{"id":31711134,"url":"https://github.com/yechielb2000/ghost-minion","last_synced_at":"2026-04-15T07:35:22.173Z","repository":{"id":309384582,"uuid":"950927250","full_name":"yechielb2000/ghost-minion","owner":"yechielb2000","description":"Backdoor tool for Linux","archived":false,"fork":false,"pushed_at":"2025-09-08T11:32:08.000Z","size":178,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-09T00:59:47.202Z","etag":null,"topics":["backdoor","linux","offensive"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yechielb2000.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-03-18T22:36:03.000Z","updated_at":"2025-09-08T11:32:12.000Z","dependencies_parsed_at":"2025-09-08T13:12:55.448Z","dependency_job_id":"eab05776-0839-4468-8bdd-7f83ba8ec6e7","html_url":"https://github.com/yechielb2000/ghost-minion","commit_stats":null,"previous_names":["yechielb2000/ghost-minion"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/yechielb2000/ghost-minion","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yechielb2000%2Fghost-minion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yechielb2000%2Fghost-minion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yechielb2000%2Fghost-minion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yechielb2000%2Fghost-minion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yechielb2000","download_url":"https://codeload.github.com/yechielb2000/ghost-minion/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yechielb2000%2Fghost-minion/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31831845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T07:17:56.427Z","status":"ssl_error","status_checked_at":"2026-04-15T07:17:30.007Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","linux","offensive"],"created_at":"2025-10-09T00:59:39.755Z","updated_at":"2026-04-15T07:35:22.168Z","avatar_url":"https://github.com/yechielb2000.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ghost Minion\n\nThis is a Linux backdoor tool designed to collect system data and securely transmit it to a remote server.   \nIt supports multiple types of data collection, including system information, files, and periodic commands.  \nThe tool ss intended for research, or red team exercises in controlled environments.\n\n\u003e **⚠️ Important:** This tool is for authorized security testing and research only. Unauthorized use on systems without\n\u003e permission is illegal and unethical.\n\n## Configuration\n\nOn installation, provide a **YAML** config file in the same directory as the tool binary. It defines agent ID, database\npaths, logging, communication, and app options.  \nYou can see the structure in the file structure in the [config.go](ghostminion/config/config.go).\n\u003e **⚠️ Important:** Config must stay in the same directory as the binary.\n\n## Installation process\n\nPlace the tool binary and config file in the same directory.\nThe config file should follow the YAML structure described above.  \nRun the tool and optionally set a custom --id for the agent-id:\n\n```shell\n./ghostminion --id agent123\n```\n\nthe tool will:\n\n- Load the configuration.\n- Initialize logging.\n- Hide itself on the system.\n- Initialize the database with the configured path and password.\n- Generate or apply the AgentID and save it in the config.\n- Start default apps (Keylogger, Screenshot, Security Guard).\n- The tool continuously listens for tasks from the communication routine and starts apps as needed.\n\n\u003e Ensure the config file is writable so the tool can update the AgentID.\n\n## Apps\n\nThe agent fetches tasks from the server, which are instantiated as apps and run as goroutines. Each app performs a\nspecific function and can run concurrently.\n\nApp Types\n\n- Keylogger – records keystrokes.\n- Screenshot – captures screen at intervals.\n- Periodic Command – executes predefined commands periodically.\n- Periodic Get File – fetches files from the system.\n- Connect Online – attempts to connect to a server (depends on environment).\n- Security Guard – protects the backdoor; cannot be modified after initialization.\n\nApp Manager\nThe `AppManager` is a singleton that manages all apps. Key features:\n\n- `StartApp(name, app)` – starts an app as a goroutine.\n- `StopApp(name)` – stops and removes an app.\n- `StartAll()` / `StopAll()` – manage all apps at once.\n- `ListApps()` – returns currently running apps.\n- `GetApp(name)` – retrieve a specific app instance.\n\nApp Factory\nTasks fetched from the server are converted into apps using `NewAppFactory(task)`. The factory automatically\ninstantiates the correct app type based on the task type.\n\n\u003e **⚠️ Security Guard is critical:** it monitors the backdoor state and may terminate the agent if necessary. It cannot\n\u003e be\n\u003e added or edited after the first initialization.\n\n## Communication Protocol\n\nThe agent communicates with servers using HTTP by default, but the communication layer can be overridden to use custom\nprotocols.\n\n#### How it Works\n\nAuthentication:\n\n- The agent requests a challenge from the server using its AgentID.\n- Computes an HMAC using the challenge and the server key.\n- Send the HMAC back to verify authenticity.\n\nTask Fetching:\n\n- Periodically, the agent fetches tasks from a randomly selected server.\n- Each task is converted into an app by the App Factory and started as a goroutine.\n\nData Ex-filtration:\n\n- Old data rows (logs, collected data) are sent to the server in JSON format.\n- Communication is designed to avoid sending too much data at once and can respect system constraints like CPU usage.\n\n## Developer Guide\n```\n\nsudo apt install -y clang llvm libbpf-dev linux-headers-$(uname -r) build-essential golang-go\n\n```\n\nCompile ebf (to hide the process)\n\n```\nclang -O2 -target bpf -I/usr/include -I/usr/include/x86_64-linux-gnu -I/usr/include/bpf -I/usr/src/linux-headers-$(uname -r)/include -c hide_proc.c -o hide_proc.o\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyechielb2000%2Fghost-minion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyechielb2000%2Fghost-minion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyechielb2000%2Fghost-minion/lists"}