Certipy

Overview

Certipy is an offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS). Written in Python, it provides a powerful set of features for penetration testers and security researchers to assess AD CS security.

GitHub Documentation

Key Features

Enumerate AD CS certificate templates and CAs
Request and retrieve certificates
Forge certificates for privilege escalation
Perform various AD CS attacks (e.g., ESC1, ESC8)
Automate complex attack chains

Usage Example

Here's a basic example of how to use Certipy to find vulnerable certificate templates:

certipy find -u user@domain.com -p Password123! -dc-ip 10.10.10.10

This command will enumerate and analyze the AD CS environment, identifying potential vulnerabilities.