Code
Hub
Workspaces
Following
Trending
Connect
MCP
copy
Index your code
hub
/
github.com/ly4k/Certipy
/ functions
Functions
406 in github.com/ly4k/Certipy
⨍
Functions
406
◇
Types & classes
126
↓ 181 callers
Method
get
Get an attribute value from the LDAP entry with support for default values. This method provides convenient access to LDAP attribute
certipy/lib/ldap.py:96
↓ 168 callers
Method
info
Show detailed information about a specific Key Credential. Returns: True if the Key Credential was found and info displa
certipy/commands/shadow.py:579
↓ 58 callers
Function
handle_error
Handle errors by printing the error message and exiting the program. This function is a placeholder for error handling logic. It can be exte
certipy/lib/errors.py:53
↓ 48 callers
Method
set
Set an attribute value in the LDAP entry. Args: key: Attribute name to set value: Value to assign to the att
certipy/lib/ldap.py:121
↓ 17 callers
Function
e2i
Convert an Impacket enum member to its integer value. Static type analysis is confused by the fact that Impacket enums are not standard
certipy/lib/structs.py:635
↓ 17 callers
Function
try_to_save_file
Try to write data to a file or stdout if file writing fails. This function attempts to save data to the specified path. If writing fails,
certipy/lib/files.py:17
↓ 14 callers
Method
read
Read and display account attributes. This method retrieves and displays key attributes of the specified account. Returns:
certipy/commands/account.py:212
↓ 14 callers
Method
to_bytes
Convert the token to its binary representation. Returns: Tuple of (header_bytes, data_bytes)
certipy/lib/kerberos.py:190
↓ 13 callers
Method
lookup_sid
Look up an object by its SID. This method finds an Active Directory object by its security identifier, or returns a syntheti
certipy/lib/ldap.py:1251
↓ 12 callers
Method
get_user
Find a user by samAccountName. This method searches for a user by samAccountName and automatically handles computer account
certipy/lib/ldap.py:1071
↓ 12 callers
Method
search
Search the LDAP directory with the given filter and return matching entries. Args: search_filter: LDAP search filter str
certipy/lib/ldap.py:1005
↓ 12 callers
Function
translate_error_code
Translate a Windows API error code to a human-readable string. Args: error_code: Windows API error code (HRESULT) Returns:
certipy/lib/errors.py:24
↓ 10 callers
Method
connect
Connect to the LDAP server with the specified SSL/TLS version. This method establishes a connection to the LDAP server and handles
certipy/lib/ldap.py:592
↓ 9 callers
Method
_get_sam_account_name
Get the SAM account name from a user entry. Args: user: LDAP user entry Returns: SAM account name s
certipy/commands/shadow.py:285
↓ 9 callers
Function
cert_id_to_parts
Extract username and domain from certificate identities. Args: identities: List of (id_type, id_value) tuples from certificate
certipy/lib/certificate.py:148
↓ 8 callers
Function
create_pfx
Create a PKCS#12/PFX container with certificate and private key. Args: key: Private key object cert: Certificate object
certipy/lib/certificate.py:585
↓ 8 callers
Method
get_user_sids
Get all SIDs associated with a user, including groups. This method collects all security identifiers (SIDs) that apply to a user,
certipy/lib/ldap.py:1150
↓ 8 callers
Method
resolve
Resolve hostname to IP address using DNS or local resolution. Uses cache for previously resolved hostnames. Args:
certipy/lib/target.py:411
↓ 7 callers
Function
cert_to_der
Convert certificate to DER format.
certipy/lib/certificate.py:447
↓ 7 callers
Function
der_to_cert
Convert DER-encoded certificate to object.
certipy/lib/certificate.py:517
↓ 7 callers
Method
from_options
Create a Target from command line options. Args: options: Command line options dc_as_target: Whether to use
certipy/lib/target.py:106
↓ 7 callers
Function
get_subject_from_str
Create a Name object from a subject string. Args: subject: Subject DN string Returns: x509.Name object
certipy/lib/certificate.py:748
↓ 7 callers
Function
hash_digest
Compute hash digest of data. Args: data: Data to hash hash_algorithm: Hash algorithm to use Returns: Hash diges
certipy/lib/certificate.py:690
↓ 7 callers
Function
is_admin_sid
Check if a security identifier (SID) belongs to an administrative group. This function identifies built-in administrator accounts and groups
certipy/lib/security.py:177
↓ 7 callers
Function
load_pfx
Load key and certificate from PKCS#12/PFX data. Args: pfx: PKCS#12 data password: Optional decryption password Returns:
certipy/lib/certificate.py:649
↓ 7 callers
Method
request
Send a request to the CA service. Args: req: Request object *args: Additional arguments **kwargs
certipy/commands/ca.py:241
↓ 7 callers
Method
to_list
Decompose flag into list of individual flags. Returns: List of individual flag members
certipy/lib/structs.py:91
↓ 7 callers
Method
update
Update an existing account's attributes. This method modifies specified attributes of an existing account. Returns:
certipy/commands/account.py:253
↓ 6 callers
Method
_get_target_dn
Get the distinguished name from a user entry and validate it. Args: user: LDAP user entry Returns:
certipy/commands/shadow.py:265
↓ 6 callers
Function
_log_response_if_verbose
Log response content if verbose logging is enabled. Args: content: Response content to log
certipy/lib/req.py:755
↓ 6 callers
Method
find
Discover and analyze AD CS components and detect vulnerabilities. This is the main entry point that: 1. Discovers templates,
certipy/commands/find.py:262
↓ 6 callers
Function
is_verbose
Check if verbose logging is enabled. Returns: Boolean indicating whether verbose logging is enabled
certipy/lib/logger.py:28
↓ 6 callers
Function
to_pascal_case
Convert a snake_case string to PascalCase. Args: snake_str: String in snake_case format Returns: String converted to Pa
certipy/lib/formatting.py:16
↓ 5 callers
Method
add
Add a new entry to the LDAP directory. Args: *args: Arguments to pass to the underlying LDAP add operation *
certipy/lib/ldap.py:945
↓ 5 callers
Method
decrypt
(self, answer: bytes)
certipy/lib/ntlm.py:542
↓ 5 callers
Method
encrypt
Encrypt data using the appropriate Kerberos cipher. Automatically selects between RC4 and AES encryption based on the cipher
certipy/lib/kerberos.py:228
↓ 5 callers
Method
format_principals
Format a list of SIDs into a human-readable string. Args: sids: List of SIDs to format Returns: Lis
certipy/commands/find.py:2430
↓ 5 callers
Method
from_bytes
Parse a mechanism independent token from its binary representation. Args: data: Binary data to parse Returns:
certipy/lib/kerberos.py:119
↓ 5 callers
Function
pretty_print
Pretty print a dictionary with customizable indentation and padding. Handles nested dictionaries, lists, and various data types with appropr
certipy/lib/formatting.py:42
↓ 5 callers
Function
rsa_pkcs1v15_sign
Sign data using RSA PKCS#1 v1.5 padding. Args: data: Data to sign key: Private key for signing hash_algorithm: Hash
certipy/lib/certificate.py:665
↓ 4 callers
Method
__init__
Initialize the NTLM relay attack. Args: target: Target AD CS server (http://server/certsrv/ or rpc://server)
certipy/commands/relay.py:789
↓ 4 callers
Method
__init__
Initialize CA management object. Args: target: Target information (hostname, credentials, etc.) ca: CA name
certipy/commands/ca.py:326
↓ 4 callers
Function
csr_to_der
Convert CSR to DER format.
certipy/lib/certificate.py:432
↓ 4 callers
Method
encrypt
(self, plain_data: bytes)
certipy/lib/ntlm.py:527
↓ 4 callers
Function
get_dcom_connection
Establish a DCOM connection to the target. Args: target: Target object containing connection parameters Returns: DCOMCo
certipy/lib/rpc.py:21
↓ 4 callers
Function
get_identities_from_certificate
Extract identity information from a certificate. Args: certificate: X.509 certificate to analyze Returns: List of tuple
certipy/lib/certificate.py:261
↓ 4 callers
Method
get_key_credentials
Retrieve the current Key Credentials for a user. Args: target_dn: Distinguished name of the target user user
certipy/commands/shadow.py:98
↓ 4 callers
Function
get_tgs
Obtain a Ticket Granting Service (TGS) ticket for the specified service. This function implements a multi-step strategy for acquiring a TGS:
certipy/lib/kerberos.py:682
↓ 4 callers
Method
request
Request a new certificate from AD CS. Returns: PFX data and filename if successful, False otherwise
certipy/lib/req.py:1393
↓ 4 callers
Method
set_key_credentials
Set new Key Credentials for a user. Args: target_dn: Distinguished name of the target user user: LDAP user e
certipy/commands/shadow.py:127
↓ 4 callers
Method
sign
(self, data: bytes, seq: int = 0, reset_cipher: bool = False)
certipy/lib/ntlm.py:555
↓ 3 callers
Function
_convert_to_binary
Convert string hex representation to binary bytes. Args: data: String hex representation or None Returns: Bytes represe
certipy/lib/kerberos.py:83
↓ 3 callers
Method
add
Add a right for a user on the CA. Args: user: Username right: Right to add (from CERTIFICATION_AUTHORITY_RIG
certipy/commands/ca.py:1080
↓ 3 callers
Function
cert_to_pem
Convert certificate to PEM format.
certipy/lib/certificate.py:442
↓ 3 callers
Function
create_csr
Create a certificate signing request (CSR) with optional extensions. Args: username: Username for the subject alt_dns: Alter
certipy/lib/certificate.py:766
↓ 3 callers
Function
create_csr_attributes
Create a list of CSR attributes based on the provided template and Subject Alternative Name options. This function generates the attributes
certipy/lib/certificate.py:995
↓ 3 callers
Function
create_key_archival
Create a key archival request. Args: csr: Certificate signing request private_key: Private key to be archived cax_ce
certipy/lib/certificate.py:1287
↓ 3 callers
Method
decrypt
Decrypt data using the appropriate Kerberos cipher. Automatically selects between RC4 and AES decryption based on the cipher
certipy/lib/kerberos.py:247
↓ 3 callers
Method
finish_run
Clean up after attack completion.
certipy/commands/relay.py:585
↓ 3 callers
Function
generate_rsa_key
Generate a new RSA private key. Args: key_size: Key size in bits (default: 2048) Returns: RSA private key object
certipy/lib/certificate.py:532
↓ 3 callers
Method
get_configuration
Retrieve the configuration for a certificate template from AD. Searches for the template by CN or displayName and returns its config
certipy/commands/template.py:237
↓ 3 callers
Function
get_dce_rpc_from_string_binding
Create a DCE RPC connection from a string binding. Args: string_binding: The RPC string binding (e.g., "ncacn_np:server[pipe]")
certipy/lib/rpc.py:67
↓ 3 callers
Function
get_device_id_and_creation_from_binary
Extract Device ID and Creation Time from a Key Credential binary. Args: key_credential: Key Credential binary data or DNWithBinary s
certipy/commands/shadow.py:730
↓ 3 callers
Function
get_object_sid_from_certificate
Extract a Security Identifier (SID) from a certificate using multiple methods. This function attempts to find SIDs in both the Subject Alter
certipy/lib/certificate.py:384
↓ 3 callers
Method
get_raw
Get the raw (unprocessed) attribute value from the LDAP entry. Args: key: Attribute name to retrieve Returns:
certipy/lib/ldap.py:131
↓ 3 callers
Method
get_serial_number
Get the certificate serial number. Returns: Integer representation of the serial number
certipy/commands/forge.py:139
↓ 3 callers
Function
handle_pending_key_save
Offer to save the private key for pending certificate requests. Args: request_id: The certificate request ID key: The privat
certipy/lib/req.py:477
↓ 3 callers
Function
handle_request_response
Process a successful certificate request by saving the certificate and private key. Args: cert: The issued certificate key:
certipy/lib/req.py:357
↓ 3 callers
Function
handle_retrieve
Process a retrieved certificate by saving it with the private key if available. Args: cert: The retrieved certificate reques
certipy/lib/req.py:415
↓ 3 callers
Function
handle_rpc_request_response
Process the RPC certificate request response. Args: response: The RPC response dictionary Returns: Certificate object i
certipy/lib/req.py:311
↓ 3 callers
Function
is_ip
Check if the given hostname is an IP address. Args: hostname: The hostname to check Returns: bool: True if the hostname
certipy/lib/target.py:465
↓ 3 callers
Function
key_to_pem
Convert private key to PEM format (PKCS#8). Args: key: Private key object Returns: PEM-encoded key as bytes
certipy/lib/certificate.py:452
↓ 3 callers
Method
modify
Modify an existing entry in the LDAP directory. Args: *args: Arguments to pass to the underlying LDAP modify operation
certipy/lib/ldap.py:985
↓ 3 callers
Method
shutdown
Gracefully shut down the relay server.
certipy/commands/relay.py:1025
↓ 3 callers
Function
web_retrieve
Retrieve a certificate via the web enrollment interface. Args: session: HTTP session client request_id: The certificate requ
certipy/lib/req.py:607
↓ 2 callers
Method
__init__
Initialize an LDAP connection with the specified target. Args: target: Target object containing connection details
certipy/lib/ldap.py:554
↓ 2 callers
Method
__init__
Initialize a certificate request object. Args: target: Target information including host and authentication
certipy/lib/req.py:1243
↓ 2 callers
Method
_check_ldap_result
Handle LDAP errors based on the result dictionary. Args: result: Result dictionary from the LDAP bind operation
certipy/lib/ldap.py:908
↓ 2 callers
Function
_determine_output_filename
Determine the output filename to use for saving certificates/keys. Args: out: User-specified output name (if any) identities
certipy/lib/req.py:670
↓ 2 callers
Method
_get_length
Extract ASN.1 length from the given data. Args: data: Binary data containing ASN.1 length Returns:
certipy/lib/kerberos.py:148
↓ 2 callers
Function
_handle_other_errors
Handle other certificate request errors. Args: content: Response content
certipy/lib/req.py:724
↓ 2 callers
Method
_modify_ca_security
Add or remove rights for a user on the CA. Args: user: Username right: Right to add/remove (from CERTIFICATI
certipy/commands/ca.py:938
↓ 2 callers
Method
_parse_hex_data
Parse hex data that might span multiple lines. Args: initial_data: The initial hex data string lines_iter: I
certipy/commands/parse.py:506
↓ 2 callers
Function
_try_binding
Try to connect to a specific string binding.
certipy/lib/rpc.py:211
↓ 2 callers
Method
_try_connection
Try to connect to the Web Enrollment interface. Args: session: HTTP session to use base_url: Base URL to con
certipy/lib/req.py:1135
↓ 2 callers
Method
add_new_key_credential
Add a new Key Credential to a user. Args: target_dn: Distinguished name of the target user user: LDAP user e
certipy/commands/shadow.py:209
↓ 2 callers
Method
authenticate
Authenticate using a certificate. This is the main entry point for authentication. It will determine whether to use LDAP or
certipy/commands/auth.py:253
↓ 2 callers
Method
check_web_enrollment
Check if web enrollment is enabled on the CA. Args: ca: Certificate authority object channel: Protocol to ch
certipy/commands/find.py:633
↓ 2 callers
Method
create
Create a new computer account in Active Directory. This method creates a computer account with the specified properties, or
certipy/commands/account.py:98
↓ 2 callers
Function
create_ace
(sid: str, mask: CertificateRights)
certipy/lib/security.py:207
↓ 2 callers
Method
create_application_policies
Create an extension containing the application policies for the certificate. Returns: UnrecognizedExtension containing t
certipy/commands/forge.py:289
↓ 2 callers
Method
create_sid_extension
Create an extension containing the SID for the certificate. Returns: UnrecognizedExtension containing the SID or None if
certipy/commands/forge.py:257
↓ 2 callers
Method
create_smime_extension
Create an extension containing the S/MIME capability for the certificate. Returns: UnrecognizedExtension containing the
certipy/commands/forge.py:312
↓ 2 callers
Method
create_subject_alternative_names
Create subject alternative names for the certificate. Returns: List of subject alternative name entries
certipy/commands/forge.py:218
↓ 2 callers
Function
csr_to_pem
Convert CSR to PEM format.
certipy/lib/certificate.py:437
↓ 2 callers
Method
dce_request
Send a DCE RPC request and handle the response. This wrapper method properly handles the DCE RPC request to ensure static co
certipy/lib/req.py:942
↓ 2 callers
Function
der_to_csr
Convert DER-encoded CSR to object.
certipy/lib/certificate.py:502
↓ 2 callers
Method
enable
Enable or disable a template on the CA. Args: disable: If True, disable the template; otherwise enable it Retur
certipy/commands/ca.py:833
↓ 2 callers
Function
filetime_to_str
Convert Windows FILETIME to a human-readable time span string. This is a convenience function that combines filetime_to_span() and span_
certipy/lib/time.py:112
↓ 2 callers
Method
get_allowed_hash_algorithm
Get an appropriate hash algorithm for certificate signing. Args: template_hash_algorithm: Hash algorithm from template c
certipy/commands/forge.py:329
next →
1–100 of 406, ranked by callers