# Certificate Vulnerabilities

## Certipy

[ly4k's Certipy](https://github.com/ly4k/Certipy) is an offensive tool for
enumerating and abusing Active Directory Certificate Services (AD CS).

### Find Vulnerabilities Using Certipy

The `find` argument takes the DC's IP address a found user and a password.
Output is a text and JSON file containing information about the gathered
certificates and found vulnerabilities.

```sh
certipy find -u $USERNAME -p $PASSWORD -dc-ip $DC_IP
```

### Separate Certification and Keys from PFX Files Using Certipy

Separate a certificate and key from a `pfx` file in the following way

```sh
certipy cert -pfx file.pfx -nocert -out file.key
certipy cert -pfx file.pfx -nokey -out file.key
```