Skip to content

xploitnik/GhostMap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

5 Commits
GhostMap.sh
GhostMap.sh
ย 
ย 
README.md
README.md
ย 
ย 
bash-img1.png
bash-img1.png
ย 
ย 
bash-img2.png
bash-img2.png
ย 
ย 
main.png
main.png
ย 
ย 

Repository files navigation

๐Ÿ‘ป GhostMap - Smarter Recon with RustScan + Web Stack Fingerprinting

GhostMap is a Bash-driven reconnaissance tool that supercharges RustScan with automatic detection of web ports, backend technologies, and reverse proxy misconfigurations.

Whether you're doing CTFs, bug bounties, or internal red teaming, GhostMap helps you spot path smuggling vectors and backend leaks โ€” fast.

This repo is intended for intial scan - as i have used the following flags -sS -Pn -n - must Fuzz for correct path for/if smugguling attack is possible.

๐Ÿง  Features

  • โšก RustScan wrapper: Auto-runs scans, saves .xml + .json outputs
  • ๐ŸŒ Web port detection: 80, 443, 8080, 8443, 5000, 9000, etc.
  • ๐Ÿ” Tech fingerprinting:
    • Frontend proxies: NGINX, Apache, IIS
    • Backends: Tomcat, Jetty, Flask, WebLogic, Spring Boot, WildFly
  • ๐Ÿงช Path smuggling probe: Sends /;foo=bar/ to test route parsing
  • ๐Ÿ’ฅ Stack leak detection: Queries /doesnotexist for 404 info leaks
  • ๐Ÿšจ Alerts on dangerous combos like:
    • NGINX โ†’ Tomcat
    • Apache โ†’ Tomcat
    • IIS โ†’ WildFly

๐Ÿ“ฆ Requirements

  • RustScan
  • Tools: bash, curl, awk, grep, getent
  • Optional: jq (for JSON parsing if automating further)

๐Ÿ› ๏ธ Usage

./ghostmap.sh <target-hostname>

About

GhostMap is a Bash-based wrapper for RustScan that identifies web ports, fingerprints proxy/backend technologies, and detects path smuggling risks.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages