Rubeus is a full-featured C# toolkit for interacting with Kerberos in Windows Active Directory environments. It supports ticket requests and renewals, golden/silver/diamond ticket forgery, Kerberoasting, AS-REP roasting, constrained delegation abuse, ticket harvesting and monitoring, and much more — all from a single executable.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ghostpack/rubeus/llms.txt
Use this file to discover all available pages before exploring further.
Quickstart
Get Rubeus running and perform your first ticket request in minutes.
Building from Source
Compile Rubeus with Visual Studio or as a library for PowerShell use.
Command Reference
Explore every command, flag, and example from
asktgt to kirbi.Opsec Notes
Understand the security and detection implications of each operation.
What Rubeus Does
Rubeus provides direct, low-level access to Kerberos protocol operations without relying on Windows APIs that are commonly monitored. It is heavily adapted from Benjamin Delpy’s Kekeo and Vincent LE TOUX’s MakeMeEnterpriseAdmin.Ticket Requests
Request TGTs and service tickets using passwords, hashes, or PKINIT certificates.
Ticket Forgery
Forge golden, silver, and diamond tickets with full PAC encoding and LDAP auto-fill.
Roasting
Perform Kerberoasting and AS-REP roasting, outputting Hashcat- or John-compatible hashes.
Delegation Abuse
Abuse S4U2Self and S4U2Proxy for constrained and resource-based delegation attacks.
Harvesting
Continuously monitor and auto-renew TGTs from the logon session cache.
Ticket Management
Inject, list, dump, and purge Kerberos tickets from any logon session.
Key Capabilities
- TGT & TGS requests —
asktgt,asktgs,renewwith password, hash, or certificate auth - Ticket forgery —
golden,silver,diamondwith full PAC construction and LDAP data retrieval - Roasting —
kerberoastandasreproastwith AES/RC4 opsec modes and custom LDAP filters - Delegation —
s4ufor S4U2Self/S4U2Proxy across single and cross-domain environments - Extraction —
dump,triage,klist,tgtdeleg,monitor,harvest - Ticket ops —
ptt,purge,describe,tgssub - Utilities —
hash,createnetonly,changepw,preauthscan,logonsession - KDC proxy —
/proxyurlsupported on all network request commands - PowerShell — usable as a library via
MainString()for PSRemoting scenarios
Rubeus requires .NET 3.5 or 4.0 and targets Windows environments joined to or communicating with Active Directory. Elevated privileges are required for some operations (e.g., dumping tickets from other sessions).