Active Directory Certificate Services enumeration and abuse
Project description
Certipy - AD CS Attack & Enumeration Toolkit
Certipy is a powerful offensive and defensive toolkit for enumerating and abusing Active Directory Certificate Services (AD CS). It helps red teamers, penetration testers, and defenders assess AD CS misconfigurations - including full support for identifying and exploiting all known ESC1-ESC16 attack paths.
[!WARNING] Use only in environments where you have explicit authorization. Unauthorized use may be illegal.
🔍 Features
- 🔎 Discover Certificate Authorities and Templates
- 🚩 Identify misconfigurations
- 🔐 Request and forge certificates
- 🎭 Perform authentication using certificates
- 📡 Relay NTLM authentication to AD CS HTTP(S)/RPC endpoints
- 🗝️ Support for Shadow Credentials, Golden Certificates, and Certificate Mapping Attacks
- 🧰 And much more!
📚 Full Wiki & Documentation
Read the full step-by-step usage guide, including installation, vulnerability explanations, examples, and mitigations in the 📘 Certipy Wiki.
⚙️ Installation
See the Installation Guide for instructions on how to install Certipy.
🚀 Quick Start
See the Quick Start Guide for a quick overview of the most common commands and usage examples.
🎯 Supported AD CS Vulnerabilities
Certipy supports detection and exploitation of AD CS vulnerabilities across the full range of ESC1-ESC16.
For detailed explanations and exploitation steps, refer to the Certipy Wiki.
📎 Resources
See the Resources for selection of key resources related to AD CS security.
🤝 Contributing
Contributions are welcome! See CONTRIBUTING.md for guidelines on reporting issues, improving documentation, or submitting pull requests.
🌟 Sponsors
Thanks to these generous sponsors for supporting the development of this project. Your contributions help sustain ongoing work and improvements.
👤 Author
Developed by @ly4k, with valuable contributions from the community.
📘 Wiki
📖 Visit the Certipy Wiki for detailed documentation, usage examples, ESC vulnerability breakdowns, and mitigation advice.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certipy_ad-5.0.4.tar.gz.
File metadata
- Download URL: certipy_ad-5.0.4.tar.gz
- Upload date:
- Size: 155.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f07a1c52e89e4f126d214dcfd7196640c47084cd2c2d3ea6cacac0b16b3d34bf
|
|
| MD5 |
5c33e301efe49ccc45fcbba92c430c46
|
|
| BLAKE2b-256 |
3865563485b4bb16430b4d68eadede70abe4378d4d1db317a547fcd5bf4b6da4
|
File details
Details for the file certipy_ad-5.0.4-py3-none-any.whl.
File metadata
- Download URL: certipy_ad-5.0.4-py3-none-any.whl
- Upload date:
- Size: 177.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c1c81db4e834cee4c7517300a73f1dc7ca46a2dbdc2818a858ffa9288a6defe7
|
|
| MD5 |
07ed0ced2e453e33913c3f4d6a9dce49
|
|
| BLAKE2b-256 |
4dd8f0a40baa6f587d5e989007084b239b369867ce2fdf1409aa21d2e890d2c4
|
