Adalanche Features

Powerful, open source and free!

Adalanche is the open source attack path analysis engine that visualizes your data from core infrastructure components. It runs on our own custom in-memory data engine, which gives it some unique features. It has also enabled us to quickly get to market and to add new features, detectors and functions when needed.

The source code for the open source edition is available on Github (, where unsigned pre-built binary releases and pre-releases are also offered. Here’s what the open source edition offers:

Zero effort deployment

Get results instantly – without installing graph databases, scripting languages or other prerequisites: grab our binary and run it. It’s a promise!


Active Directory is for Windows, but adalanche is platform agnostic. Run it on Windows, Linux or OS/X – or compile it yourself for any platform supported by Go.

Active Directory

Adalanche was built to find mis-configuration issues in Active Directory, and we want everyone to fix be able to fix their on premise infrastructure.

Windows Machines

Add much more depth by collecting data from your local Windows machines. This augments the analysis with local user, groups, permissions, installed software and more.

LDAP query language

Active Directory sysadmins will feel right at home, as queries are done in our enhanced LDAP query engine. There’s no need to learn an obscure graph query language!

Fast and scalable

The custom in memory object storage database offers fast object lookups, and both ingestion and analysis scales on CPU threads. Just add RAM, and you’re good to go.

Pre-defined queries

More than 20 pre-defined queries makes it easy to get results without any training. Just pick a query and analyze.


Not all attacks are created equal. Adalanche knows about this, allowing you to prioritize

Want more? We have paid versions too

No matter if you’re a pen tester, a red teamer, work in risk management or do techincal stuff to harden systems on the blue team, we’ve got you covered! There are multiple editions for both the attacking and the defending side. Below are some features to make your life easier …

Enhanced GUI

The enhanced GUI makes it even easier to find what you’re looking for. Find edges or object types in your graph effortlessly. Search by name. Time is precious!


Integrate with common key vaults and virtualization backends, by ingesting data from CyberArk, vCenter and others. For proper tiering, you need to cover all your bases.

Flow analysis

Found a problem, but you’re having problems figuring out what to do about it? Easily spot where to implement choke points by visual indicators.

More detectors

Even more detectors results in more connected edges than in the open source version, so spot those rare mis-configurations or just dive deeper into your data set.

Ingest your own data

Do you have a data source that Adalanche does not support? Don’t worry, there are flexible input options for adding your own data to the analytics engine, and use it to your advantage

Data export

Do you need to post process results from adalanche? No worries, you can export objects from queries or graphs to XML, JSON, CSV or native Excel format (GUI/REST)

Native Windows LDAP

The native Windows LDAP library provide support for channel binding and signing, which allows you to extract data from hardened setups


Having trouble? You’ll be able to get support from us when running a paid version. Depending on the edition this ranges from hourly billed support to unlimited support included in your license.

More data means more insight

With adalanche you don’t stand a chance as an attacker, if you try to outmaneuver our customers across control planes. Dumping VMs via vCenter is a popular option, if attackers can get a hold of an administrator account for the virtualization platform. Map usage rights from Active Directory to vCenter. If you’re using CyberArk to protect Active Directory accounts you can ingest data and map every entitled account in CyberArk. Are you using a popular techonlogy that fits into this – ask us, and we’ll take a look at it.

vmWare vCenter integration

Even with proper tiered Active Directory environments, attackers can abuse out-of-band access to computers, potentially undoing everything the tiering model was thought to solve. An administrator on vCenter or an ESXi host can dump the contents of an AD controller, ADCS servers, SCCM services or other tier 0 computers. These disk dumps expose passwords, hashes, certificate keys or other secrets. With the integration module, you can implement and validate your tiering model in your virtualization environment too.

Password audit analysis

Some customers do periodic password audits by dumping password hashes from their infrastructure, and breaking them with HashCat or similar tools. With adalanche you can ingest this data, and locate sensitive accounts with breakable passwords. It also allows you to graph users that are using the same password across accounts, or groups of accounts set to the same password. Lazy users that reuse passwords across tiers can run, but they can’t hide!

CyberArk integration

Highly secure environments often leverage CyberArk as a gatekeeper for sensitive accounts, enabling just-in-time access or recording of sessions. With adalanche integration for CyberArk you can do extend the attack path analysis and ensure that only the proper accounts or groups can access what they need. You might feel that everything is set up correctly, but did you ever check?