GhostMap is a Bash-driven reconnaissance tool that supercharges RustScan with automatic detection of web ports, backend technologies, and reverse proxy misconfigurations.
Whether you're doing CTFs, bug bounties, or internal red teaming, GhostMap helps you spot path smuggling vectors and backend leaks β fast.
This repo is intended for intial scan - as i have used the following flags -sS -Pn -n - must Fuzz for correct path for/if smugguling attack is possible.
- β‘ RustScan wrapper: Auto-runs scans, saves
.xml+.jsonoutputs - π Web port detection: 80, 443, 8080, 8443, 5000, 9000, etc.
- π Tech fingerprinting:
- Frontend proxies: NGINX, Apache, IIS
- Backends: Tomcat, Jetty, Flask, WebLogic, Spring Boot, WildFly
- π§ͺ Path smuggling probe: Sends
/;foo=bar/to test route parsing - π₯ Stack leak detection: Queries
/doesnotexistfor 404 info leaks - π¨ Alerts on dangerous combos like:
NGINX β TomcatApache β TomcatIIS β WildFly
- RustScan
- Tools:
bash,curl,awk,grep,getent - Optional:
jq(for JSON parsing if automating further)
./ghostmap.sh <target-hostname>