v3.0.0·419 checks·Source-available

Identity Security
Auditor

Community: 395 checks free (261 AD · 134 Entra ID)Pro: 419 checks (275 AD · 144 Microsoft Entra ID). Audit in 6.58s. 6.2× faster than PingCastle.

curl -fsSL https://get.etcsec.com/install.sh | sudo bash

Download v3.0.0 View on GitHub

Free for personal, educational & non-commercial use. Companies need a commercial license — [email protected]

275 AD Checks

144 Entra ID Checks

23 Categories

Free Non-Commercial

Why ETC Collector

Built for speed & coverage

Everything you need for AD & Entra ID identity security auditing

Blazing Fast

6.58s full audit — 6.2× faster than PingCastle

~20 MB static binary, zero runtime deps
Concurrent LDAP / Graph API queries
Goroutine pool with 369+ detectors

Comprehensive Coverage

419 security checks across AD & Microsoft Entra ID

275 Active Directory checks (14 categories)
144 Entra ID checks (9 categories)
ANSSI, CIS, NIST, DISA frameworks

Source-Available License

Free for personal, educational & non-commercial use

Source visible on GitHub
Free for personal, educational & non-commercial use
Commercial license required for companies — [email protected]

Attack Path Analysis

Identify privilege escalation vectors

BFS attack path graph (Pro)
ADCS ESC1–ESC11 full taxonomy (Pro)
Delegation & shadow credential abuse

Security Checks

0.00s

Audit Time (s)

Non-Commercial Use

275 AD Checks·144 Entra ID Checks·14 AD Categories·9 Azure Categories·Source-available

Competitive Benchmarks

Faster. More checks. Still free.

Free for personal, educational & non-commercial use. Companies need a commercial license.

vs PingCastle 3.5

6.2× faster

6.58s vs 41s · 96.7% rule coverage

vs Purple Knight 5.0

22× faster

6.58s vs ~3min · 96.6% indicator coverage

Tool

Audit Time

AD Checks

Entra ID Checks

ETC Collector

v3.0

Best

6.58s

275

144

PingCastle

3.5

41s

61 *

Purple Knight

5.0

~3min

119

* Rule count reflects atomic top-level rules triggered on our test domain. PingCastle also includes composite risk indicators depending on domain configuration.

Azure 144 detections

ADCS ESC1–ESC11

CIS / NIST / ANSSI / DISA

SaaS management

Quick Start

Up & running in one command

Single static binary — no runtime dependencies

# One-liner install
curl -fsSL https://get.etcsec.com/install.sh | sudo bash

# Run an AD audit
etc-collector audit ad --ldap-url ldaps://dc.example.com

Install

One-liner script or grab the binary for your OS

Configure

Set your AD/Azure credentials in config.yaml or via flags

Audit

Run and get structured JSON results in seconds

Pro Edition

Go further with Pro

The community edition is free for personal, educational & non-commercial use. Pro unlocks advanced detectors, attack path graphs, ADCS full taxonomy, and an AI-native MCP server integration.

Community: 261 AD + 134 Entra ID = 395 detections

Pro: 275 AD + 144 Entra ID = 419 detections

Pro adds: ADCS ESC1–ESC11 (+11) · Attack Paths (+3) · Azure Risk (+10) = +24

Get Pro Access See license terms →

ADCS ESC1–ESC11 — Full certificate abuse taxonomy

Attack Paths BFS — Graph-based privilege escalation

Azure Risk Protection — 10 additional Azure detections

HTML Report — Executive-ready audit report

MCP Server — AI-native audit integration

ETCSec SaaS

Multi-tenant platform

Dashboards, historical trending, automated scheduling, and team collaboration — all backed by ETCSec SaaS.

Explore ETCSec SaaS

Visual dashboards & reporting

Historical trending & analytics

Automated scheduling & alerts

Multi-tenant support

Compliance report generation (CIS, NIST, ANSSI)

API integrations (SIEM, SOAR)

Role-based access control

Priority support

Identity SecurityAuditor