{"id":49953463,"url":"https://github.com/krdn-dev/webghost","last_synced_at":"2026-05-17T21:01:15.395Z","repository":{"id":358245955,"uuid":"1238156873","full_name":"krdn-dev/webghost","owner":"krdn-dev","description":"Fake corporate website generator and realistic traffic imitator for proxy camouflage","archived":false,"fork":false,"pushed_at":"2026-05-16T11:50:04.000Z","size":389,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-16T13:40:38.257Z","etag":null,"topics":["anti-censorship","camouflage","dpi-bypass","fake-traffic","go","hysteria2","linux","naiveproxy","proxy","traffic-generator","traffic-obfuscation","traffic-simulator","trojan","website-generator","xray"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/krdn-dev.png","metadata":{"files":{"readme":"README.en.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-13T21:40:21.000Z","updated_at":"2026-05-16T11:50:08.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/krdn-dev/webghost","commit_stats":null,"previous_names":["krdn-dev/webghost"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/krdn-dev/webghost","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krdn-dev%2Fwebghost","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krdn-dev%2Fwebghost/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krdn-dev%2Fwebghost/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krdn-dev%2Fwebghost/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/krdn-dev","download_url":"https://codeload.github.com/krdn-dev/webghost/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krdn-dev%2Fwebghost/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33155542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-censorship","camouflage","dpi-bypass","fake-traffic","go","hysteria2","linux","naiveproxy","proxy","traffic-generator","traffic-obfuscation","traffic-simulator","trojan","website-generator","xray"],"created_at":"2026-05-17T21:01:08.263Z","updated_at":"2026-05-17T21:01:15.389Z","avatar_url":"https://github.com/krdn-dev.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# WebGhost – Traffic Imitator\n\n**WebGhost** is a utility that generates a multi-page corporate website and simulates realistic traffic around it.\n\n**Why is this needed:** To make it impossible to distinguish your HTTPS proxy traffic from regular corporate website traffic. WebGhost is suitable for masking proxy servers operating over HTTPS on port 443: NaiveProxy, Hysteria (with HTTP masking), Xray (VLESS+XTLS), Trojan, and others.\n\n## ✨ What WebGhost Does\n\n- **Generates a full-featured website** — blog, \"About Us\" section, contacts, robots.txt, sitemap.xml, and all necessary resources (CSS, JS, images, fonts)\n- **Simulates real visitors** — different browsers (Chrome, Firefox, Safari, Edge), reading pauses, link clicks, form submissions, UTM parameters\n- **Adds background noise** — requests from search engine bots, security scanners, attempts to access non-existent pages\n- **Supports mutual simulation** — two servers can generate traffic for each other\n- **Updates with a single command** — `webghost update`\n\n### 🎨 Unique Design for Each Domain\n\nWebGhost does not create identical sites. During generation, the domain name is used as a source of entropy, so each domain receives:\n\n- **Unique logo** — the company name in uppercase\n- **Individual color scheme** — shades of accent color, gradients and transparencies vary slightly from site to site\n- **Personalized contacts** — email and phone number are tied to your domain\n\nVisually, all sites look consistent with a corporate style, but re-installing on a different domain will create a *similar but not identical* design. This makes it harder to create DPI signatures based on the site's appearance.\n\n## 🚀 Quick Installation\n\n\u003e ⚠️ Replace `example.com` with your own domain.\n\n```bash\nwget https://github.com/krdn-dev/webghost/releases/latest/download/webghost-linux-amd64 -O /usr/local/bin/webghost\nchmod +x /usr/local/bin/webghost\nwebghost example.com install\n```\nor\n```bash\nwget -O /usr/local/bin/webghost https://github.com/krdn-dev/webghost/releases/latest/download/webghost-linux-amd64 \u0026\u0026 chmod +x /usr/local/bin/webghost \u0026\u0026 webghost example.com install\n```\n\n## Step-by-Step Installation\n\n### 1. Download the pre-built binary\n```bash\nwget https://github.com/krdn-dev/webghost/releases/latest/download/webghost-linux-amd64\n```\n\n### 2. Install it\n```bash\nsudo cp webghost-linux-amd64 /usr/local/bin/webghost\nsudo chmod +x /usr/local/bin/webghost\n```\n\n### 3. Create the website and set up auto-start\n```bash\nwebghost example.com install\n```\n\n## 📲 Usage Examples\n\n### Basic Installation\n```bash\nwebghost example.com install\n```\n**After execution:**\n- A full corporate website is generated in /var/www/html.\n- A systemd timer is configured to run traffic simulation automatically.\n- An initial simulation run starts immediately so logs begin populating.\n\n### Installation with a Contact Form\n```bash\nwebghost example.com install --post\n```\n\n### Mutual Imitation with Another Server\n```bash\nwebghost my-site.com partner-site.com install\n```\nWebGhost will send requests to both `my-site.com` and `partner-site.com`, simulating mutual visits.\n\n### Viewing Logs\n```bash\ncat /var/log/webghost-activity.log\n```\nThe log contains page visits (HTTP 200, 304, 404), resource loading, User-Agent switching, background noise, distractions, Google Analytics hits, etc.\n\n### Removing Only the Timer\n```bash\nwebghost uninstall\n```\nThe timer and the automation script are removed. The website files remain intact.\n\n### Full Uninstall\n```bash\nwebghost uninstall-all\n```\nRemoves the systemd timer, the generated website `/var/www/html`, the binary `/usr/local/bin/webghost`, and the log file `/var/log/webghost-activity.log`.\n\n### Updating to the Latest Version\n```bash\nwebghost update\n```\n\n## 📬 Contact form (optional)\n\nBy default, without the `--post` flag, WebGhost **does not add** a contact form to the main page.\n\n**Why:** POST requests are handled not by WebGhost, but by your web server (Caddy, Nginx, Apache). WebGhost generates static HTML pages but cannot control how your web server responds to POST requests. If the form exists and the web server is not configured to accept POST requests, it will return a `405 Method Not Allowed` error. Any errors in logs attract DPI attention and can unmask proxy traffic. That's why the form is disabled by default — WebGhost should not create anything that could generate suspicious server responses.\n\nIf you want to add a working form, use the `--post` flag: \n```bash\nwebghost example.com install --post\n```\nand **additionally configure your web server** (examples below).\n\n### What will happen:    \n- A contact form will appear on the main page with fields: name, email, message  \n- A thank-you page will be created at `/contact/thank-you.html`   \n- POST requests to `/contact` will return 302 with a redirect to the thank-you page  \n\n### Web server requirements:   \nTo make the form work, you need to configure your web server (Caddy, Nginx) to handle POST requests to `/contact` with a redirect to `/contact/thank-you.html`.\n\n### Example configuration for Caddy:\n```bash\n@post method POST\nhandle @post {\n    handle /contact* {\n        header Location \"/contact/thank-you.html\"\n        respond \"\" 302\n    }\n}\n```   \n### Example configuration for Nginx:\n```bash\nlocation /contact {\n    if ($request_method = POST) {\n        return 302 /contact/thank-you.html;\n    }\n    try_files $uri $uri/ =404;\n}\n```\n\n## ❓ Frequently Asked Questions\n### Can I learn more details about the signatures WebGhost uses to imitate traffic?\nThis information is intentionally not disclosed. The fewer details about internal algorithms and patterns become publicly available, the harder it is for Deep Packet Inspection (DPI) system developers to devise countermeasures. Developers on \"the other side\" also read documentation, so the most effective settings remain inside the code.\n\n### Doesn't the DPI see that traffic originates from the local server rather than real visitors on the internet?\nThe ISP's DPI sees the overall data flow passing through the server. It analyzes metadata (IP, volume, timing) but cannot always determine the exact source of requests within the network. WebGhost mixes simulated traffic with real traffic, making it harder to isolate actual proxy connections against the general background. However, some advanced DPI systems can analyze latency or network flows (NetFlow) and notice that some requests originate from localhost. That is why we recommend using WebGhost in mutual simulation mode — where two servers exchange traffic, creating a bidirectional pattern that is significantly harder to distinguish from real traffic.\n\n### How is traffic simulation distributed in different modes?\nWebGhost supports two modes:\n\n- **Local mode** — simulation of visitors only on your server. Used by default, creates a complete picture of an active site.\n\n- **Mutual simulation mode** — both servers exchange traffic. Your server creates a lightweight simulation for itself and a full simulation for the remote server. This makes traffic bidirectional and even more natural for DPI.\n\nExact parameters (number of sessions, burst probability) are not disclosed for security reasons — they are part of the DPI evasion strategy.\n\n### How can I verify that WebGhost is working and traffic simulation is active?\nAll activity is logged to `/var/log/webghost-activity.log`.\nTo view the accumulated records, run the command in the terminal: `cat /var/log/webghost-activity.log`.\n\nIn the log, you will see: page visits (HTTP 200), resource requests (favicon.ico, style.css, images), User‑Agent changes and emulation of different browsers, background noise (rare requests to non-existent pages), and more.\n\n### Does the remote server need to have WebGhost installed?\nFor maximum realism — yes. In mutual simulation mode, WebGhost requests the same pages that are generated by `setup-site`. If the remote server does not have such a site, it will respond with 404 errors, which is unnatural for a corporate portal and may attract DPI attention.\n\n### Is a web server required for WebGhost to work?\nYes, a web server is mandatory. WebGhost creates the site and simulates traffic, but it does not handle incoming HTTPS requests by itself. A web server (Caddy, Nginx, etc.) must be installed and configured separately so that the site is accessible from the internet. If you are using [NaiveProxy Manager](https://github.com/krdn-dev/naiveproxy-manager), the web server is installed automatically.\n\n## 🛠️ System Requirements\n- Linux (amd64 или arm64)\n- A domain pointed to the server (A record must resolve to your IP)\n- Access to port 443 (HTTPS)\n- Root privileges (for writing to `/var/www/html` and `/usr/local/bin`)\n- A working web server answering via HTTPS on your domain (Caddy, Nginx и т.д.)\n\n## 📄 License\nThis project is distributed under a proprietary license  [![License](https://img.shields.io/badge/License-Proprietary-red.svg)]()    \nAll rights reserved.\n\nPermitted:    \n- Free use of the binary for personal and commercial purposes\n- Copying and redistribution of the binary while retaining authorship\n\nProhibited:    \n- Modification, decompilation, and reverse engineering\n- Publishing source code or its derivatives\n\n## 💰 Support the Project  \nIf this script saved you time and you'd like to support its development, you can send a small donation    \n\n[![Bitcoin](https://img.shields.io/badge/Bitcoin-F7931A?style=flat\u0026logo=bitcoin\u0026logoColor=white)](https://www.blockchain.com/explorer/addresses/btc/bc1p4ttkpfrgzpm7nyymyzdgyd2y6z04s62nxpygk38yylcp3t47m98qwnuhen)\n```bc1p4ttkpfrgzpm7nyymyzdgyd2y6z04s62nxpygk38yylcp3t47m98qwnuhen```\n\n❤️ Thank you for your support!     \n⭐ Star this repository if the script helped you!\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrdn-dev%2Fwebghost","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkrdn-dev%2Fwebghost","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrdn-dev%2Fwebghost/lists"}