certipy_scan
Scan Active Directory Certificate Services to identify AD CS vulnerabilities for security assessment and penetration testing.
Instructions
Call this to enumerating Active Directory Certificate Services (AD CS) vulnerabilities. username syntax is: username@domain
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ip | Yes | ||
| username | Yes | ||
| password | Yes | ||
| ntlm | No | ||
| kerberos | No |
Implementation Reference
- src/pentestmcp/server.py:366-373 (handler)The handler function for the 'certipy_scan' tool. It is registered via the @mcp.tool decorator and executes the 'certipy find' command with options based on authentication method (NTLM or Kerberos) to scan for Active Directory Certificate Services vulnerabilities.@mcp.tool(name="certipy_scan",description="Call this to enumerating Active Directory Certificate Services (AD CS) vulnerabilities. username syntax is: username@domain") def certipy_scan(ip:str,username:str,password:str,ntlm:bool=False,kerberos:bool=False): if ntlm: return run_command(["certipy","find","-vulnerable","-u", user ,"-hashes",password,"-dc-ip",ip,"-stdout"]) if kerberos: return run_command(["certipy","find","-vulnerable","-u", user ,"-k","-p",password,"-dc-ip",ip,"-stdout"]) return run_command(["certipy","find","-vulnerable","-u", user ,"-p",password,"-dc-ip",ip,"-stdout"])