https://github.com/joemunene-by/ghostsuite
Eleven open-source security tools, one ghost. The ghostsuite family: recon, scanning, intrusion detection, malware triage, supply chain, cloud posture, and key management.
https://github.com/joemunene-by/ghostsuite
cybersecurity devsecops ghostsuite infosec monorepo security security-tools
Last synced: about 24 hours ago
JSON representation
Eleven open-source security tools, one ghost. The ghostsuite family: recon, scanning, intrusion detection, malware triage, supply chain, cloud posture, and key management.
- Host: GitHub
- URL: https://github.com/joemunene-by/ghostsuite
- Owner: joemunene-by
- License: mit
- Created: 2026-06-21T09:20:09.000Z (16 days ago)
- Default Branch: main
- Last Pushed: 2026-06-21T22:05:49.000Z (16 days ago)
- Last Synced: 2026-06-22T00:04:54.754Z (16 days ago)
- Topics: cybersecurity, devsecops, ghostsuite, infosec, monorepo, security, security-tools
- Size: 9.77 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Eleven open-source security tools, one ghost. Production command-line tools spanning offensive, defensive, supply-chain, cloud, and cryptographic security. Each is installable, test-covered, and green on CI.
---
## The suite

ghostrecon
Passive OSINT recon framework

ghostmap
Web vulnerability scanner (XSS, SQLi)

ghostpwn
Pentest workflow orchestration

ghostscope
AI-based intrusion detection

ghostbox
Static malware analysis sandbox

ghostdlp
Data-leak prevention and PII classifier

ghostsbom
Software supply-chain analyzer

ghostchain
Solidity smart-contract auditor

ghostmobile
APK and IPA static analyzer

ghostcloud
Multi-cloud posture (CSPM) scanner

ghostvault
Key management system (KMS)
## One system, eleven tools
The suite shares more than a prefix. Every tool is built to the same standard: a Typer command-line interface, structured output to console, JSON, and SARIF for CI gating, real test coverage, GitHub Actions CI across Python 3.11 and 3.12, and an authorized-use posture by default. The visual identity is generated from a single design system, one ghost mark, one accent and one glyph per tool, so the family reads as one product line.
The throughline is the theme: security and safety are about what you cannot see directly, the adversary already inside the system, the failure that has not surfaced yet. These tools exist to make the invisible auditable.
## The broader ghost ecosystem
The suite sits alongside the rest of the work under the same name:
- **[GhostLM](https://github.com/joemunene-by/GhostLM)** is an 81M-parameter cybersecurity language model trained from scratch in PyTorch.
- **[ghostloop](https://github.com/joemunene-by/ghostloop)** is a fail-closed safety runtime for embodied agents, published on PyPI.
- **[ghostforensics](https://github.com/joemunene-by/ghostforensics)**, **[ghostsiem](https://github.com/joemunene-by/ghostsiem)**, **[ghostaudit](https://github.com/joemunene-by/ghostaudit)**, and **[ghostguard](https://github.com/joemunene-by/ghostguard)** round out the defensive and agent-safety tooling.
## Authorized use
These are tools for authorized security work: assessments you are permitted to run, systems you own or have written permission to test, and defensive monitoring of your own infrastructure. Use them lawfully and with consent.
## License
MIT. Each tool is independently licensed in its own repository.
---
Built by Joe Munene, founder of Complex Developers.