Skip to content

VAIBHAVSING/openghost

OpenGhost

skills.sh License Agent Skill

Agent Skill for authorized web application and supporting server integrity penetration testing.

OpenGhost helps an AI coding agent run a scoped security assessment. The agent plans the work, tests carefully, validates evidence, and writes findings. OpenGhost provides the Docker sandbox, scope files, evidence folders, reusable checks, and report templates.

Important

Use OpenGhost only on systems you are explicitly authorized to test.

Write the allowed targets, exclusions, accounts, rate limits, test windows, emergency contacts, and rules of engagement into the generated scope file before active testing.

How to Use

Install the skill with the skills CLI:

npx skills@latest add https://github.com/VAIBHAVSING/openghost --skill openghost-skill

Then ask your agent to use OpenGhost for an authorized assessment:

Use $openghost-skill to assess https://target.example.
Authorization and scope details are in the engagement notes.

Make sure Docker is running. Security tools are executed through the OpenGhost sandbox, not directly on your host machine.

Use from a local checkout
git clone https://github.com/VAIBHAVSING/openghost.git
cd openghost
export PATH="$PWD/skills:$PWD/skills/openghost-skill:$PATH"
openghost help
Use with Codex or another Agent Skills client

Prefer the skills CLI install command above. If you install manually, copy the skill folder into your client skill directory:

git clone https://github.com/VAIBHAVSING/openghost.git /tmp/openghost
mkdir -p ~/.agents/skills
cp -R /tmp/openghost/skills/openghost-skill ~/.agents/skills/

Codex and other Agent Skills clients can then discover the openghost-skill package from the skill directory.

Start an Engagement

Create a scoped workspace before testing:

openghost sandbox start
openghost engagement init --url https://target.example --name target-example
export OPENGHOST_SCOPE=.openghost/engagements/target-example/scope.yaml

Edit the generated scope file:

.openghost/engagements/target-example/scope.yaml

Add the allowed hosts, ports, paths, accounts, roles, tenants, exclusions, rate limits, test windows, destructive-test rules, emergency contacts, and notes.

OpenGhost keeps generated engagement data under .openghost/. That data is operational evidence and should normally stay out of commits.

What OpenGhost Includes

OpenGhost
|-- Agent Skill instructions
|-- Docker sandbox launcher
|-- Engagement state and scope helpers
|-- Evidence, finding, and report helpers
|-- Reusable assessment scripts
`-- Reference modules for common web and API test areas
Area What it does
SKILL.md Tells the agent how to run an authorized assessment.
openghost launcher Starts the sandbox and runs allowlisted tools inside Docker.
Scope files Define what is allowed and what is out of bounds.
Evidence helpers Save proof such as requests, responses, screenshots, and tool output.
Finding helpers Record confirmed issues with impact, confidence, priority, and remediation.
Report templates Build a final report from confirmed evidence.

Assessment Modules

OpenGhost is one skill package with several focused modules. The agent loads the deeper reference only when that topic is needed.

Module Use it for
surface-map Hosts, technologies, routes, endpoints, forms, and exposed files.
server-integrity TLS, headers, DNS, services, and server posture.
session-auth Login, cookies, JWT, OAuth/OIDC, SAML, API keys, and sessions.
access-control Roles, tenants, object IDs, admin actions, BOLA, and BFLA.
injection SQL, NoSQL, XSS, XML, command, template, and parser issues.
api-protocols REST, OpenAPI, GraphQL, WebSocket, SOAP/XML, and gRPC.
browser-policy CORS, CSP, clickjacking, browser behavior, and ZAP with Playwright.
http-edge CDN, cache, proxy, WAF, host routing, and HTTP parameter pollution.
business-logic Payments, approvals, invites, quotas, entitlements, races, and abuse cases.

Basic Workflow

Run safe checks through the sandbox:

openghost sandbox status
openghost script list
openghost script run web-baseline -- --target-url https://target.example
openghost script run api-inventory -- --target-url https://target.example

Record evidence:

openghost evidence add --path response.txt --kind response --title "Baseline response"

Save a confirmed finding:

openghost finding add \
  --title "Example finding title" \
  --severity medium \
  --priority P3 \
  --module server-integrity \
  --url "https://target.example/" \
  --confidence 95 \
  --evidence E-001 \
  --step "Captured the baseline response." \
  --impact "Documented confirmed behavior." \
  --priority-rationale "P3 because impact is limited." \
  --remediation "Apply the recommended hardening."

Generate the report:

openghost report generate

Common Commands

Sandbox

openghost sandbox start
openghost sandbox status
openghost sandbox stop
openghost sandbox update
openghost sandbox shell

Tool Execution

openghost run <tool> [args...]
openghost bash '<command>'
openghost python code '<script>'
openghost python file <path> -- [args...]

ZAP and Browser Workflows

openghost zap start
openghost zap baseline --target https://target.example --minutes 5
openghost zap api-scan --target https://target.example/openapi.json --format openapi --target-url https://target.example
openghost zap alerts --format md
openghost browser devtools --url https://target.example --zap

Engagement Helpers

openghost todo add --task "Complete surface mapping" --module surface-map --priority high
openghost evidence add --path <file> --kind <kind> --title <title>
openghost artifact add --path <file> --kind <kind> --title <title>
openghost finding add --title <title> --severity <severity> --module <module> --url <url> --confidence <90-100> --evidence E-001
openghost report generate

Script Templates

openghost script list
openghost script show api-inventory
openghost script copy xss-check
openghost script run cors-check -- --base-url https://target.example --endpoints /api/me /

Safety Model

  • Confirm authorization, targets, exclusions, rate limits, and test windows before testing.
  • Set OPENGHOST_SCOPE and verify scope before each target, module, and tool run.
  • Run security tooling through openghost, not directly on the host.
  • Treat scanner output as leads until validated with evidence.
  • Keep generated engagement data under .openghost/ and normally out of commits.
  • Use destructive, high-volume, or state-changing checks only when the rules of engagement explicitly allow them.
  • Separate confirmed findings from notes, draft leads, and speculation.

Repository Map

.
|-- README.md
|-- ARCHITECTURE.md
|-- DEVELOPMENT.md
|-- AGENTS.md
|-- CONTRIBUTING.md
|-- SECURITY.md
|-- Dockerfile
|-- docker/
|-- openghost
`-- skills/
    |-- openghost
    `-- openghost-skill/
        |-- SKILL.md
        |-- agents/
        |-- assets/
        |-- openghost
        |-- references/
        |   `-- modules/
        `-- scripts/
            `-- pentest/

Developer Docs

  • Architecture - components, command flow, trust boundaries, and engagement state.
  • Development - local setup, validation commands, and release checklist.
  • AGENTS.md - coding-agent maintenance context.
  • Contributing - contribution rules and pull request expectations.
  • Security - vulnerability reporting policy.
  • Attribution - attribution and provenance notes.

Contribute

Keep OpenGhost direct and practical:

  • Keep README.md simple: purpose, install, basic use, safety, and repo map.
  • Keep detailed methodology in skills/openghost-skill/SKILL.md and skills/openghost-skill/references/.
  • Keep security tools inside the Docker sandbox.
  • Keep examples scoped and non-destructive.
  • Keep confirmed findings evidence-backed.

License

OpenGhost is licensed under the Apache License 2.0. See LICENSE.

About

OpenGhost is an Agent Skill for authorized web app penetration testing: Enter lab url paste credential your agent and wait everything does with help of openghost

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

37 stars

Watchers

3 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors