Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy‘s Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX‘s MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.
Charlie Clark and Ceri Coburn have both made significant contributions as co-developers to the Rubeus codebase. Elad Shamir contributed some essential work for resource-based constrained delegation. Their work is very appreciated!
Rubeus also uses a C# ASN.1 parsing/encoding library from Thomas Pornin named DDer that was released with an “MIT-like” license. Huge thanks to Thomas for his clean and stable code!
PKINIT code heavily adapted from @SteveSyfuhs‘s Bruce tool. Bruce made RFC4556 (PKINIT) a lot easier to understand. Huge thanks to Steve!
NDR encoding and decoding for Kerberos PAC is based on the NtApiDotNet library from @tiraniddo, thank you James.
The KerberosRequestorSecurityToken.GetRequest method for Kerberoasting was contributed to PowerView (and then incorporated into Rubeus) by @machosec.
@harmj0y is the primary author of this code base.
Rubeus is licensed under the BSD 3-Clause license.
For the full docs please refer to here.. cya..
