MCPcopy
hub / github.com/ly4k/Certipy

github.com/ly4k/Certipy @5.1.0 sqlite

repository ↗ · DeepWiki ↗ · release 5.1.0 ↗
532 symbols 2,272 edges 49 files 499 documented · 94%
README

Certipy - AD CS Attack & Enumeration Toolkit

PyPI version Python License

Certipy is a powerful offensive and defensive toolkit for enumerating and abusing Active Directory Certificate Services (AD CS). It helps red teamers, penetration testers, and defenders assess AD CS misconfigurations - including full support for identifying and exploiting all known ESC1-ESC16 attack paths.

[!WARNING] Use only in environments where you have explicit authorization. Unauthorized use may be illegal.


🔍 Features

  • 🔎 Discover Certificate Authorities and Templates
  • 🚩 Identify misconfigurations
  • 🔐 Request and forge certificates
  • 🎭 Perform authentication using certificates
  • 📡 Relay NTLM authentication to AD CS HTTP(S)/RPC endpoints
  • 🗝️ Support for Shadow Credentials, Golden Certificates, and Certificate Mapping Attacks
  • 🧰 And much more!

📚 Full Wiki & Documentation

Read the full step-by-step usage guide, including installation, vulnerability explanations, examples, and mitigations in the 📘 Certipy Wiki.


⚙️ Installation

See the Installation Guide for instructions on how to install Certipy.


🚀 Quick Start

See the Quick Start Guide for a quick overview of the most common commands and usage examples.


🎯 Supported AD CS Vulnerabilities

Certipy supports detection and exploitation of AD CS vulnerabilities across the full range of ESC1-ESC16.

For detailed explanations and exploitation steps, refer to the Certipy Wiki.


📎 Resources

See the Resources for selection of key resources related to AD CS security.


🤝 Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines on reporting issues, improving documentation, or submitting pull requests.


🌟 Sponsors

Thanks to these generous sponsors for supporting the development of this project. Your contributions help sustain ongoing work and improvements.

User avatar: Henri SaloUser avatar: mxrch


👤 Author

Developed by @ly4k, with valuable contributions from the community.


📘 Wiki

📖 Visit the Certipy Wiki for detailed documentation, usage examples, ESC vulnerability breakdowns, and mitigation advice.

Core symbols most depended-on inside this repo

get
called by 181
certipy/lib/ldap.py
info
called by 168
certipy/commands/shadow.py
handle_error
called by 58
certipy/lib/errors.py
set
called by 48
certipy/lib/ldap.py
try_to_save_file
called by 17
certipy/lib/files.py
e2i
called by 17
certipy/lib/structs.py
read
called by 14
certipy/commands/account.py
to_bytes
called by 14
certipy/lib/kerberos.py

Shape

Method 272
Function 134
Class 126

Languages

Python100%

Modules by API surface

certipy/commands/ca.py59 symbols
certipy/lib/structs.py49 symbols
certipy/lib/req.py48 symbols
certipy/commands/find.py43 symbols
certipy/commands/relay.py34 symbols
certipy/lib/certificate.py32 symbols
certipy/lib/ldap.py29 symbols
certipy/lib/kerberos.py21 symbols
certipy/commands/shadow.py21 symbols
certipy/commands/template.py16 symbols
certipy/commands/parse.py16 symbols
certipy/commands/forge.py16 symbols

Dependencies from manifests, versioned

argcomplete3.6.2 · 1×
asn1crypto1.5.1 · 1×
beautifulsoup44.13.4 · 1×
cryptography42.0.8 · 1×
dnspython2.7.0 · 1×
httpx0.28.1 · 1×
impacket0.13.0 · 1×
ldap32.9.1 · 1×
pyasn10.6.1 · 1×
pycryptodome3.22.0 · 1×
requests2.32.3 · 1×

For agents

$ claude mcp add Certipy \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact