{"id":28974734,"url":"https://github.com/outflanknl/regcertipy","last_synced_at":"2026-03-17T21:05:12.478Z","repository":{"id":300762071,"uuid":"1007012987","full_name":"outflanknl/regcertipy","owner":"outflanknl","description":"Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does","archived":false,"fork":false,"pushed_at":"2025-07-03T11:28:35.000Z","size":126,"stargazers_count":23,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-03T12:31:14.759Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/outflanknl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-23T10:30:08.000Z","updated_at":"2025-07-03T11:28:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"bbe8029e-0cc9-4713-9622-d546783c22f7","html_url":"https://github.com/outflanknl/regcertipy","commit_stats":null,"previous_names":["outflanknl/regcertipy"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/outflanknl/regcertipy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2Fregcertipy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2Fregcertipy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2Fregcertipy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2Fregcertipy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/outflanknl","download_url":"https://codeload.github.com/outflanknl/regcertipy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outflanknl%2Fregcertipy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30631437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T17:32:55.572Z","status":"ssl_error","status_checked_at":"2026-03-17T17:32:38.732Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-24T12:06:22.518Z","updated_at":"2026-03-17T21:05:12.474Z","avatar_url":"https://github.com/outflanknl.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# regcertipy\n\nParses cached certificate templates from a Windows Registry `.reg` file and displays them in the same style as [Certipy](https://github.com/ly4k/Certipy) does.\n\n## Getting started\n\nWe prefer using the [uv package manager](https://docs.astral.sh/uv/), as it will automatically create a virtual environment for you. Alternatively, you can use `pip install regcertipy` within any other Python environment that you manage.\n\n```\n$ uv venv\n$ source .venv/bin/activate\n$ uv pip install regcertipy\n$ regcertipy -h\nusage: regcertipy [-h] [-s SID_FILE] [-f {.reg,reg_bof}] [-text] [-stdout]\n                  [-json] [-csv] [-output prefix] [--neo4j-user NEO4J_USER]\n                  [--neo4j-pass NEO4J_PASS] [--neo4j-host NEO4J_HOST]\n                  [--neo4j-port NEO4J_PORT] [--use-owned-sids]\n                  regfile\n\nRegfile ingestor for Certipy\n\npositional arguments:\n  regfile               Path to the .reg file.\n\noptions:\n  -h, --help            show this help message and exit\n  -s SID_FILE, --sid-file SID_FILE\n                        File containing the user's SIDs\n  -f {.reg,reg_bof}, --input-format {.reg,reg_bof}\n                        Format of input file\n\noutput options:\n  -text                 Output result as formatted text file\n  -stdout               Output result as text directly to console\n  -json                 Output result as JSON\n  -csv                  Output result as CSV\n  -output prefix        Filename prefix for writing results to\n\nBloodHound:\n  --neo4j-user NEO4J_USER\n                        Username for neo4j\n  --neo4j-pass NEO4J_PASS\n                        Password for neo4j\n  --neo4j-host NEO4J_HOST\n                        Host for neo4j\n  --neo4j-port NEO4J_PORT\n                        Port for neo4j\n  --use-owned-sids      Use the SIDs of all owned principals as the user SIDs\n```\n\nUse regedit.exe to export the keys under `HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Cryptography\\CertificateTemplateCache\\`. Then, the .reg file can be fed into regcertipy with: regcertipy \u003cregfile\u003e.\n\n![Example of how to export a .reg file](resources/regedit.png)\n\nAlternatively, it is possible to parse output the Outflank C2 `reg query` command by specifying the `-f reg_bof` flag. This parses the following (truncated) output.\n\n```\n[01/01/1970 12:34:56 PM] (finished) Outflank \u003e reg query -r HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Cryptography\\CertificateTemplateCache\n\nReg Key:   HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Cryptography\\CertificateTemplateCache\n\nReg Value: TimestampAfter\nReg Type:  REG_BINARY\nReg Data:  86F63B1D13E7DB01\n\nReg Value: Timestamp\nReg Type:  REG_BINARY\nReg Data:  86F63B1D13E7DB01\n\nReg Key:   HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Cryptography\\CertificateTemplateCache\\Administrator\n\nReg Value: DisplayName\nReg Type:  REG_SZ\nReg Data:  Administrator\n\nReg Value: SupportedCSPs\nReg Type:  REG_MULTI_SZ\nReg Data:  Microsoft Enhanced Cryptographic Provider v1.0 Microsoft Base Cryptographic Provider v1.0                                                                                             \n\nReg Value: ExtKeyUsageSyntax\nReg Type:  REG_MULTI_SZ\nReg Data:  1.3.6.1.4.1.311.10.3.1 1.3.6.1.4.1.311.10.3.4 1.3.6.1.5.5.7.3.4 1.3.6.1.5.5.7.3.2\n\n[...]\n```\n\n### SIDs\n\nBecause `regcertipy` is intended for offline usage, SIDs cannot be dynamically resolved. Therefore, `regcertipy` includes a couple of options that can be used for offline SID information.\n\nFirstly, the `--sid-file` flag can be used to provide a list of SIDs that the user is a member of. This list can be obtained from BloodHound or other tools.\n\nSecondly, `regcertipy` can use a `neo4j` connection to dynamically resolve SIDs using BloodHound's database. This, combined with the `--use-owned-sids` command can help you find vulnerable templates exploitable by objects marked as owned in BloodHound.\n\n## Development\n\nNote that we use the [Black code formatter](https://black.readthedocs.io/en/stable/) for code formatting. Moreover, we use the Git Flow branching model, meaning that we actively develop on the \"develop\" branch, and merge to the \"main\" branch (\u0026 tag it) when a new release is made, making the \"main\" branch the production branch.\n\n```\n$ uv sync --dev # Also installs the Black code formatter.\n$ uv run black . # To format the current code base.\n$ uv run regcertipy -h\nusage: regcertipy [-h] [-s SID_FILE] [-f {.reg,reg_bof}] [-text] [-stdout]\n                  [-json] [-csv] [-output prefix] [--neo4j-user NEO4J_USER]\n                  [--neo4j-pass NEO4J_PASS] [--neo4j-host NEO4J_HOST]\n                  [--neo4j-port NEO4J_PORT] [--use-owned-sids]\n                  regfile\n\nRegfile ingestor for Certipy\n\npositional arguments:\n  regfile               Path to the .reg file.\n\noptions:\n  -h, --help            show this help message and exit\n  -s SID_FILE, --sid-file SID_FILE\n                        File containing the user's SIDs\n  -f {.reg,reg_bof}, --input-format {.reg,reg_bof}\n                        Format of input file\n\noutput options:\n  -text                 Output result as formatted text file\n  -stdout               Output result as text directly to console\n  -json                 Output result as JSON\n  -csv                  Output result as CSV\n  -output prefix        Filename prefix for writing results to\n\nBloodHound:\n  --neo4j-user NEO4J_USER\n                        Username for neo4j\n  --neo4j-pass NEO4J_PASS\n                        Password for neo4j\n  --neo4j-host NEO4J_HOST\n                        Host for neo4j\n  --neo4j-port NEO4J_PORT\n                        Port for neo4j\n  --use-owned-sids      Use the SIDs of all owned principals as the user SIDs\n```\n\nYou can also run the `__init__.py` or `__main.py__` Python file in your favourite debugger.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foutflanknl%2Fregcertipy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foutflanknl%2Fregcertipy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foutflanknl%2Fregcertipy/lists"}