NEW TOOL: Close Attack Paths to Tier O Assets with Forest Druid

Identify Active Directory vulnerabilities before attackers do.

With access to Active Directory or Azure AD, threat actors can gain dominance over your entire infrastructure. Unleash Purple Knight—a free AD and Azure AD security audit tool built by identity security experts—to close security gaps that leave your hybrid AD environment open to cyberattackers. 

Download nowVersion: Purple Knight 2.2 Community
  • 10,000+ downloads (and counting)
  • 130+ security indicators
  • 45% attack surface reduction
Forest Druid

Stop chasing AD attack paths. Focus on your Tier 0 perimeter.

Go to Forest Druid

Reduce your Active Directory attack surface.

  • AD and Azure AD security report card

    AD and Azure AD security report card

  • Pre- and post-attack security indicators

    Pre- and post-attack
    security indicators

  • Community-driven threat models


  • Prioritized, actionable guidance

    Prioritized guidance
    from AD experts

  • MITRE ATT&CK correlation


Do you know your Active Directory security vulnerabilities?

New Purple Knight users report an average initial security score of 61%—a barely passing grade. But users who apply the prioritized guidance provided with the assessment can systematically close AD security gaps, reducing the attack surface by up to 45%. Learn how these Purple Knight users hardened security posture of their AD environments.

Uncover your AD and Azure AD security vulnerabilities in minutes.

Unleash Purple Knight

Spot Active Directory vulnerabilities before attackers do

With an Active Directory audit, spot threats before attackers do.

Find AD and Azure AD security gaps with Purple Knight. Perform a comprehensive set of tests against the most common and effective attack vectors to find risky configurations and security vulnerabilities.

Prioritize Active Directory security gaps for remediation

Identify and prioritize Active Directory security gaps for remediation.

Gain visibility into your hybrid AD security posture with the Purple Knight report. See your AD and Azure AD security audit scores in five categories, plus get prescriptive guidance from identity security experts to help you prioritize remediation efforts. 

Fix AD and Azure AD security vulnerabilities that attackers can exploit.

Fix AD and Azure AD security threats that attackers can exploit.

Use Purple Knight’s prioritized, expert guidance to systematically address AD and Azure AD misconfigurations and unpatched vulnerabilities—for example, admin accounts with old passwords and enabled admin accounts that are inactive.

Validate hybrid AD security posture over time

Validate hybrid AD security posture over time.

Run Purple Knight’s AD security audit periodically to guard against misconfigurations that can accumulate over time and degrade hybrid AD environment security if left unchecked. 

100+ security indicators
100+ security indicators

security indicators

Purple Knight scans for known vulnerabilities and emerging threats discovered by our team of expert threat researchers

Indicators of Exposure (IOEs)
Indicators of exposure (IOEs)

Scan your hybrid Active Directory environment to uncover risky configurations that attackers can easily exploit.

Indicators of Compromise (IOCs)
Indicators of compromise (IOCs)

Shine a light on evidence of compromise, which can signal an in-progress cyberattack in your Active Directory environment.

See Purple Knight in action.

Watch as Purple Knight scans an Active Directory environment in minutes, detecting vulnerabilities that attackers can exploit at any moment. Get ready to unleash Purple Knight.

What do Purple Knight users say?


Purple Knight is a powerful tool with a nicely packaged set of scripts that does a fantastic job of showing you some of the hidden aspects of your AD that are just waiting to be discovered by the wrong person. Patrick Emerick Senior Systems Engineer | Bethel School District
I recommend Purple Knight for its ease of use—it’s GUI-based, it gives you a quick report card, and gives you a good, easy checklist of things to start working on. Jim Shakespear Director of IT Security | Southern Utah University
Purple Knight is the first utility I’ve used that digs this deep into Active Directory. It works so well, I didn’t need to find anything else. Micah Clark IT Manager | Central Utah Emergency Communications
The Purple Knight report helped us take action on items right away, such as shutting down or disabling Active Directory accounts that shouldn’t have been enabled. And then it helped us develop a long-term maintenance plan. CISO Canadian manufacturing company


Learn how malicious actors are targeting Active Directory. Explore how Purple Knight is helping organizations close security gaps in their AD environments.

See all resources