NOTE Please checkout Abuse ADCS instead of using PSPKIAudit.
PowerShell toolkit for auditing Active Directory Certificate Services (AD CS).
Download PowerShell script from Github.com
Invoke-PKIAudit -CAName <CA-DNS>
PS > Invoke-PKIAudit -CAName offsec-CA-2019
_____ _____ _____ _ _______ _ _ _
| __ \ / ____| __ \| |/ /_ _| /\ | (_) |
| |__) | (___ | |__) | ' / | | / \ _ _ __| |_| |_
| ___/ \___ \| ___/| < | | / /\ \| | | |/ ` | | __|
| | ____) | | | . \ _| |_ / ____ \ |_| | (_| | | |_
|_| |_____/|_| |_|\_\_____/_/ \_\__,_|\__,_|_|\__|
v0.3.6
[*] Enumerating certificate authorities with Get-AuditCertificateAuthority...
=== Certificate Authority ===
ComputerName : CA-2019.offsec.local
CAName : offsec-CA-2019
ConfigString : CA-2019.offsec.local\offsec-CA-2019-
IsRoot : True
AllowsUserSuppliedSans : False
VulnerableACL : False
EnrollmentPrincipals : NT AUTHORITY\Geverifieerde gebruikers
EnrollmentEndpoints : http://CA-2019.offsec.local/certsrv/
NTLMEnrollmentEndpoints : http://CA-2019.offsec.local/certsrv/
DACL : NT AUTHORITY\Geverifieerde gebruikers (Allow) - Enroll
Built-in\Administrators (Allow) - ManageCA, ManageCertificates
offsec\Domain Admins (Allow) - ManageCA, ManageCertificates
offsec\Enterprise Admins (Allow) - ManageCA, ManageCertificates
Misconfigurations : ESC8
[!] The above CA is misconfigured!
[*] No vulnerable certificate templates found for this CA.
[*] NOTE: this is not a guarantee that this CA environment is secure!