macOS
brew install certsynclocal Homebrew formula metadata
sudo port install certsyncMacPorts ports tree · security/certsync/Portfile · source: api.github.com
brew
Dump NTDS with golden certificates and UnPAC the hash. Version 0.1.6 via Homebrew; verified 2026-05-20.
install
brew install certsynclocal Homebrew formula metadata
sudo port install certsyncMacPorts ports tree · security/certsync/Portfile · source: api.github.com
nix profile install nixpkgs#certsyncnixpkgs package indexes · pkgs/by-name/ce/certsync/package.nix · source: api.github.com
overview
Dump NTDS with golden certificates and UnPAC the hash
history
certsync is an Active Directory Certificate Services attack tool for remotely dumping NTDS data without DRSUAPI. Its README describes a workflow based on golden certificates and UnPAC the hash.
The upstream GitHub repository was created in January 2023, with the first commit on the same day. A 0.1.6 GitHub release followed in March 2024, and the project is published as a Python package as well as source.
The README documents local installation, PyPI installation, and BlackArch packaging, and links a Repology packaging-status badge. The supplied package facts also list Homebrew, MacPorts, and Nix packages.
certsync collects users, CA information, and CRLs over LDAP, dumps the CA certificate and private key or uses a supplied CA PFX, forges certificates, and uses PKINIT plus UnPAC to recover hashes. Its options cover password, NTLM hash, Kerberos cache, AES key, DNS, LDAP filtering, and OPSEC timing controls.
certsync is package-nerd interesting because it represents the fast path from a newly described ADCS tradecraft technique to broad packaging in security distributions and general package managers. It is niche, but package presence makes lab and assessment reproduction much easier.
security posture
No matching local secret-handling manifest was found for certsync. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
certsync | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/zblurx/certsync
install metadata
| Package key | brew:certsync |
|---|---|
| Version | 0.1.6 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/certsync |
| Homepage | https://github.com/zblurx/certsync |
| Repository | https://github.com/zblurx/certsync |
| Upstream docs | https://github.com/zblurx/certsync#readme |
| License | MIT |
| Source archive | https://files.pythonhosted.org/packages/c8/75/3928920bdbfb0af317446236fad17b47a1d6aad507f1ae2eed6bbf7e7ad9/certsync-0.1.6.tar.gz |
| Last updated | 2026-05-20T11:47:05Z |
| Pulse | updated |
| Dependencies | certifi, cryptography, python@3.14 |
| Uses from macOS | libffi |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | certsync |
| Version Scheme | 0 |
| Revision | 10 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
certsync
nix profile install nixpkgs#certsynccertsync
sudo port install certsyncsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.