How does ADscan reduce AD pentest time from 5 days to 2?

ADscan automates enumeration (saves 1-2 days), provides semi-guided exploitation paths (saves 1-2 days), and generates MITRE-mapped reports automatically (saves 0.5-1 day). The operator confirms all actions while ADscan handles the grunt work.

What's the difference between ADscan and PingCastle/Purple Knight?

PingCastle and Purple Knight are excellent risk assessment tools for IT teams. ADscan goes further by executing semi-guided exploitation, building complete attack chains, and outputting pentester-ready MITRE-mapped evidence for consulting deliverables.

How is ADscan different from Pentera?

Pentera is a GUI-based automated platform designed for IT teams to run simulations. ADscan is a CLI tool built for pentesters who need granular control over attack vectors, reproducible evidence, and detailed technical reporting for client deliverables.

Does ADscan work in air-gapped environments?

Yes. ADscan supports offline licenses and includes an optional on-premises license server for completely air-gapped deployments. All tools and wordlists are bundled locally.

What operating systems does ADscan support?

Currently Linux (Kali, Ubuntu, Debian, Parrot). Docker and Windows support are in the near-term roadmap. Design Partners get early access to new platform releases.

Can ADscan integrate with existing pentest workflows?

Yes. ADscan exports to JSON for integration with other tools, generates Word reports using your templates, and works alongside BloodHound, NetExec, and other standard AD pentest tools.

How much does ADscan cost for consulting companies?

PRO seats start at €997/year. Enterprise team packs (5/10/25 seats) include volume discounts, SSO, and priority support. POV Pass available at €249 per 14-day engagement for project-based testing.

What's included in the 14-day POV?

Full ADscan PRO features, setup assistance, Word report generation, and a debrief session with your team lead. No credit card required. Run in your non-production lab environment.

What is the difference between a POV and the Design Partner program?

POV is a 14-day lab evaluation to validate fit. Design Partner is a 90-day collaboration with direct support, early features and limited discounted pricing in exchange for an anonymous/public case.

System requirements

Supported platforms, privileges, and networking expectations before running ADscan.

ADscan is Linux-first. Use this checklist to make sure your jump box, lab VM, or CI runner matches what the installer expects.

Supported platforms

Component	Requirement
Operating system	Debian-based 64-bit Linux (Kali 2024.2+, Ubuntu 22.04+, Debian 12).
Privileges	Root or `sudo` access to install dependencies, BloodHound CE, and kernel packages.
Python	3.8+ (managed automatically when you install the binary or PyPI package).
Storage	≥10 GB free in `~/.adscan` for workspaces, wordlists, and BloodHound artifacts.
Memory / CPU	Minimum 4 GB RAM / 2 vCPU. Recommended 8 GB RAM / 4 vCPU for long-running BloodHound sessions.
Network	Internet access for downloads and Layer 3/4 reachability to the target AD environment.

Recommended baseline: Kali Linux 2024.2 or Ubuntu 22.04 LTS, 50 GB of disk, and Docker installed to run BloodHound CE locally.

Optional dependencies

Docker Engine & Compose – needed only when adscan install provisions BloodHound CE.
Wordlists – bundled wordlists are installed automatically; drop your own files under ~/.adscan/wordlists.
External tooling – RustHound, Impacket, hashcat, and additional collectors are orchestrated automatically by adscan install (see the public README for the latest list).

Running in a container or GitHub-hosted runner? ADscan will gracefully skip Docker-only steps. If Docker isn’t available, install only the modules you need (for example adscan install --only rusthound) and handle BloodHound CE on a host with full privileges.

Validate your environment

# Verify binary version and dependency health
adscan --version
adscan check

# Confirm Docker availability before installing BHCE
docker info

Warnings emitted by print_warning highlight missing Docker daemons or containerized execution. Switch to adscan install --only rusthound when Docker cannot run.

Persistence & networking tips

Workspaces live in ~/.adscan/workspaces. Keep enough free disk and back up before rotating runners.
Allow outbound SMB/LDAP/RPC to the target domain plus HTTPS to github.com, pypi.org, docker.io, and release mirrors.

Meeting these baselines prevents surprise installer failures and unlocks the full ADscan LITE/PRO workflow.

System requirements

Supported platforms

Optional dependencies

Validate your environment

Persistence & networking tips

On this page