ADscan is a tool for conducting a full‑cycle Active Directory pentest. It automates enumeration, builds potential attack paths, supports semi‑automated exploitation, and generates reports mapped to the MITRE ATT&CK matrix.

Features:
📍 AD reconnaissance via DNS, LDAP, SMB, Kerberos, and ADCS, with data export for BloodHound.
📍 Executes Kerberoasting, AS‑REP roasting, password spraying, GPP, and DCSync attacks from a single CLI.
📍 Supports both authenticated and unauthenticated domain enumeration.
📍 Exports artifacts and reports in TXT/JSON for further analysis.
📍 Automates common attack chains.

Compared to SharpHound and CrackMapExec, ADscan combines their core capabilities in one CLI and streamlines pentesting workflows, though it still lags behind them in integration depth and ecosystem maturity.

📎 Tool: https://github.com/ADScanPro/adscan

💬 Discuss

ADscan — a CLI framework for comprehensive Active Directory security assessment