GhostScan: The Context-Aware Penetration Testing Framework That Prioritizes Signal Over Noise

What is GhostScan?

GhostScan is an elite, modular penetration testing framework built for Kali Linux, designed to solve the biggest pain point in modern security assessments: alert fatigue. Unlike traditional scanners that dump hundreds of low-level vulnerabilities on your desk and leave you to sort through the chaos, GhostScan acts as an intelligent analyst.

It uses a sophisticated scoring formula that correlates findings to reveal compound attack paths.

For example, instead of reporting a "Login Panel" and a "SQL Injection" as two separate medium-risk issues, GhostScan understands the context: if they exist together, they form a critical threat vector.

It prioritizes real risks by accounting for impact, confidence, and business context, delivering a concise list of actionable findings rather than a noisy report. It doesn’t replace human expertise; it amplifies it by guiding pentesters through complex environments with precision and clarity.

Features

• Smart Correlation: Combines related findings (e.g., Login + SQLi) into single, high-priority critical risks.
• Dynamic Scoring: Ranks vulnerabilities by impact and confidence, not just static severity labels.
• Adaptive Workflow: Generates exact exploitation commands based on real-time findings.
• WAF Evasion: Auto-detects protection layers and applies evasion profiles to avoid blocks.
• Strict Scope Enforcement: Hard gates prevent out-of-scope scanning and SSRF attacks.
• Modular & Extensible: Drop-in Python plugins are auto-loaded and sandboxed for custom checks.
• Resilient Performance: Parallel execution with per-tool timeouts ensures one failure never stops the scan.

Plugins

GhostScan doesn’t use a traditional "plugin" list you install separately; instead, it features a modular, drop-in architecture. You can extend its capabilities by simply placing a .py file into the plugins/ directory.

However, its core functionality is built on 53 integrated tools organized into these modular categories:

Recon & OSINT

• nmap, masscan, dnsrecon, dnsenum, amass, sublist3r, theHarvester, fierce, whois, dig

Web Scanning & Enumeration

• nikto, whatweb, wafw00f, gobuster, ffuf, dirb, wfuzz, feroxbuster, wpscan, nuclei

Vulnerability Assessment

• sqlmap, xsstrike, commix, testssl, sslscan, sslyze

Brute-Force & Cracking

• hydra, medusa, ncrack, patator, crackmapexec, john, hashcat, haiti

Network & Service Specific

• SMB/Windows: enum4linux, enum4linux-ng, smbclient, smbmap, nbtscan
• SNMP: snmpwalk, snmp-check, onesixtyone

Custom Plugin Safety:

• Each custom plugin runs in a sandboxed thread with a timeout kill-switch.
• Crashes are isolated (returning []) to ensure the main scan chain never breaks.

License

MIT License

Downloads

GitHub - scf13/ghostscan

Contribute to scf13/ghostscan development by creating an account on GitHub.

GitHubscf13