An open API service indexing awesome lists of open source software.

https://github.com/joemunene-by/ghostsuite

Eleven open-source security tools, one ghost. The ghostsuite family: recon, scanning, intrusion detection, malware triage, supply chain, cloud posture, and key management.
https://github.com/joemunene-by/ghostsuite

cybersecurity devsecops ghostsuite infosec monorepo security security-tools

Last synced: about 24 hours ago
JSON representation

Eleven open-source security tools, one ghost. The ghostsuite family: recon, scanning, intrusion detection, malware triage, supply chain, cloud posture, and key management.

Awesome Lists containing this project

README

          


ghostsuite


Eleven open-source security tools, one ghost. Production command-line tools spanning offensive, defensive, supply-chain, cloud, and cryptographic security. Each is installable, test-covered, and green on CI.






---

## The suite


ghostrecon
ghostrecon

Passive OSINT recon framework
ghostmap
ghostmap

Web vulnerability scanner (XSS, SQLi)
ghostpwn
ghostpwn

Pentest workflow orchestration


ghostscope
ghostscope

AI-based intrusion detection
ghostbox
ghostbox

Static malware analysis sandbox
ghostdlp
ghostdlp

Data-leak prevention and PII classifier


ghostsbom
ghostsbom

Software supply-chain analyzer
ghostchain
ghostchain

Solidity smart-contract auditor
ghostmobile
ghostmobile

APK and IPA static analyzer


ghostcloud
ghostcloud

Multi-cloud posture (CSPM) scanner
ghostvault
ghostvault

Key management system (KMS)

## One system, eleven tools

The suite shares more than a prefix. Every tool is built to the same standard: a Typer command-line interface, structured output to console, JSON, and SARIF for CI gating, real test coverage, GitHub Actions CI across Python 3.11 and 3.12, and an authorized-use posture by default. The visual identity is generated from a single design system, one ghost mark, one accent and one glyph per tool, so the family reads as one product line.

The throughline is the theme: security and safety are about what you cannot see directly, the adversary already inside the system, the failure that has not surfaced yet. These tools exist to make the invisible auditable.

## The broader ghost ecosystem

The suite sits alongside the rest of the work under the same name:

- **[GhostLM](https://github.com/joemunene-by/GhostLM)** is an 81M-parameter cybersecurity language model trained from scratch in PyTorch.
- **[ghostloop](https://github.com/joemunene-by/ghostloop)** is a fail-closed safety runtime for embodied agents, published on PyPI.
- **[ghostforensics](https://github.com/joemunene-by/ghostforensics)**, **[ghostsiem](https://github.com/joemunene-by/ghostsiem)**, **[ghostaudit](https://github.com/joemunene-by/ghostaudit)**, and **[ghostguard](https://github.com/joemunene-by/ghostguard)** round out the defensive and agent-safety tooling.

## Authorized use

These are tools for authorized security work: assessments you are permitted to run, systems you own or have written permission to test, and defensive monitoring of your own infrastructure. Use them lawfully and with consent.

## License

MIT. Each tool is independently licensed in its own repository.

---


Built by Joe Munene, founder of Complex Developers.