Skip to content
ADscan Docs
ADscan PRO

Getting Started with PRO

Load the ADscan PRO Docker image and configure the launcher in under 10 minutes.

Prerequisites

  • Linux x86_64 host
  • Docker Engine installed and running (docker version to verify)
  • The adscan-pro-latest.tar.gz file you received
  • ADscan launcher installed: pip install adscan or pipx install adscan

Verify Docker is running

docker version

If you see Cannot connect to the Docker daemon, start it:

sudo systemctl start docker
# Add your user to the docker group to avoid sudo on every command:
sudo usermod -aG docker "$USER" && newgrp docker

Load the PRO image

docker load < adscan-pro-v8.0.0.tar.gz   # replace with the filename you received

Verify both tags loaded:

docker images | grep adscan-pro
# adscan/adscan-pro   v8.0.0   <id>   <size>
# adscan/adscan-pro   latest   <id>   same ID — both point to the same image

Point the launcher to the PRO image

Two options — pick whichever fits your setup:

Option A — --image flag (recommended if you use both LITE and PRO)

Pass --image directly to any launcher command. Clean, no environment setup needed:

adscan start --image 'adscan/adscan-pro:latest'
adscan ci --image 'adscan/adscan-pro:latest' --generate-report --frameworks iso27001 ...

Option B — environment variable (recommended if you always use PRO)

Set once in your shell profile and every adscan command uses PRO automatically:

# Add to ~/.zshrc or ~/.bashrc
export ADSCAN_DOCKER_IMAGE=adscan/adscan-pro:latest
source ~/.zshrc   # reload
adscan ci --generate-report --frameworks iso27001 ...  # PRO used automatically

Both methods work identically. --image takes precedence over the env var if both are set.

Install supporting tools

This sets up BloodHound CE and validates the runtime environment:

adscan install

If you already have LITE installed

adscan install will pull BloodHound CE and configure it. It skips pulling the main ADscan image when ADSCAN_DOCKER_IMAGE points to an already-loaded local image.

Verify PRO is active

adscan start

You should see PRO in the version line of the startup banner:

  ADscan  8.0.0  PRO
  Automate the AD kill chain.

If it says LITE, the ADSCAN_DOCKER_IMAGE variable is not set correctly. Exit ADscan (exit or Ctrl+D) — you're ready to run scans.

One-time setup complete

From this point, use adscan ci --generate-report for automated compliance scans. See Generate a Report for the full command reference.

Updating PRO

When you receive a new version:

docker load < adscan-pro-v8.1.0.tar.gz

Use the new version explicitly in your command:

adscan ci --image 'adscan/adscan-pro:v8.1.0' --generate-report ...

Previous versions remain available for rollback — they stay loaded until you explicitly remove them:

# Roll back to previous version instantly if needed:
adscan ci --image 'adscan/adscan-pro:v8.0.0' --generate-report ...

# Remove an old version when no longer needed:
docker rmi adscan/adscan-pro:v8.0.0

On this page

Verify Docker is runningLoad the PRO imagePoint the launcher to the PRO imageInstall supporting toolsVerify PRO is activeOne-time setup completeUpdating PRO
Find this useful?
Pass it to the next pentester running an AD engagement
Running 2+ AD engagements/year?
Get PRO free — beta access·Free in exchange for feedback
Automated PDF reports. Save ≥1 day per engagement.

ADscan — AD pentest automation for security consultants

Getting Started with PRO | ADscan