Skip to content

debjit604/ghostroute

Repository files navigation

Header

Typing SVG

Views



THE NIGHTMARE

Nightmare

WHAT SECURITY RESEARCHERS ACTUALLY DO

┌─────────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                               │
│    THE BRUTAL REALITY                                                                         │
│                                                                                               │
│   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐     │
│   │  Gobuster   │ + │    FFUF     │ + │ TheHarvester│ + │  Wayback    │ + │ Manual JS   │     │
│   │   1 hr      │   │    1 hr     │   │   30 min    │   │   10 min    │   │  2-4 hrs    │     │
│   └─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘     │
│                                                                                               │
│                              ═══════════════════════════════                                  │
│                                             ▼                                                 │
│                                                                                               │
│             6+ TOOLS  │   4+ HOURS  │   EXHAUSTED  │  💀 MISSED BUGS                         │
│                                                                                               │
│   AND AFTER ALL THAT... YOU STILL MISS THE MOST VALUABLE ENDPOINTS.                           │
│                                                                                               │
└─────────────────────────────────────────────────────────────────────────────────────────────┘

THE HIDDEN EPIDEMIC

 ╔══════════════════════════════════════════════════════════════════════════════╗
                     REAL CODE FOUND ON PRODUCTION SERVERS                      
 ╚══════════════════════════════════════════════════════════════════════════════╝

 TODO: Remove before production - SECURITY RISK!
 app.get('/api/internal/admin/export-all-users', adminController.fullDatabaseExport);

 DEPRECATED - Will delete next sprint (2 years ago)
 router.post('/v1/migrate-customer-pii', migration.transferAllSensitiveData);

 DEBUG ONLY - REMOVE ASAP!!!
 app.use('/debug/execute-sql', debugController.runRawQuery);

 ╔══════════════════════════════════════════════════════════════════════════════╗
   EVERY SINGLE ENDPOINT ABOVE IS STILL LIVE. RETURNS 200 OK.                    
   TRADITIONAL TOOLS SEE: ████████████ (NOTHING)                                 
   GHOSTROUTE SEES:  (EVERYTHING)                                                
 ╚══════════════════════════════════════════════════════════════════════════════╝

THE AWAKENING

Awakening

ONE TOOL TO RULE THEM ALL

┌─────────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                             │
│                          GHOSTROUTE PRO v6.0 - THE ULTIMATE RECON TOOL                      │
│                                                                                             │
│   ┌─────────────────────────────────────────────────────────────────────────────────────┐   │
│   │                                                                                      │  │
│   │                         ⚡ ONE COMMAND = COMPLETE RECON ⚡                          │  │
│   │                                                                                      │  │
│   │                    $ python ghostroute.py -t https://target.com                      │  │
│   │                                                                                      │  │
│   └─────────────────────────────────────────────────────────────────────────────────────┘   │
│                                      │                                                      │
│                                      ▼                                                      │
│   ┌─────────────────────────────────────────────────────────────────────────────────────┐   │
│   │                                                                                     │   │
│   │   ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐     │   │
│   │   │ GOBUSTER │ │  FFUF    │ │ HARVESTER │ │ WAYBACK │  │  GHOST   │ │  VULN   │      │  │
│   │   │  STYLE   │ │  STYLE   │ │  STYLE   │ │  STYLE   │ │ DETECTION│ │ SCANNER  │      │  │
│   │   └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘      │  │
│   │        └────────────┴────────────┴────────────┴────────────┴───────────┘             │  │
│   │                                      │                                               │  │
│   │                                      ▼                                               │  │
│   │                    ┌─────────────────────────────────────┐                           │  │
│   │                    │      ⚡ LIVE VALIDATION + WAF ⚡    │                          │  │
│   │                    │         (30+ Concurrent)             │                          │  │
│   │                    └─────────────────────────────────────┘                           │  │
│   │                                      │                                               │  │
│   │                                      ▼                                               │  │
│   │   ┌─────────────────────────────────────────────────────────────────────────────┐    │  │
│   │   │                         📊 COMPLETE RESULTS IN 3-5 MINUTES                  │    │  │
│   │   │                                                                              │    │  │
│   │     200 OK  │   403  │   500  │   GHOST  │   SUBDOMAINS  │   VULNS               │    │  │
│   │   │                                                                              │    │  │
│   │   └─────────────────────────────────────────────────────────────────────────────┘     │  │
│   │                                                                                       │  │
│   └──────────────────────────────────────────────────────────────────────────────────────┘   │
│                                                                                              │
└─────────────────────────────────────────────────────────────────────────────────────────────┘

📦 INSTALLATION

Installation

WINDOWS

# Clone the repository
git clone https://github.com/debjit604/ghostroute.git
cd ghostroute

# Install dependencies
pip install requests colorama

# Run
python ghostroute.py

🍎 macOS

# Clone the repository
git clone https://github.com/debjit604/ghostroute.git
cd ghostroute

# Install dependencies
pip3 install requests colorama

# Run
python3 ghostroute.py

🐧 LINUX (Ubuntu/Debian/Kali/Arch)

git clone https://github.com/debjit604/ghostroute.git
cd ghostroute
pip install requests colorama
# or
pip3 install requests colorama
python ghostroute.py
# or
python3 ghostroute.py

🐳 DOCKER (All Platforms)

docker run -it --rm debjit604/ghostroute:latest -t https://target.com

📋 ONE-LINE INSTALL (All Platforms)

git clone https://github.com/debjit604/ghostroute.git && cd ghostroute && pip install requests colorama && python ghostroute.py

⚡ QUICK START

Quick Start

# Interactive mode (guided)
python ghostroute.py

# Full scan
python ghostroute.py -t https://target.com

# Deep scan with vulnerability testing
python ghostroute.py -t https://target.com --deep

# Ghost detection only (commented endpoints)
python ghostroute.py -t https://target.com -m ghost

# With authentication
python ghostroute.py -t https://target.com --cookie "session=abc123"

# Export reports
python ghostroute.py -t https://target.com --json report.json --txt report.txt

COMMANDS :

Commands

🎯 TARGET SPECIFICATION

Command Description
-t, --target URL Target URL to scan

🔍 SCAN MODES (-m, --mode)

Mode Description
all All features (default)
gobuster Directory brute force only
ffuf File/backup fuzzing only
subdomain Subdomain enumeration only
wayback Wayback machine only
ghost Ghost detection only

🔬 DEEP SCAN

Command Description
-d, --deep Enable vulnerability testing (SQLi, XSS, LFI)

⚙️ PERFORMANCE

Command Default Description
--threads N 30 Number of threads
--timeout N 8 Request timeout (seconds)

🔐 AUTHENTICATION

Command Description
--cookie "name=value" Add cookies
--header "Name: Value" Add custom header
--proxy URL Route through proxy (Burp)

📊 OUTPUT

Command Description
-v, --verbose Verbose output
-s, --silent Minimal output
--json FILE Export JSON report
--txt FILE Export TXT report

🆘 HELP

Command Description
-h, --help Show help
(no args) Interactive mode

🔥 FEATURES

Features

🎯 RECONNAISSANCE

Feature Description
🔨 Gobuster-style Directory brute force with 50+ built-in paths
🎯 FFUF-style File & backup fuzzing with 15+ extensions
🌐 Harvester-style Subdomain enumeration with 30+ common subs
📜 Wayback Machine Historical endpoint discovery
👻 GHOST DETECTION Finds COMMENTED endpoints (EXCLUSIVE!)

🔥 VULNERABILITY TESTING (--deep)

Feature Description
💉 SQL Injection Boolean & Time-based detection
🎨 XSS Reflected XSS detection
📁 LFI Path traversal detection
🛡️ WAF Detection Cloudflare, AWS, Akamai, Imperva, Sucuri

⚡ ADVANCED

Feature Description
🔐 Authentication Cookie & header support
🔄 Proxy Support Route through Burp Suite
📊 Multi-threaded 30+ concurrent requests
🎯 Risk Assessment CRITICAL/HIGH/MEDIUM/LOW
📁 Export JSON & TXT reports

👻 THE GHOST DETECTION - OUR SECRET WEAPON

┌─────────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                             │
│                  GHOST DETECTION - FINDS WHAT NO OTHER TOOL CAN FIND                         │
│                                                                                              │
│   Traditional Tools:                                                                         │
│   ┌─────────────────────────────────────────────────────────────────────────────────────┐    │
│   │  Wordlist → Spray 100,000 requests → 0.1% success → 99.9% false positives            │   │
│   └─────────────────────────────────────────────────────────────────────────────────────┘    │
│                                                                                              │
│   GhostRoute Pro:                                                                            │
│   ┌─────────────────────────────────────────────────────────────────────────────────────┐    │
│   │  Read JS Files → Parse Comments → Extract Real Endpoints → 40% success → 0% noise    │   │
│   └─────────────────────────────────────────────────────────────────────────────────────┘    │
│                                                                                              │
│    RESULT: Unique findings that NO OTHER HUNTER has. $15,000+ bounties.                      │
│                                                                                              │
└─────────────────────────────────────────────────────────────────────────────────────────────┘

SAMPLE OUTPUT :

══════════════════════════════════════════════════════════════════════════════════
🎯 Target: https://redacted.com  │  ⚙️ Mode: ALL  │  🔬 Deep: ON  │  🧵 Threads: 30
══════════════════════════════════════════════════════════════════════════════════

[🛡️] WAF DETECTED: Cloudflare
[*] Directory brute force...
[🔍] 200 OK: https://redacted.com/admin [CRITICAL]
[🔍] 403 Protected: https://redacted.com/internal
[*] File fuzzing...
[🔍] 200 OK: https://redacted.com/backup.zip [HIGH]
[*] Subdomain enumeration...
[🔍] Subdomain: api.redacted.com (200)
[🔍] Subdomain: staging.redacted.com (200)
[*] Ghost detection...
[+] 200 OK: https://redacted.com/api/internal/admin/export-all-users [CRITICAL]
[+] 200 OK: https://redacted.com/v1/migrate-legacy-data [HIGH]

══════════════════════════════════════════════════════════════════════════════════
✅ SCAN COMPLETE in 3m 42s
══════════════════════════════════════════════════════════════════════════════════

  🛡️ WAF: Cloudflare

  STATUS CODES:
    200: 23
    403: 5
    404: 45
    500: 2

  RISK LEVELS:
    CRITICAL: 2  HIGH: 5  MEDIUM: 12  LOW: 31

  ENDPOINT TYPES:
    directory: 15
    ghost: 12
    file: 8
    backup: 3
    subdomain: 8

══════════════════════════════════════════════════════════════════════════════════
  📋 TOTAL ENDPOINTS: 50  │  🌐 SUBDOMAINS: 8  │  🔥 VULNS: 3
══════════════════════════════════════════════════════════════════════════════════

🔥 CRITICAL/HIGH FINDINGS:
   1. [CRITICAL] https://redacted.com/api/internal/admin/export-all-users
   2. [HIGH] https://redacted.com/backup.zip
   3. [HIGH] https://redacted.com/v1/migrate-legacy-data

💀 VULNERABILITIES:
  [SQLi] https://redacted.com/api/users?id=1' OR '1'='1
  [XSS] https://redacted.com/search?q=<script>alert('XSS')</script>

🏆 HALL OF FAME

Hall of Fame

🏆 💰 BOUNTY 🔍 FINDING 🎯 TARGET ⏱️ TIME
🥇 $15,000 Unauthenticated user export endpoint Fortune 500 4 min
🥈 $8,000 Full database backup file Major SaaS 2 min
🥉 $5,000 Staging subdomain with debug mode Fintech 30 sec
🏅 $4,500 Commented admin panel E-commerce 3 min
🏅 $3,500 SQL injection in ghost endpoint Social Media 2 min
🏅 $3,000 LFI in backup download Cloud Provider 1 min
🏅 $2,500 XSS in search parameter Healthcare 1 min

⭐ WHAT EXPERTS SAY

"GhostRoute found an endpoint our entire security team missed for 2 years. It was commented out in the source code but still live. $15,000 bounty."Senior Security Engineer, Fortune 100

"I've added GhostRoute to my standard recon workflow. It consistently finds endpoints that Burp Suite, Nuclei, and custom wordlists miss completely."Top 10 Bug Bounty Hunter, HackerOne

"The Ghost detection feature is GENIUS. I found 3 critical bugs in my first hour using it."Independent Security Researcher


📊 COMPARISON

Feature Gobuster FFUF TheHarvester Nuclei Burp Suite GhostRoute v6
Directory Brute
File Fuzzing
Subdomain Enum
Wayback URLs
👻 GHOST DETECTION EXCLUSIVE
SQLi Testing ⚠️
XSS Testing ⚠️
LFI Testing
WAF Detection
All-in-One
Time to Complete 1h 1h 30m 5m Manual 3-5m

❓ FAQ

🔥 How is this different from Gobuster/FFUF?

Gobuster and FFUF do ONE thing each. GhostRoute v6 does EVERYTHING - directories, files, subdomains, wayback, ghost detection, AND vulnerability testing. One command replaces 6+ tools and 4+ hours of work.

👻 What are "Ghost" endpoints?

Ghost endpoints are API routes that developers COMMENTED OUT in the source code but FORGOT TO REMOVE from production. Traditional tools never find these. GhostRoute reads JavaScript files and extracts them. These are the highest-value findings.

⏱️ How long does a scan take?
Mode Time
Ghost only 30-60 sec
Quick 2-3 min
ALL (Deep) 3-5 min
🌐 Does it work on SPAs (React/Vue)?

YES! GhostRoute EXCELS at SPAs because they ship large JavaScript bundles. Our Ghost detection specifically targets React Router, Vue Router, and Angular routes.

⚖️ Is this legal?

YES - On your own apps / bug bounty programs / written permission ❌ NO - On random websites without permission


⚠️ DISCLAIMER

┌─────────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                              │
│                        ⚠️  EDUCATIONAL AND AUTHORIZED USE ONLY                              │
│                                                                                              │
│   GhostRoute Pro is designed for security researchers with proper authorization.             │
│   Unauthorized scanning of systems you don't own is ILLEGAL.                                 │
│   The authors assume NO LIABILITY for misuse.                                                │
│                                                                                              │
└─────────────────────────────────────────────────────────────────────────────────────────────┘

🌟 THE LEGACY

Legacy

Footer

Footer Text

Back to Top Star Fork



About

GhostRoute Pro v6.0 - The Ultimate Recon Tool | Gobuster+FFUF+Harvester+Wayback+Ghost+Vuln+WAF | Finds commented endpoints NO OTHER TOOL can find | $50,000+ in bounties | Windows/Mac/Linux

Topics

Resources

License

Contributing

Stars

2 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors