ADscan PRO
Automated Active Directory pentest with MITRE-mapped compliance reports. Docker-based, self-hosted, zero data leaves your infrastructure.
ADscan PRO extends the open-source CLI with a professional report engine. Run the same AD pentest you already know — get a client-ready PDF and structured JSON out the other side.
What PRO adds
| Feature | LITE (open source) | PRO |
|---|---|---|
| AD enumeration + exploitation | ✅ | ✅ |
| Attack path generation | ✅ | ✅ |
| Raw JSON export | ✅ | ✅ |
| MITRE-mapped PDF report | — | ✅ |
| Compliance mapper (ISO 27001 / ENS / DORA) | — | ✅ |
| Executive summary section | — | ✅ |
| Per-finding remediation roadmap | — | ✅ |
| Attack path diagrams (Cytoscape) | — | ✅ |
| Dark/light premium themes | — | ✅ |
--display-name for client branding | — | ✅ |
| Re-report from existing workspace | — | ✅ |
Quick start
1. Pull from the registry
docker login ghcr.io with your GitHub PAT, then adscan update to pull the PRO image
2. Start PRO + partner tag
adscan start — enter your partner tag once, then the REPL walks every phase. deliver packages the PDFs
3. Understand the outputs
What's in the PDF, what's in the JSON
Automation (experimental)
adscan ci — one-shot CI pipelines for batched engagements
Supported compliance frameworks
| Key | Framework | Primary use case |
|---|---|---|
iso27001 | ISO/IEC 27001:2022 | Certification audits, MSSP quarterly compliance |
ens | ENS Alto (CCN-CERT) | Spanish public sector (default) |
nis2 | NIS2 — EU Directive 2022/2555 | EU critical-infrastructure operators |
dora | DORA EU 2022/2554 | EU financial entities |
pci_dss | PCI DSS v4 | Card-handling environments |
You can combine frameworks in a single report: --frameworks iso27001,dora
How it fits your workflow
ADscan PRO is designed for pentesters and MSSPs running compliance engagements.
The typical flow (interactive — recommended):
1. adscan start — interactive REPL, same flow you know from LITE
2. Walk each phase: recon → kerberos → ACL → attack-path collection → exploitation
3. deliver --display-name "Client Name" — packages 4 PDFs in 90 seconds
4. PDF → hand to client / attach to engagement report
5. JSON → ingest into your own reporting pipelineFor batched or scheduled runs, adscan ci provides a one-shot non-interactive
variant (experimental — see Generate a Report).
The JSON output is structured and stable — designed to be parsed, not just read.
Support
- Discord: discord.com/invite/fXBR3P8H74 — fastest response
- Email: [email protected]
- Response SLA (beta): same day for blockers, 24h for everything else