ADscan v2.2.1

TL;DR

• Idempotent installs: fixes when pyenv or BloodHound CE were already present.

• No more CLI collisions: resolves bloodhound-cli name clash with SpecterOps’ tool and ensures the custom bloodhound-cli is upgraded correctly.

• Security & hygiene: automated BH CE password change during adscan install + isolated venvs for all external tools.

• After upgrade, run: adscan install.

---

🛠 Fixes

• pyenv: fixed installer error when pyenv was already installed. 🔺 🔗

• BloodHound CE: fixed installer error when BH CE was already installed. 🔺

• CLI collision: fixed bloodhound-cli name conflict with SpecterOps’ binary vs. ADscan’s custom script. 🔺 🔗

• Custom CLI updates: fixed custom bloodhound-cli not upgrading during adscan install. 🔺 🔗

⬆️ Improvements

• Automated BH CE password rotation in adscan install (no manual prompts). ⏫ 🔗

• Per-tool isolated virtualenvs for all external tools (cleaner deps, fewer conflicts). 🔼 🔗

---

⚠️ Action after upgrading

Run the toolchain refresh to apply venv isolation & BH CE changes:

pipx upgrade adscan adscan install adscan check

---

🧭 Notes

• If you previously had SpecterOps’ bloodhound-cli on PATH, adscan install now resolves the collision and ensures ADscan’s custom bloodhound-cli is reachable and upgraded.

• Isolated venvs may change where dependencies live; use adscan check to verify environment health.

---

📣 Feedback / Issues

If something breaks or you spot a regression, open an issue with a redacted log plus your distro and ADscan version.

ADscan v2.2.0

TL;DR

• Switched to BloodHound Community Edition (BHCE).

• Fixed start flags and stability issues (ACLs, domain resolution, Kali 2025.1).

• Action required after upgrade: run adscan install.

---

🚀 Highlights

• BloodHound Community Edition replaces legacy edition for collection/graph workflows. Expect better compatibility and a cleaner path forward.

---

⚠️ Required action (post-upgrade)

After upgrading to 2.2.0, refresh the toolchain:

pipx upgrade adscan & adscan install & adscan check

The switch to BHCE changes dependencies/paths. Running adscan install is mandatory.

---

✨ Improvements

• Switched from BloodHound Legacy to BloodHound Community Edition in the install and execution flow.

---

🐛 Fixes

• Auth flag gating: fixed a bug preventing scans from starting when auth=false.

• ACL enumeration: fixed an issue where ACLs weren’t enumerated if Neo4j was down.

• Domain resolution: multiple fixes improving multi-domain resolution reliability.

• Kali 2025.1 install: resolved installer issue on Kali 2025.1.

---

🧪 How to verify after upgrading

1. adscan install (fetch BHCE + deps)

2. Run a quick lab profile (CTF) or a dry run (audit) and confirm techniques execute as expected.

---

🧭 Known notes

• If you previously pinned legacy BloodHound paths or custom configs, re-run adscan install and re-check your environment with adscan check.

---

📣 Feedback / Issues

If something breaks or you spot a regression, please open an issue with a redacted log and your distro/version details. Thanks for helping us make the LITE flow faster and more reliable.

ADscan LITE v2.1.2 - Patch (bugfix & reliability)

In two lines: more stable, better SMB/Kerberos, more reliable automatic NTLM cracking, smoother DX.

Highlights

• ✅ SMB improvements for large ranges and share spidering.
• ✅ Kerberos: real-time user enumeration with cancel
• ✅ WinRM admin access with hashes (PTH) fixed.
• ✅ More reliable automatic NTLM hash cracking.

Changelog

Fixed

• WinRM admin access using hash instead of password. 🔺 🔗
• Automatic NTLM cracking reliability issues. 🔺 🔗
• SMB shares spidering: fixes for password output collection. 🔺 🔗
• Automatically add adscan binary to PATH when not installed via PyPI. 🔗

Changed

• Kerberos user enumeration timeout → now real-time capture with user-controlled cancel. 🔺 🔗
• Removed timeout in start_unauth SMB scan for large host ranges (prevents “timeout error”). 🔺 🔗

📦 ADscan v2.1.1 — Bug-bash & Kerberos polish

Release date: 18 Jul 2025

Heads-up: Pure maintenance drop—no breaking changes.
Upgrade: pipx upgrade adscan or pip install -U adscan.

---

✨ Highlights

Category	Change
Bug fix	Password-spraying now handles any special character in usernames & passwords.
Bug fix	Domain look-ups are forced to lower-case → “Domain not found” is gone.
Bug fix	SMB share spidering no longer fails on XML regex mismatch; passwords are captured.
Bug fix	dump_registries no longer crashes on empty hives.
Bug fix	Fixed “open smb” error on share enumeration.
Improvement	Added Kerberos authentication support to flag collection and group-membership checks.
Improvement	New custom wordlist for kerberos enum-users (higher hit-rate on real names).

---

🔍 Full changelog

fix: spraying failed on special-char creds
fix: domain lookup => force lower()
fix: open smb error on share enum
fix: regex miss in XML spidering
fix: dump_registries crash on empty hive
add: kerberos auth for flag & membership checks
add: kerb custom user wordlist

---

⬆️ How to upgrade

# with pipx (recommended)
pipx upgrade adscan

# or inside your venv
pip install -U adscan

After upgrading, run adscan install once to refresh external tools.

---

Huge thanks to the early testers—especially @K0B4KS—for battle-testing Lite in the wild.
Keep the bug reports coming; they shape PRO.

— Yeray

📦 ADscan v2.1.0-lite — Parrot support & new attacks

✨ New

Area	Detail
Platform	✅ Parrot OS fully supported — installer resolves missing libs & krb5 headers.
Kerberos	• Auth integration added to kerberoast, shadow_creds, rdp_brute → will auto-switch to -k if a valid TGT is present. • Fallback: if local creds fail, ADscan now re-uses domain creds cached during recon.
Password spray	spray_same module: tries identical user = password (no lower/upper variants) — quick wins in internal CTFs.
ADCS	Added ESC-4 auto-exploit path.
Output UX	SMB share enum now prints NULL & GUEST access lines in yellow for quick visual grep.

🐞 Fixed

Bug	Status
SMB guest session not previously printed	✔
“Child→Parent escalation” prompt shown on non-subdomain	✔ (now checks domain SID lineage)
unzip error when encrypted ZIPs found by share spider	✔ — skips & logs path
Extra space in cert parameter breaking certipy	✔

🚀 Upgrade

pipx upgrade adscan          # or: pip install -U adscan 
adscan install               # refresh external tools

🗺️ Roadmap snapshot

Quarter	Drop
Q4-2025	PRO launch – trust enum • ADCS ESC 1-5 auto-exploit • Word/PDF report
Q1-2026	NTLM relay chain • SCCM module
Q2-2026	PwnDoc integration • Hyper-Fast cloud cracking (AS-REP/Kerberoast)

👉 Lock –50 % lifetime PRO: https://adscanpro.com/pro-waitlist

---

Huge thanks to the Parrot community & test users for early logs.
Keep smashing boxes — “Automate Harder!” 💪

© 2025 Yeray Martín • Macroblond44 — ADscan 2.1.0-lite.

🚀 ADscan v2.0.4-lite — “Kali-install hot-patch”

This is a rapid-fire fix build. If v2.0.3 installed and runs for you you don’t need this update.
Update with:

# pipx 
pipx upgrade adscan 
# or plain pip 
pip install -U adscan

---

🔧 Fixes

Area	Description
Installer (adscan install)	• Removed openresolv dependency – it clashed with systemd-resolved on fresh Kali images, breaking network-manager hooks. • Kept systemd-resolved, so the DNS-update helper still works out-of-the-box.

---

Enjoy— and keep the bug reports coming!
— Yeray / Macroblond44

🛠️ ADscan v2.0.3-lite — Stability & auto-update patch

🚩 What’s fixed & improved

Category	Change
Kerberos	• AS-REP Roast bug – false “hash not found” in some domains. • Hash-cracking pipeline – handles mixed NTLM/AS-REP results; no more empty passwords in output. • sponge missing – installer now grabs moreutils on Kali/Ubuntu so `cut
Delegations	findDelegation.py path detection corrected; trust-enum step no longer aborts.
Service enum	Gracefully skips sc.exe calls when WinRM/SVC not reachable; removes noisy stack trace.
Time sync	ntpdate call repaired → reliable Kerberos ticketing even on hosts without initial NTP.
Quality-of-life	Auto version check on every adscan start. • Yellow banner if a newer release exists. • Hard-block only when a version is explicitly revoked by maintainer.

---

🔧 Upgrade

# upgrade binary 
pipx upgrade adscan       # or: pip install adscan  
# refresh external tools/wordlists 
adscan install

Start the CLI and you should see:

ADscan 2.0.3-lite  •  Up-to-date ✔

Founder wait-list (50 % lifetime) → https://adscanpro.com/pro-waitlist

---

Thanks

Early users for crash logs.
Keep the issues coming — every report makes ADscan sharper. 🦾

© 2025 Yeray Martín Domínguez – ADscan 2.0.3-lite · PRO edition arrives Q4-2025.

🛠️ v2.0.2 — Kali dependency hot-fix

🛠️ ADscan v2.0.2-lite — Kali install hot-fix

Why this patch?
On fresh Kali 2024/2025 images the post-install step failed to pull two system packages used by ADscan’s time-sync and RDP modules:

E: Unable to locate package ntpdate E: Unable to locate package xfreerdp

As a result, adscan install exited early and later commands (adscan check, adscan start, etc.) crashed.

🔧 What’s fixed

Type	Change
Bug-fix	Installer now adds the Kali rolling repo to sources.list.d (if missing) and runs: apt-get update && apt-get install -y ntpsec-ntpdate freerdp3-x11
Robustness	If apt is locked by another process, ADscan waits up to 30 s and retries once, printing a clear instruction if it still fails.

🚀 Upgrade

pipx upgrade adscan

adscan install

✅ Verify

adscan check

• PRO launch (Q4-2025) — trust enum, ADCS auto-exploit, PDF report.
  👉 -50 % lifetime Founder price: https://adscanpro.com/pro-waitlist

---

© 2025 Yeray Martín Domínguez — ADscan 2.0.2-lite · PRO edition arrives Q4-2025.

v2.0.0

📦 ADscan v2.0.0-lite — First Public Release 🎉

TL;DR pipx install adscan → adscan install → adscan start → auto-pwn Forest in < 60 s.

---

✨ Highlights

Lite edition goes public	Full core engine + automation for three retired HTB boxes.
One-file CLI	Runs on any Debian-based Linux, no GUI required.
Semi / Full-auto modes	Choose auto=True for “hands-off CTF”, or auto=False for granular audits.
Seamless upgrade path	PRO edition (Q4-2025) unlocks trust-enum, ADCS auto-exploit, PDF report & more. 👉 –50 % Founder wait-list

---

🔑 Core Features (Lite & Pro)

• Interactive shell with autocomplete & history

• Structured, colored output (Rich)

• Unauth & auth recon – SMB · LDAP · RPC · Kerberos

• Credential dump (SAM, LSA, DPAPI, DCSync)

• Hashcat integration (NTLM crack)

• BloodHound collector runner

• Workspace & credential persistence

🔥 What’s exclusive to Lite 2.0.0

• Full-auto exploitation chain for Forest, Sauna, Arctic (HTB retired).

• Prompt-driven semi-auto flow for any AD lab.