Auto-pwns HTB Forest in ~3 minutes ๐
ADscan is an interactive CLI that automates and orchestrates Active Directory pentesting workflows. It helps teams ship internal AD engagements faster by reducing manual glue-work (tool handoffs, copy/paste, evidence collection, reporting).
- ๐ค Automatic (
auto=True, labs/CTF): minimal prompts, fast flow - ๐ค Semi-automatic (
auto=False, internal/prod): prompts before risky actions - ๐ฎ Manual: full operator control
- ๐ Auto-pwns retired HTB machines in minutes (Forest, Active, Cicada)
- โก Save time: less glue-work, more repeatable workflows
- ๐ฎ Built for pentesters: CLI-first, designed for operators
- ๐งพ Evidence packaging: workspace outputs + report templates
Try ADscan PRO โ Request a FREE 30-Day POV (first 5 teams) at adscanpro.com
๐ฅ 30-Day POV โ COMPLETELY FREE (First 5 Teams Only):
- โก LIMITED: Only 5 FREE POV slots available
- Duration: 1 internal AD pentest project
- Team: Up to 5 pentesters
- Pricing: 100% FREE for first 5 teams (after that: โฌ497 + VAT standard)
- Includes:
- Modes: automatic / semi-automatic / manual
- 1:1 onboarding (60-90 min) + priority support
- MITRE-mapped report templates
- ๐ In exchange: Measured case study (baseline vs ADscan) + honest testimonial + detailed feedback
- Zero risk: If it doesn't deliver results (โฅ1 credential OR โฅ1 day saved), simply walk awayโno strings attached
|
Core capabilities:
|
Planned enhancements:
|
| Requirement | Details |
|---|---|
| OS | Linux (Debian/Ubuntu/Kali and other Debian-based distros) |
| Docker | Docker Engine + Compose (plugin or docker-compose) |
| Privileges | User must be able to run Docker (docker group or sudo) |
| Python | Not required for Docker mode (pipx wrapper only) |
| Network | Internet to pull images, target network access |
# Install via pipx (recommended)
pipx install adscan
# Install (pulls the latest ADscan image + BloodHound CE images)
adscan install
# Start ADscan
adscan startDuring adscan install, ADscan will try to ensure the BloodHound CE admin
password is set to a known value for a smooth first-time experience:
adscan install --bh-admin-password 'Adscan4thewin!'If the automatic password change fails (for example because BloodHound CE isnโt ready yet), ADscan prints the exact manual steps to finish it in the web UI.
ADscan also includes a legacy host-based installer for environments where Docker is not available:
adscan install --legacy๐ Complete installation guide, quick start, and full documentation โ adscanpro.com/docs
ADscan supports non-interactive mode for automated testing.
๐ Complete CI/CD documentation and examples โ adscanpro.com/docs
| Provider | Machine | Status |
|---|---|---|
| Hack The Box | Forest (Retired) | โ Auto-pwned in ~3min |
| Hack The Box | Active (Retired) | โ Auto-pwned |
| Hack The Box | Cicada (Retired) | โ Auto-pwned |
Contribute: If you auto-pwn labs with ADscan, open a PR to add them to the matrix!
- Telemetry: Opt-in by default (toggle with
set telemetry off) - No sensitive data: Only anonymized error data and feature usage
- Local-first: All data stored in
$ADSCAN_HOME/workspaces/(default:~/.adscan/workspaces/)
All documentation, guides, walkthroughs, and command references are available at:
Includes installation guides, quick start, complete command reference, CTF walkthroughs, lab guides, best practices, and more.
Need help?
- ๐ฌ Chat on Discord
- ๐ Report bugs via GitHub Issues
- ๐ง Enterprise support: hello@adscanpro.com
- ๐ Complete documentation โ adscanpro.com/docs
Announcement: ADscan was presented at Hackรฉn 2025 cybersecurity conference.
ยฉ 2025 Yeray Martรญn Domรญnguez โ Released under custom EULA ADscan LITE 3.2.2 | PRO edition: Q4 2025
โญ Star this repo if ADscan helped you! | ๐ Share with #adscan
Made with โค๏ธ for the pentesting community