ENNAENNA

Certipy

FeaturedMIT

馃敟 Offensive OpsPython

Certipy is a Python tool for enumerating and abusing Active Directory Certificate Services (AD CS). It can identify vulnerable certificate templates, request certificates for privilege escalation, perform ESC1-ESC8 attacks, extract CA private keys, and forge certificates. AD CS misconfigurations are among the most impactful attack paths in modern Active Directory environments, and Certipy automates the entire attack chain from enumeration to exploitation.

3.5kstars
457forks
33issues
Updated 2mo ago
+I use this
View on GitHub

Installation

$ pip install certipy-ad

Use Cases

  • AD CS misconfiguration enumeration (ESC1-ESC8)
  • Certificate-based privilege escalation
  • CA private key extraction
  • Certificate forging for domain admin
  • Shadow credential attacks

Tags

active-directorycertificatesadcsprivilege-escalationesc1-esc8pki

Details

Category
馃敟 Offensive Ops
Language
Python
Repository
ly4k/Certipy
License
MIT
Platforms
馃惂linux馃崕macos馃獰windows

Links

GitHub Repository

github.com/ly4k/Certipy

Releases

github.com/ly4k/Certipy/releases

Issues

github.com/ly4k/Certipy/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Used in 1 Workflow

馃敟

Active Directory Attack Path

Advanced6 steps 路 2-5 days

Community Reviews

Alternatives & Comparisons

BloodHound

Go

Active Directory attack path mapping. Visualizes privilege escalation paths using graph theory.

Compare Certipy vs BloodHound

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

Compare Certipy vs Rubeus

Whisker

C#

Shadow Credentials attack tool. Adds rogue Key Credentials to AD objects for Kerberos authentication without knowing passwords.

Compare Certipy vs Whisker

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound

BeEF

Ruby

Browser Exploitation Framework. Hook browsers via XSS, then pivot into the network using browser-based attacks.

browserxsshook