Certify

Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS).

Key features:
- Find information about all registered CAs
- Find all enabled certificate templates
- Find vulnerable/abusable certificate templates using default low-privileged groups
- Find vulnerable/abusable certificate templates using all groups the current user context is a part of
- Find enabled certificate templates where ENROLLEE_SUPPLIES_SUBJECT is enabled
- Find enabled certificate templates capable of client authentication
- Find all enabled certificate templates, display all of their permissions, and don't display the banner message
- Find all enabled certificate templates and output to a json file
- Enumerate access control information for PKI objects
- Request a new certificate using the current user context
- Request a new certificate using the current machine context
- Request a new certificate using the current user context but for an alternate name (if supported)
- Request a new certificate on behalf of another user, using an enrollment agent certificate
- Download an already requested certificate