add User'…
-> Now on page: https://<IP Address>/NMC/uXfKb-aEKZloM5mXKqZlBg/usercfg.htm?user=
-> Enabling new user (ticking 'Enable' checkbox)…
-> Filling new admin user: your admin user
-> Filling password fields…
-> Setting user role (Super User / Administrator) if possible…
-> Clicking 'Next'…
-> On confirmation page, clicking 'Apply'…
[✓] New admin user creation flow completed (Next + Apply).
[✓] Admin user created successfully.
It automatically moves on to the next host as listed on the ups_hosts.txt file
[✓] CSV report written to report.csv
[*] All hosts processed.
If the default username/password are no longer accepted, it will attempt the fallback if provided (--current-user, --current-pass) otherwise it will skip to the next host or eventually exit.
==============================================================
[*] Processing host: <IP Address>
==============================================================
-> Opening https://<IP Address>/ ...
-> Trying default credentials apc/apc …
[*] Login page ready.
[*] Set language to English.
[*] Filled username and password.
[*] Clicked Log On, waiting for home page...
[-] Login did not reach home.htm – default credentials probably NOT valid.
[-] Default login failed or undetermined. Trying fallback credentials (if configured)…
[-] No fallback credentials provided; skipping host.
[✓] CSV report written to report.csv
[*] All hosts processed.
apc-ups-audit \
--hosts ups_hosts.txt \
--https \
--snmpv3-enable \
--snmpv3-user <Your SNMPv3 username> \
--snmpv3-auth-proto SHA \
--snmpv3-priv-proto AES \
--snmpv3-auth-pass "<Your Auth Passphrase>" \
--snmpv3-priv-pass "<Your Priv Passphrase>" \
--snmpv3-nms <Your NMS IP Address> \
--disable-snmpv1 \
--auto \
--report-csv snmpv3_hardened.csv
Logical Flow
Login to UPS
↓
Navigate: Configuration → Network → SNMPv3 → User Profiles
↓
Open SNMPv3 Profile (e.g. apc snmp profile1)
↓
Set User Name, Auth Protocol, Privacy Protocol, Passphrases
↓
Apply & Return to User Profiles
↓
Navigate: Configuration → Network → SNMPv3 → Access Control
↓
Select SNMPv3 User
↓
Enable Access + Set NMS IP/Host
↓
Apply Changes
↓
(Optional) Disable SNMPv1
| Flag | Purpose |
|---|---|
-h, --help |
show this help message and exit |
--version |
show program's version number and exit |
--hosts HOSTS |
Path to file containing UPS IPs/hostnames (one per line). |
--check-only |
Verify a single host, no changes |
--https |
Use HTTPS instead of HTTP to open the web UI. |
--timeout TIMEOUT |
Timeout (seconds) for page loads and login (default: 30). |
--headful |
Run the browser in headful mode (visible window). Default is headless. |
--default-user DEFAULT_USER |
Default username to test first (default: apc). |
--default-pass DEFAULT_PASS |
Default password to test first (default: apc). |
--apc-new-pass APC_NEW_PASS |
New hardened password to set for the default user (e.g. 'apc') when default |
| credentials are still valid. If omitted and not in --auto, you will be | |
| prompted once. | |
--current-user CURRENT_USER |
Fallback username to use when default login fails (default: apc). |
--current-pass CURRENT_PASS |
Fallback password to use when default login fails. If omitted and |
| current-user != default-user, you may be prompted (except when using --auto). | |
--create-admin |
Create a new Super User admin account on hosts where login succeeds. |
--new-admin-user NEW_ADMIN_USER |
New admin username to create (used with --create-admin). |
--new-admin-pass NEW_ADMIN_PASS |
New admin password to set (used with --create-admin). If omitted and not in |
| --auto, you will be prompted. | |
--auto |
Run without interactive prompts for admin creation (non-interactive mode). |
--report-csv REPORT_CSV |
Path to CSV report file to write scan results (optional). |
--report-json REPORT_JSON |
Path to JSON report file to write scan results (optional). |
| Version: 0.2.0 | |
--snmpv3-enable |
Configure and enable SNMPv3 on hosts where login succeeds. |
--snmpv3-profile SNMPV3_PROFILE |
SNMPv3 profile entry name to click in the UI table |
| (default: 'apc snmp profile1'). | |
--snmpv3-user SNMPV3_USER |
SNMPv3 User Name to set inside the profile AND to click in Access Control |
--snmpv3-auth-proto {SHA,MD5,None} |
SNMPv3 authentication protocol (default: SHA). |
--snmpv3-priv-proto {AES,DES,None} |
SNMPv3 privacy protocol (default: AES). |
--snmpv3-auth-pass SNMPV3_AUTH_PASS |
SNMPv3 authentication passphrase |
| (prompted if omitted and not --auto, required if auth-proto != None). | |
--snmpv3-priv-pass SNMPV3_PRIV_PASS |
SNMPv3 privacy passphrase |
| (prompted if omitted and not --auto, required if priv-proto != None). | |
--snmpv3-nms SNMPV3_NMS |
NMS IP/Host Name to allow in SNMPv3 access control |
--disable-snmpv1 |
Disable SNMPv1 after SNMPv3 access control was successfully enabled. |
This tool is designed for:
- Schneider Electric APC UPS Network Management Card 3 (NMC3)
- Web UI using pages like:
logon.htmhome.htmuserman.htmusercfg.htmusrcnfrm.htm
Devices tested include:
- APC Easy UPS 3S
- APC Smart-UPS with NMC3 firmware 2022–2025
- Python 3.9 or later
- Playwright
Install dependencies:
pip install playwright
playwright install
I'll be adding the demo soon!
This tool performs live security configuration changes on UPS devices. Use responsibly and ensure:
- You have explicit authorization
- You follow organizational security policies
- New passwords are stored securely
- Changes are properly documented
The author is not responsible for misuse or misconfiguration.
This project is licensed under the MIT License.
See LICENSE for details.
Pull requests, issues, and feature requests are welcome!
Bruno Teixeira Network & Security Automation — Angola