GhostPath β A Modern Interactive Reconnaissance Toolkit for Hackers & Security Researchers π΅οΈββοΈ
GhostPath is a professional-grade CLI reconnaissance toolkit designed for cybersecurity researchers, penetration testers and bug bounty hunters. It provides a modular, extensible and interactive shell to run recon operations in an intuitive and streamlined way.
π‘ Powered by Python and focused on speed, clarity and results.
- π Interactive hacker-style CLI shell
- π Passive and active recon modules
- 𧩠Modular architecture with shared utilities
- π Output saving in TXT, JSON, CSV
- π Multithreaded path probing with live feedback
- π§Ύ Certificate transparency & subdomain discovery
- π Wayback, URLScan and CommonCrawl support
- π§ Built-in wordlist fallback & auto-detection
- π§
pipx-installable for global CLI use - β
--help,--versionandupdatecommand support
Use pipx for a clean, isolated global installation:
# Install pipx (if not already)
sudo apt install pipx
pipx ensurepath
source ~/.bashrc # or ~/.zshrc
# Clone and install GhostPath
git clone https://github.com/atharvbyadav/GhostPath.git
cd GhostPath
pipx install .GhostPath
If you prefer not to use pipx, you can run GhostPath directly using Python:
git clone https://github.com/atharvbyadav/GhostPath.git
cd GhostPathHighly recommended to isolate dependencies.
python3 -m venv venv
source venv/bin/activatepip install -r requirements.txtpython3 main_cli.pyOnce inside the shell:
ghostpath> helpYouβll see:
𧩠Available GhostPath Commands:
timetrail β Fetch historical URLs from archives (Wayback, URLScan, Common Crawl)
domainscope β Discover subdomains & DNS profiling
pathprobe β Actively probe directories and endpoints
certtrack β Get subdomains from public SSL/TLS certs
version β Show current installed version
clear β Clear the screen
help β Show this help menu
exit β Exit GhostPath CLI
Fetch historical URLs from:
- Common Crawl (default)
- Wayback Machine
- URLScan.io
timetrail --target example.com
timetrail --target example.com --source wayback --output urls.json --format jsonFind subdomains and related DNS data.
domainscope --target example.com
domainscope --target example.com --output domains.txtGather subdomains from SSL/TLS certificate transparency logs.
certtrack --target example.com
certtrack --target example.com --output certs.csv --format csvActively probe common paths/endpoints on a web app using HTTP requests.
pathprobe --target https://example.com
pathprobe --target https://example.com --wordlist lists/path-wordlist.txt --output result.json --format jsonIf no wordlist is passed, it will fallback to:
GhostPath/lists/path-wordlist.txt
All modules support output saving in:
- β
.txt - β
.json - β
.csv
Just pass:
--output filename --format txt|json|csvghostpath> versionpipx reinstall GhostPathBSD 3-Clause License
Copyright (c) 2025, Atharv Yadav
All rights reserved.
π See the LICENSE file for full license terms.
We welcome your pull requests, feature ideas and improvements to make GhostPath even better! Here's how to contribute:
-
Fork the repository
-
Clone your fork locally:
git clone https://github.com/yourusername/GhostPath.git cd GhostPath -
Create a new branch for your changes:
git checkout -b feature/your-feature
-
Make your changes and commit:
git commit -m "Add: your feature/fix summary" git push origin feature/your-feature -
Open a Pull Request on GitHub π¬
Please follow best practices and write clear commit messages π
ββ[ Coded with β + β‘ by Atharv Yadav ]
β
ββπ οΈ Creator of GhostPath
ββπ https://github.com/atharvbyadav
ββπ§ uuwr5t1s [at] duck [dot] com
{ _Looks suspicious? Good. Itβs mine. The ducks work for me. π¦π»_ }"I donβt just scan β I haunt networks." π»
π GitHub: @atharvbyadav
βοΈ Email Me
π·οΈ GhostPath β Stealthy. Modular. Effective.