Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ghostpack/rubeus/llms.txt

Use this file to discover all available pages before exploring further.

Rubeus is a full-featured C# toolkit for interacting with Kerberos in Windows Active Directory environments. It supports ticket requests and renewals, golden/silver/diamond ticket forgery, Kerberoasting, AS-REP roasting, constrained delegation abuse, ticket harvesting and monitoring, and much more — all from a single executable.

Quickstart

Get Rubeus running and perform your first ticket request in minutes.

Building from Source

Compile Rubeus with Visual Studio or as a library for PowerShell use.

Command Reference

Explore every command, flag, and example from asktgt to kirbi.

Opsec Notes

Understand the security and detection implications of each operation.

What Rubeus Does

Rubeus provides direct, low-level access to Kerberos protocol operations without relying on Windows APIs that are commonly monitored. It is heavily adapted from Benjamin Delpy’s Kekeo and Vincent LE TOUX’s MakeMeEnterpriseAdmin.

Ticket Requests

Request TGTs and service tickets using passwords, hashes, or PKINIT certificates.

Ticket Forgery

Forge golden, silver, and diamond tickets with full PAC encoding and LDAP auto-fill.

Roasting

Perform Kerberoasting and AS-REP roasting, outputting Hashcat- or John-compatible hashes.

Delegation Abuse

Abuse S4U2Self and S4U2Proxy for constrained and resource-based delegation attacks.

Harvesting

Continuously monitor and auto-renew TGTs from the logon session cache.

Ticket Management

Inject, list, dump, and purge Kerberos tickets from any logon session.

Key Capabilities

  • TGT & TGS requestsasktgt, asktgs, renew with password, hash, or certificate auth
  • Ticket forgerygolden, silver, diamond with full PAC construction and LDAP data retrieval
  • Roastingkerberoast and asreproast with AES/RC4 opsec modes and custom LDAP filters
  • Delegations4u for S4U2Self/S4U2Proxy across single and cross-domain environments
  • Extractiondump, triage, klist, tgtdeleg, monitor, harvest
  • Ticket opsptt, purge, describe, tgssub
  • Utilitieshash, createnetonly, changepw, preauthscan, logonsession
  • KDC proxy/proxyurl supported on all network request commands
  • PowerShell — usable as a library via MainString() for PSRemoting scenarios
Rubeus requires .NET 3.5 or 4.0 and targets Windows environments joined to or communicating with Active Directory. Elevated privileges are required for some operations (e.g., dumping tickets from other sessions).

Build docs developers (and LLMs) love