Skip to content
/ adscan Public

ADscan is a pentesting tool focused on automating collection, enumeration and common attack paths in Active Directory. It provides an interactive TUI with a wide range of commands to streamline internal audits and AD-focused pentests.

www.adscanpro.com

License

View license
14 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ADScanPro/adscan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

29 Commits
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

ADscan Logo

ADscan

Automated Active Directory Security Scanner

Version License Platform Python Discord

Features โ€ข Installation โ€ข Quick Start โ€ข Documentation โ€ข Discord

๐ŸŽฏ Overview

ADscan is a professional pentesting tool that automates Active Directory reconnaissance, enumeration, and exploitation. It reduces AD assessment time from hours to minutes with an intelligent interactive TUI.

Why ADscan?

  • ๐Ÿš€ Auto-pwns retired HTB machines (Forest, Active, Cicada)
  • โšก Shrinks AD recon from hours to minutes
  • ๐ŸŽฎ Perfect for CTFs, labs, and jump-boxes (100% CLI)
  • ๐Ÿ” Semi/automatic modes for labs and production environments
  • ๐Ÿ“Š BloodHound integration with automated path analysis

Try ADscan PRO โ€” Request a 14-day free POV at adscanpro.com ๐Ÿ”ฅ

โœจ Features

๐Ÿ”“ LITE (Free)

  • โœ… Interactive shell (autocomplete, history)
  • โœ… Unauthenticated & authenticated scans
  • โœ… Kerberos attacks (AS-REP, Kerberoast)
  • โœ… BloodHound data collection
  • โœ… Credential dumping (SAM, LSA, DCSync)
  • โœ… Workspace & credential management
  • โœ… Community Discord support

๐Ÿ”’ PRO (Coming Q4 2025)

  • ๐ŸŽฏ Trust relationship auto-enum
  • ๐ŸŽซ ADCS ESC auto-exploit
  • ๐Ÿ“„ One-click Word/PDF reports
  • โ˜๏ธ Cloud-accelerated hash cracking
  • ๐Ÿ” Broad CVE/misconfig checks
  • ๐Ÿข Priority enterprise support
  • ๐Ÿš€ Advanced automation features

๐Ÿ“‹ Requirements

Requirement Details
OS Linux (Debian/Ubuntu/Kali and other Debian-based distros)
Privileges Root access required
Python 3.8+ (managed automatically with binary)
Network Internet for installation, target network access

๐Ÿš€ Installation

Option 1: pipx (Recommended)

pipx install adscan

Option 2: pip

pip install adscan

Option 3: Pre-built Binary

# Download latest release
wget https://github.com/ADscanPro/adscan/releases/latest/download/adscan
chmod +x adscan
sudo mv adscan /usr/local/bin/

Install Dependencies

# Setup Python environment, tools, and wordlists
adscan install

# Verify installation
adscan check

โšก Ready to hack! โ€” Run adscan start and share your results with #adscan on X/Twitter.

โšก Quick Start

1๏ธโƒฃ Start ADscan

adscan start -v

2๏ธโƒฃ Create Workspace

(ADscan) > workspace create my_audit

3๏ธโƒฃ Configure Scan

(ADscan:my_audit) > set iface tun0
(ADscan:my_audit) > set auto False  # Semi-automatic (recommended)

4๏ธโƒฃ Run Scan

Unauthenticated:

(ADscan:my_audit) > set hosts 192.168.1.0/24
(ADscan:my_audit) > start_unauth

Authenticated:

(ADscan:my_audit) > start_auth domain.local 10.10.10.1 username password

5๏ธโƒฃ Follow Prompts

ADscan guides you through enumeration and exploitation automatically! ๐ŸŽฏ

๐ŸŽฌ Interactive Demos

Semi-Automatic Mode (auto=False)

asciicast

Automatic Mode (auto=True)

asciicast

Auto-pwns HTB Forest in ~3 minutes ๐Ÿš€

๐Ÿค– CI/CD Mode

Run ADscan non-interactively for automated testing:

# Unauthenticated scan
adscan ci unauth --type ctf --interface tun0 --hosts 10.10.10.10

# Authenticated scan
adscan ci auth --type ctf --interface tun0 \
  --domain example.local --dc-ip 10.10.10.1 \
  --username user --password pass

# Keep workspace for debugging
adscan ci unauth --type ctf --interface tun0 --hosts 10.10.10.10 --keep-workspace

Exit Codes:

  • 0: Success with flags validated
  • 1: Scan failed
  • 2: Scan successful but flags invalid/missing

๐Ÿ“š Documentation

Comprehensive documentation available at adscanpro.com/docs

๐Ÿ† Tested On

Provider Machine Status
Hack The Box Forest (Retired) โœ… Auto-pwned in ~3min
Hack The Box Active (Retired) โœ… Auto-pwned
Hack The Box Cicada (Retired) โœ… Auto-pwned

Contribute: If you auto-pwn labs with ADscan, open a PR to add them to the matrix!

๐Ÿ”’ Security & Privacy

  • Telemetry: Opt-in by default (toggle with set telemetry off)
  • No sensitive data: Only anonymized error data and feature usage
  • Local-first: All data stored in ~/.adscan/workspaces/
  • Open source LITE: Transparent security tool

๐Ÿ—บ๏ธ Roadmap

Quarter Milestone
Q3 2025 More ACL exploitation, pre-2k module, Kerberos unconstrained pathing
Q4 2025 PRO release โ€” Trust enum, ADCS ESC, auto reports
Q1 2026 NTLM relay chain, SCCM module
Q2 2026 PwnDoc integration, cloud-accelerated cracking

Timelines are targets, not promises. Features may adjust based on feedback.

๐Ÿ’ฌ Community & Support

Discord GitHub Website

Need help?

๐ŸŽ“ Presented At

Announcement: ADscan was presented at Hackรฉn 2025 cybersecurity conference.

๐Ÿ“œ License

ยฉ 2025 Yeray Martรญn Domรญnguez โ€” Released under custom EULA ADscan LITE 2.3.1 | PRO edition: Q4 2025

โญ Star this repo if ADscan helped you! | ๐Ÿ”— Share with #adscan

Made with โค๏ธ for the pentesting community

About

ADscan is a pentesting tool focused on automating collection, enumeration and common attack paths in Active Directory. It provides an interactive TUI with a wide range of commands to streamline internal audits and AD-focused pentests.

www.adscanpro.com

Topics

active-directory bloodhound pentesting pentest-tool adscan

Resources

Readme

License

View license
Activity

Stars

14 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 10

ADscan v3.0.1 Latest
Dec 1, 2025
+ 9 releases

Packages

No packages published