Free Active Directory pentesting CLI for AD enumeration, BloodHound, Kerberoasting, AS-REP roasting, ADCS, DCSync, password spraying, and CTF labs.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ADScan from gravatar.com ADScan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: ADscan
  • Tags active-directory , activedirectory , pentesting , penetration-testing , enumeration , bloodhound , kerberoasting , as-rep-roasting , adcs , dcsync , password-spraying , red-team , ctf
  • Requires: Python >=3.9
  • Provides-Extra: dev , cli
Classifiers
Report project as malware

Project description

adscan_wordmark_horizontal_transparent_cropped

ADscan - Active Directory Pentesting CLI

Version downloads License: BSL 1.1 Platform Discord

Free Active Directory pentesting CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, and attack paths.

ADscan is a free Linux CLI for pentesters, red teamers, and security consultants who need one workflow for Active Directory enumeration, BloodHound collection, Kerberoasting, AS-REP roasting, ADCS checks, password spraying, DCSync, credential dumping, and evidence export.

It is built for real internal Active Directory assessments and labs, so you can go from unauthenticated recon to privilege escalation from one terminal instead of juggling isolated scripts, cheatsheets, and wrappers.

Docs | Discord | Website

🎬 Demo

asciicast

Auto-pwns HTB Forest in ~3 minutes

🚀 Quick Start

pipx install adscan
adscan install
adscan start

Full installation guide & docs at adscanpro.com/docs

🎯 Why Pentesters Use ADscan

  • Active Directory enumeration from one CLI: DNS, LDAP, SMB, Kerberos, trust, ADCS, and BloodHound-ready collection in one workflow.
  • Attack execution without tool-hopping: Kerberoasting, AS-REP roasting, password spraying, GPP, DCSync, and credential workflows stay inside the same workspace.
  • Built for real pentest cadence: use it in internal AD audits, red team operations, HTB/VulnLab labs, and repeatable attack-path validation.
  • Evidence-first output: keep domain-scoped workspaces and export TXT/JSON artifacts for reports, retesting, or client handoff.

⚡ Common Active Directory Pentest Workflows

Use ADscan when you need to move quickly through internal Active Directory assessments:

  • CTF and lab auto-pwn: reproduce HTB Forest, Active, and Cicada attack chains from the docs.
  • Unauthenticated AD recon: discover domains, DNS, SMB exposure, null sessions, users, and roastable accounts.
  • Authenticated enumeration: collect LDAP, SMB, Kerberos, ADCS, BloodHound CE data, and credential exposure.
  • Privilege escalation: execute supported Kerberoasting, AS-REP Roasting, DCSync, GPP password, ADCS, and local credential workflows.
  • Evidence handling: keep workspaces isolated and export findings to TXT/JSON for reports.

🧭 Usage Examples

adscan start
start_unauth

More walkthroughs:

🧪 Developer Setup (uv)

For local development in this repository:

uv sync --extra dev
uv run adscan --help
uv run adscan version

Quality checks:

uv run ruff check adscan_core adscan_launcher adscan_internal
uv run pytest -m unit
uv run python -m build

✨ Active Directory Attack Coverage

LITE (Free, Source Available)

Everything a pentester could do manually, 10x faster:

  • ✅ Three operation modes (automatic/semi-auto/manual)
  • ✅ DNS, LDAP, SMB, Kerberos enumeration
  • ✅ AS-REP Roasting & Kerberoasting
  • ✅ Password spraying
  • ✅ BloodHound collection & analysis
  • ✅ Credential harvesting (SAM, LSA, DCSync)
  • ✅ ADCS detection & template enumeration
  • ✅ GPP passwords & CVE enumeration
  • ✅ Export to TXT/JSON
  • ✅ Workspace & evidence management

PRO

What nobody can do manually in reasonable time:

  • 🎯 Algorithmic attack graph generation
  • 🎯 Auto-exploitation chains (DNS to DA)
  • 🎯 ADCS ESC1-13 auto-exploitation
  • 🎯 MITRE-mapped Word/PDF reports
  • 🎯 Multi-domain trust spidering
  • 🎯 Advanced privilege escalation chains
  • 🎯 Priority enterprise support

Full comparison | Learn more

📋 Requirements
OS Linux (Debian/Ubuntu/Kali)
Docker Docker Engine + Compose
Privileges docker group or sudo
Network Internet (pull images) + target network

📜 License

Source available under the Business Source License 1.1.

  • Use freely for pentesting (personal or paid engagements)
  • Read, modify, and redistribute the source code
  • Cannot create a competing commercial product
  • Converts to Apache 2.0 on 2029-02-01

💬 Community

Discord GitHub Issues

🤝 Contributing

Bug reports, lab reproductions, command-output samples, and focused pull requests are welcome. See CONTRIBUTING.md and open an issue with your OS, Docker version, ADscan version, command, and sanitized output.

Enterprise support: hello@adscanpro.com

(c) 2024-2026 Yeray Martin Dominguez | adscanpro.com

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ADScan from gravatar.com ADScan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: ADscan
  • Tags active-directory , activedirectory , pentesting , penetration-testing , enumeration , bloodhound , kerberoasting , as-rep-roasting , adcs , dcsync , password-spraying , red-team , ctf
  • Requires: Python >=3.9
  • Provides-Extra: dev , cli
Classifiers

Release history Release notifications | RSS feed

This version

8.0.0

7.2.0

7.1.0

7.0.0

6.5.0

6.4.2

6.4.1

6.4.0

6.3.0

6.2.3

6.2.2

6.2.1

6.2.0

6.1.0

6.0.0

5.2.0

5.1.4

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

adscan-8.0.0.tar.gz (241.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

adscan-8.0.0-py3-none-any.whl (258.4 kB view details)

Uploaded Python 3

File details

Details for the file adscan-8.0.0.tar.gz.

File metadata

  • Download URL: adscan-8.0.0.tar.gz
  • Upload date:
  • Size: 241.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.13

File hashes

Hashes for adscan-8.0.0.tar.gz
Algorithm Hash digest
SHA256 6ea766e119237bfd47b332cacb13f326e504740e98ecc124413e5fe0fe4e4969
MD5 8ad3c991ad4598e630f58c698f6004d7
BLAKE2b-256 4bb3060415d481104e80edf0ca980a8a8c2b181bd9a207849f90d8a7b5ff0d76

See more details on using hashes here.

File details

Details for the file adscan-8.0.0-py3-none-any.whl.

File metadata

  • Download URL: adscan-8.0.0-py3-none-any.whl
  • Upload date:
  • Size: 258.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.13

File hashes

Hashes for adscan-8.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f63c1597ae3e85b46009408e78610f8a8d5e9e973cf83e7f8fe395fc5a24a7dd
MD5 21f09d5adde39d73e31bb56558da2469
BLAKE2b-256 55fbb551b7260bcf1b0fc342ea69c0d116bd76e86c24a6ab0f0c5afd293b9b3d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page