LITE vs PRO
What ships in ADscan LITE, what PRO adds, and how to upgrade.
Overview
ADscan ships in three tiers:
- LITE — free CLI engine. The full scan core, attack-path analysis, and operator workflow.
- PRO — LITE plus the Client Deliverable Kit (four PDFs + ZIP) generated by
adscan deliver. - Enterprise — continuous CTEM/BAS web service with weekly digests and team collaboration.
The LITE CLI is distributed under the Business Source License 1.1. PRO and Enterprise are commercial.
LITE — free CLI engine
| Category | Features |
|---|---|
| Enumeration | DNS, LDAP, SMB, Kerberos, Nmap, delegations, privileges, MSSQL, ADCS, CVEs, GPP, trusts |
| Credential attacks | AS-REP roasting, Kerberoasting, password spraying, SAM/LSA/DCSync, hash cracking |
| BloodHound | CE installation, automatic collection & upload, analysis queries |
| Attack graphs | Algorithmic attack-path generation, auto-exploitation chains |
| ADCS | Detection, template enumeration, ESC1-16 auto-exploitation |
| Post-exploitation | Post-DA enumeration, Backup/Account Operators escalation |
| Operations | Three modes (auto/semi/manual), CI/CD mode, workspaces |
| Export | TXT/JSON export, operator cheat-sheet PDF (adscan cheatsheet) |
LITE ships ten commands: start, ci, demo, tui, cheatsheet, welcome, check, install, update, version.
PRO — Client Deliverable Kit
PRO adds one command: adscan deliver. It generates the full Client Deliverable Kit in 90 seconds.
| Audience | Use case | |
|---|---|---|
| Executive Assessment Report | CISO / board | Board-ready summary with Posture Score and remediation roadmap |
| AD Hardening Playbook | Security team lead | 30-day prioritized actions organized by ATT&CK tactic |
| MITRE Remediation Checklist | Auditors / compliance | Technique-by-technique sign-off tracker |
| Coverage Matrix | Procurement / RFP | 33 ATT&CK techniques mapped to ENS, NIS2, DORA, ISO 27001:2022 |
# Full kit
adscan deliver --workspace acme.local --client "Acme Corp"
# Single PDF
adscan deliver --workspace acme.local --only playbook
# Subset
adscan deliver --workspace acme.local --only executive,checklistOutput: a ZIP at <workspace>/deliverables/<date>-adscan-kit.zip plus a manifest.json.
Full Client Deliverable Kit page
Enterprise — CTEM web
A web platform for continuous threat exposure management. Designed for CISOs and security teams who need ongoing visibility.
| Feature | Details |
|---|---|
| Continuous AD monitoring | Scheduled scans with drift detection |
| Web dashboard | Centralized view of all domains |
| Risk scoring & trends | Track security posture over time |
| Team collaboration | Multi-user with role-based access |
| Priority support | 1:1 onboarding and dedicated support |
Licensing
LITE is distributed under the Business Source License 1.1:
- Read, use, and modify the code freely
- Use for pentesting (personal or paid client engagements)
- Cannot create a competing commercial product
- Converts to Apache 2.0 on 2029-02-01
PRO and Enterprise are distributed under a separate commercial license.
Current availability
PRO is in beta. 90-day access is free for security consultants running real AD engagements — in exchange for honest feedback and a testimonial if it delivers. Request via [email protected] or adscanpro.com/pro.
Enterprise CTEM is in validation. We run a free live assessment in your environment (1-2h session via VPN) so you can see the platform in action before committing. Request via adscanpro.com/pov.