Skip to main content

Active Directory Certificate Services enumeration and abuse

Project description

Certipy - AD CS Attack & Enumeration Toolkit

PyPI version Python License

Certipy is a powerful offensive and defensive toolkit for enumerating and abusing Active Directory Certificate Services (AD CS). It helps red teamers, penetration testers, and defenders assess AD CS misconfigurations - including full support for identifying and exploiting all known ESC1-ESC16 attack paths.

[!WARNING] Use only in environments where you have explicit authorization. Unauthorized use may be illegal.


🔍 Features

  • 🔎 Discover Certificate Authorities and Templates
  • 🚩 Identify misconfigurations
  • 🔐 Request and forge certificates
  • 🎭 Perform authentication using certificates
  • 📡 Relay NTLM authentication to AD CS HTTP(S)/RPC endpoints
  • 🗝️ Support for Shadow Credentials, Golden Certificates, and Certificate Mapping Attacks
  • 🧰 And much more!

📚 Full Wiki & Documentation

Read the full step-by-step usage guide, including installation, vulnerability explanations, examples, and mitigations in the 📘 Certipy Wiki.


⚙️ Installation

See the Installation Guide for instructions on how to install Certipy.


🚀 Quick Start

See the Quick Start Guide for a quick overview of the most common commands and usage examples.


🎯 Supported AD CS Vulnerabilities

Certipy supports detection and exploitation of AD CS vulnerabilities across the full range of ESC1-ESC16.

For detailed explanations and exploitation steps, refer to the Certipy Wiki.


📎 Resources

See the Resources for selection of key resources related to AD CS security.


🤝 Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines on reporting issues, improving documentation, or submitting pull requests.


🌟 Sponsors

Thanks to these generous sponsors for supporting the development of this project. Your contributions help sustain ongoing work and improvements.

User avatar: Henri SaloUser avatar: mxrch

👤 Author

Developed by @ly4k, with valuable contributions from the community.


📘 Wiki

📖 Visit the Certipy Wiki for detailed documentation, usage examples, ESC vulnerability breakdowns, and mitigation advice.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certipy_ad-5.1.0.tar.gz (155.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

certipy_ad-5.1.0-py3-none-any.whl (178.0 kB view details)

Uploaded Python 3

File details

Details for the file certipy_ad-5.1.0.tar.gz.

File metadata

  • Download URL: certipy_ad-5.1.0.tar.gz
  • Upload date:
  • Size: 155.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for certipy_ad-5.1.0.tar.gz
Algorithm Hash digest
SHA256 2b10b3a4e91f8aa1c7e403fef2ec5aa89d84a69e09e7e6e0602af3e036f4271e
MD5 9148ed2c5745f7bdc4ef8a07b22eefd4
BLAKE2b-256 b67c84b900ca98998b06189cafc9c889f41fff64cc1857ad10dd1f9a50cf4f2e

See more details on using hashes here.

File details

Details for the file certipy_ad-5.1.0-py3-none-any.whl.

File metadata

  • Download URL: certipy_ad-5.1.0-py3-none-any.whl
  • Upload date:
  • Size: 178.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for certipy_ad-5.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0ff0d0b78cb1d83349d3ee93fafc2c870198cd36fc59a6d40f0827fe187b5077
MD5 5dbef8b250c9db36faacb2dd901306bf
BLAKE2b-256 54f17a25f7a18518132191651e37a4df293960e5e347b60c32ac88f1f7ba2386

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page