ETCSec logo
v3.0.0·419 checks·Apache 2.0

Identity Security
Auditor

Community: 398 checks free (264 AD · 134 Entra ID)Pro: 419 checks (275 AD · 144 Microsoft Entra ID). Audit in 6.58s. 6.2× faster than PingCastle.

curl -fsSL https://get.etcsec.com/install.sh | sudo bash
Download v3.0.0View on GitHub
Community Edition: Apache 2.0 — free for everyone, including companies. Direct download, no email required. License details
275 AD Checks
144 Entra ID Checks
23 Categories
Apache 2.0

Why ETC Collector

Built for speed & coverage

Everything you need for AD & Entra ID identity security auditing

Blazing Fast

6.58s full audit — 6.2× faster than PingCastle

  • ~20 MB static binary, zero runtime deps
  • Concurrent LDAP / Graph API queries
  • Goroutine pool with 369+ detectors

Comprehensive Coverage

419 security checks across AD & Microsoft Entra ID

  • 275 Active Directory checks (14 categories)
  • 144 Entra ID checks (9 categories)
  • ANSSI, CIS, NIST, DISA frameworks

Open Source Community

Apache 2.0 — free for everyone, including companies

  • Community Edition: Apache 2.0, code visible on GitHub
  • Free for everyone — individuals and enterprises alike
  • Pro Edition: closed binary with advanced detections via ETCSec SaaS

Attack Path Analysis

Identify privilege escalation vectors

  • BFS attack path graph included in Community
  • ADCS ESC1–ESC11 full taxonomy (Pro)
  • Delegation & shadow credential abuse
0
Security Checks
0.00s
Audit Time (s)
0%
Free for Everyone
275 AD Checks·144 Entra ID Checks·14 AD Categories·9 Azure Categories·Apache 2.0

Competitive Benchmarks

Faster. More checks. Still free.

Free for personal, educational & non-commercial use. Companies need a commercial license.

vs PingCastle 3.5
6.2× faster
6.58s vs 41s · 96.7% rule coverage
vs Purple Knight 5.0
22× faster
6.58s vs ~3min · 96.6% indicator coverage
Tool
Audit Time
AD Checks
Entra ID Checks
ETC Collector
v3.0
6.58s
275
144
PingCastle
3.5
41s
61 *
Purple Knight
5.0
~3min
119

* Rule count reflects atomic top-level rules triggered on our test domain. PingCastle also includes composite risk indicators depending on domain configuration.

Azure 144 detections
ADCS ESC1–ESC11
CIS / NIST / ANSSI / DISA
SaaS management

Quick Start

Up & running in one command

Single static binary — no runtime dependencies

# One-liner install
curl -fsSL https://get.etcsec.com/install.sh | sudo bash

# Run an AD audit
etc-collector audit ad --ldap-url ldaps://dc.example.com
1

Install

One-liner script or grab the binary for your OS

2

Configure

Set your AD/Azure credentials in config.yaml or via flags

3

Audit

Run and get structured JSON results in seconds

Pro Edition

Go further with Pro

The Community Edition is open source (Apache 2.0), free for everyone — individuals and enterprises. Pro unlocks advanced detectors, ADCS full taxonomy, additional Azure Risk detections, and an AI-native MCP server integration. Included with the ETCSec SaaS subscription.

Community: 264 AD + 134 Entra ID = 398 detections
Pro:      275 AD + 144 Entra ID = 419 detections
Pro adds: ADCS ESC1–ESC11 (+11 AD) · Azure Risk Protection (+10 Entra ID) = +21
Get Pro AccessSee license terms →
ADCS ESC1–ESC11 Full certificate abuse taxonomy (+11 AD detections)
Azure Risk Protection 10 additional Entra ID detections (Pro only)
HTML Report Executive-ready audit report
MCP Server AI-native audit integration
Included with ETCSec SaaS No separate purchase — part of your subscription

ETCSec SaaS

Multi-tenant platform

Dashboards, historical trending, automated scheduling, and team collaboration — all backed by ETCSec SaaS.

Explore ETCSec SaaS
Visual dashboards & reporting
Historical trending & analytics
Automated scheduling & alerts
Multi-tenant support
Compliance report generation (CIS, NIST, ANSSI)
API integrations (SIEM, SOAR)
Role-based access control
Priority support