ETCSec logo
v3.0.0·419 checks·Apache-2.0

Open Source
Security Auditor

419 security checks for Active Directory & Azure Entra ID. Audit your domain in 6.58s. 6.2× faster than PingCastle.

curl -fsSL https://get.etcsec.com/install.sh | sudo bash
Download v3.0.0View on GitHub
275 AD Checks
144 Azure Checks
23 Categories
100% Free

Why ETC Collector

Built for speed & coverage

Everything you need for AD & Azure identity security auditing

Blazing Fast

6.58s full audit — 6.2× faster than PingCastle

  • ~20 MB static binary, zero runtime deps
  • Concurrent LDAP / Graph API queries
  • Goroutine pool with 369+ detectors

Comprehensive Coverage

419 security checks across AD & Azure Entra ID

  • 275 Active Directory checks (14 categories)
  • 144 Azure Entra ID checks (9 categories)
  • ANSSI, CIS, NIST, DISA frameworks

100% Free & Open Source

Apache-2.0 licensed, forever free

  • Full source code available on GitHub
  • Community contributions welcome
  • Pro edition for ADCS & Attack Paths

Attack Path Analysis

Identify privilege escalation vectors

  • BFS attack path graph (Pro)
  • ADCS ESC1–ESC11 full taxonomy (Pro)
  • Delegation & shadow credential abuse
0
Security Checks
0.00s
Audit Time (s)
0%
Free Forever
275 AD Checks·144 Azure Checks·14 AD Categories·9 Azure Categories·Apache-2.0

Competitive Benchmarks

Faster. More checks. Still free.

Tested on a real domain — 546 users, 100 computers, Windows Server 2016, ADCS present.

vs PingCastle 3.5
6.2× faster
6.58s vs 41s · 96.7% rule coverage
vs Purple Knight 5.0
22× faster
6.58s vs ~3min · 96.6% indicator coverage
Tool
Audit Time
AD Checks
Azure Checks
ETC Collector
v3.0
6.58s
275
144
PingCastle
3.5
41s
61
Purple Knight
5.0
~3min
119
Azure 144 detections
ADCS ESC1–ESC11
CIS / NIST / ANSSI / DISA
SaaS management

Quick Start

Up & running in one command

Single static binary — no runtime dependencies

# One-liner install
curl -fsSL https://get.etcsec.com/install.sh | sudo bash

# Run an AD audit
etc-collector audit ad --ldap-url ldaps://dc.example.com
1

Install

One-liner script or grab the binary for your OS

2

Configure

Set your AD/Azure credentials in config.yaml or via flags

3

Audit

Run and get structured JSON results in seconds

Pro Edition

Go further with Pro

The community edition is free forever. Pro unlocks advanced detectors, attack path graphs, ADCS full taxonomy, and an AI-native MCP server integration.

Get Pro Access
ADCS ESC1–ESC11 Full certificate abuse taxonomy
Attack Paths BFS Graph-based privilege escalation
Azure Risk Protection 10 additional Azure detections
HTML Report Executive-ready audit report
MCP Server AI-native audit integration

ETCSec SaaS

Multi-tenant platform

Dashboards, historical trending, automated scheduling, and team collaboration — all backed by ETCSec SaaS.

Explore ETCSec SaaS
Visual dashboards & reporting
Historical trending & analytics
Automated scheduling & alerts
Multi-tenant support
Compliance report generation (CIS, NIST, ANSSI)
API integrations (SIEM, SOAR)
Role-based access control
Priority support