Skip to content
ADscan Docs
🚀 Getting Started

🧩 System Requirements

Supported platforms, privileges, and networking expectations before running ADscan.

ADscan is Linux-first. Use this checklist to make sure your jump box, lab VM, or CI runner matches what the installer expects.

Supported platforms

ComponentRequirement
Operating system64-bit Linux (x86_64/amd64) with Docker support (CI-verified on the versions listed below).
DockerDocker Engine (docker).
PrivilegesAbility to run Docker (root or in the docker group).
Python3.8+ (only used for the launcher; ADscan runs in a container by default).
Storage≥15 GB free (ADscan container image + workspace data + Docker layers).
Memory / CPUMinimum 4 GB RAM / 2 vCPU. Recommended 8 GB RAM / 4 vCPU for large engagements.
NetworkInternet access for image pulls and Layer 3/4 reachability to the target AD environment.

CI-verified Linux versions

ADscan is tested continuously on:

  • Debian 11, 12
  • Ubuntu 22.04 LTS, 24.04 LTS
  • Parrot OS 6.1, 6.3, 7.0
  • Kali Linux 2024.3, 2025.1, 2025.2, 2025.3, 2025.4

Not supported (yet)

  • macOS (launcher runtime commands are Linux-only)
  • Windows (native launcher runtime commands are Linux-only)
  • WSL / WSL2 (Docker-mode launcher runtime is blocked by default; use a native Linux VM/host)
  • Linux arm64 / aarch64 (including Apple Silicon Linux hosts/VMs) for Docker-mode runtime commands
  • Kali Linux ≤ 2024.2 (older baselines often cause issues; not recommended)
  • Arch-based distributions (Arch, Manjaro, Garuda, etc.)
  • RPM-based distributions (Fedora, RHEL, CentOS, Rocky/AlmaLinux, etc.)

Recommended baseline: Kali Linux 2025.4 or Ubuntu 24.04 LTS, 30 GB of disk, and Docker installed.

What gets stored where?

  • Workspaces live under ~/.adscan/workspaces (host).
  • Docker images are stored under Docker’s storage directory (commonly /var/lib/docker).
  • Attack-path graphs (BloodHound-compatible JSON) are written inside each workspace under domains/<domain>/attack_graph.json. To explore them visually, point your own BloodHound CE instance at that file.

Validate your environment

# Verify launcher version and dependency health
adscan --version
adscan check

# Confirm Docker availability
docker info

Legacy installer note

The legacy host-based installer exists for environments where Docker is not allowed:

adscan install --legacy
adscan check --legacy --fix

Legacy mode requires many more host dependencies (apt, Python toolchains, Go/Rust, etc.) and is not recommended unless you must.

Persistence & networking tips

  • Keep enough free disk and back up before rotating runners.
  • Allow outbound SMB/LDAP/RPC to the target domain plus HTTPS to container registries and release mirrors.

Meeting these baselines prevents surprise installer failures and unlocks the full ADscan LITE/PRO workflow.

🚀 Getting Started

Install ADscan LITE, run your first scan, and choose the right path for labs vs real internal AD engagements.

🛠️ Installation

Install the ADscan launcher with pipx/pip and pull the Docker images (recommended). Legacy host installer is available with --legacy.

On this page

Supported platformsCI-verified Linux versionsNot supported (yet)What gets stored where?Validate your environmentLegacy installer notePersistence & networking tips
Find this useful?
Pass it to the next pentester running an AD engagement
Running 2+ AD engagements/year?
Get PRO free — beta access·Free in exchange for feedback
Automated PDF reports. Save ≥1 day per engagement.

ADscan — AD pentest automation for security consultants

🧩 System Requirements | ADscan