adPEAS is a comprehensive PowerShell-based security assessment tool designed to identify misconfigurations, vulnerabilities, and privilege escalation paths within Active Directory environments. Built for red teamers and penetration testers, it operates with zero external dependencies and does not require RSAT or the ActiveDirectory PowerShell module.
adPEAS v2 features a complete rewrite using System.DirectoryServices.Protocols.LdapConnection, enabling native Kerberos authentication, advanced reporting, and a session-based workflow for interactive exploration.
Key Features
- Native Kerberos stack supporting AS-REQ/REP, TGS-REQ/REP, and PKINIT in pure PowerShell.
- Multiple authentication methods including NT-Hash (OPtH), AES keys (PtK), and PFX certificates.
- 40+ security checks covering ADCS (ESC1-ESC15), ACLs, GPOs, LAPS, and delegation.
- Integrated offensive operations for Kerberoasting, AS-REP Roasting, and ticket generation (Golden/Silver/Diamond).
- Built-in BloodHound CE collector for seamless attack path analysis.
- Interactive HTML reports with risk scoring and JSON export for incremental scanning.
Use Cases
- Internal penetration tests requiring thorough AD enumeration without installing administrative tools.
- Red team operations involving stealthy, Kerberos-first authentication and session-based LDAP interaction.
- Security audits to identify risky configurations like unconstrained delegation or vulnerable ADCS templates.
- Rapid data collection for BloodHound analysis in air-gapped or restricted environments.
