Security Intelligence

Ghost’s security intelligence system provides layered vulnerability detection — from passive traffic analysis that runs automatically in the background, to AI-driven active testing with external security scanners, to runtime instrumentation with Frida for bypassing app protections.

When you switch Ghost to Security Mode, the entire interface transforms: the sidebar shows findings and targets instead of domains and bookmarks, the flow list highlights vulnerability severity, the inspector gains a findings tab and JWT decoder, and the AI agent switches from a QA engineer persona to a senior penetration tester following PTES (Penetration Testing Execution Standard) methodology.

Architecture

What this diagram shows:

All security detections — whether from the passive interceptor (54 checks across 3 tiers) or from active testing tools — flow through a deduplication engine before being stored. The dedup engine ensures the same finding is only reported once per session (e.g., if 100 responses from api.example.com are missing the HSTS header, you get one finding, not 100). The findings are stored in SQLite and streamed to the UI via WebSocket events.

Dual Mode

Ghost operates in two modes. Security intelligence activates when you switch to Security Mode.

Aspect	QA Mode	Security Mode
Sidebar	Scope Panel (domains, bookmarks)	Findings Panel (targets, severity stats)
Flow list	Standard columns	Severity dots, findings count, auth badges
Inspector	Headers, body, timing	Findings tab, auth analysis, JWT decoder
Agent persona	QA engineer	Senior penetration tester
Agent tools	QA tools (test generation, regression, export)	Security tools (scanners, attacker, Frida)
Accent color	Cyan/Blue	Red/Orange
Finding prefix	`BUG-NNN`	`VULN-NNN`

Security Sub-Modes

Sub-Mode	What’s Different
Web	Web + API security testing. No Frida tools in prompt, no mobile inspector context.
Mobile	Adds Frida tools section, mobile inspector context, mobile vulnerability taxonomy (certificate pinning, insecure local storage, root/jailbreak detection, sensitive data in logs, hardcoded secrets, deep link injection, clipboard leakage, missing binary protections, debug mode enabled, excessive permissions, weak encryption, man-in-the-disk).

Scan Modes

Scan modes control how aggressive the AI agent is allowed to be. They form a trust escalation chain — you start passive and can escalate as you get comfortable.

Passive (Default)

Observe and analyze captured traffic only. Ghost reads traffic that’s already flowing — it never sends additional requests.

Allowed:

Analyze all captured flows for vulnerabilities
Search traffic, get flow details, list endpoints
List existing findings from the store
run_trufflehog with --no-verification flag only (static secret scanning — scans existing data without making network requests)
run_semgrep (static analysis for DOM XSS patterns)
Browser read-only actions (browser_read_page, browser_query_all, browser_screenshot)
proxy_inject_script for DOM annotation only (read-only highlights)

Forbidden: replay_request, send_http_request, attack_request, all other external scanners, all Frida tools, all browser modification actions

Active Safe

Test without modifying target data — like a security auditor who looks but doesn’t touch.

Allowed (in addition to everything in passive):

GET requests freely, read-only POST endpoints
All external scanners at safe configurations: nuclei, dalfox, ffuf, katana, nmap, sslscan
run_sqlmap (risk capped at level 1 — detection only, no exploitation)
attack_request for automated payload testing
Browser click/fill actions
frida_check, frida_list_apps, frida_trace (read-only function hooking)

Requires request_approval first: Data-modifying requests (POST/PUT/PATCH/DELETE that modify data), frida_bypass_ssl, frida_root_bypass, frida_inject, browser script injection

Active Full

Full exploitation capability. All tools unrestricted without approval.

Still requires request_approval: Data-modifying write operations (even in full mode, the agent asks before modifying production data), credential brute force (run_hydra)

Passive Detection

The SecurityInterceptor sits at the end of the interceptor pipeline (after storage), analyzing every response passively with 54 checks. It runs in OnResponse only — OnRequest is a no-op.

Target Filtering

The interceptor only scans traffic for hosts matching configured target patterns (using Go’s path.Match glob syntax):

*.hepsiburada.com
api.example.com
staging-*.internal.net

Port numbers are stripped before matching, and comparison is case-insensitive. Empty target list = scan nothing. This prevents noise from CDNs, analytics, and third-party services.

Core Checks (9)

Check	What It Detects	Severity	CWE
Plain HTTP	Non-TLS traffic to target hosts	High	CWE-319
URL Sensitive Data	Passwords, tokens, API keys in URL query parameters	High	CWE-598
Security Headers	Missing HSTS, X-Content-Type-Options, clickjacking protection	Medium/Low	CWE-319/16/1021
Dangerous CORS	Wildcard origin + credentials, reflected origin	High/Medium	CWE-942
Cookie Flags	Missing Secure, HttpOnly, SameSite on session cookies	Medium/Low	CWE-614/1004/1275
Info Leakage	Server version, X-Powered-By disclosure	Info	CWE-200
Sensitive Data in Body	AWS keys, GitHub/Slack/OpenAI tokens, private keys	Critical/High	CWE-200/321
Stack Traces	Java, Python, Go, Node.js, .NET in error responses	Medium	CWE-209
JWT Reflection	JWT tokens in response body, request JWT reflected, JWT claims reflected	High/Medium	CWE-200

Extended Checks — Tier 1: High Impact (10)

Check	Severity	CWE
CSP missing or weak (unsafe-inline, unsafe-eval, wildcard, data: in script-src)	Medium/Low	CWE-693
Private IP disclosure (RFC 1918, IPv6 link-local, EC2 hostnames)	Low	CWE-200
Credit card numbers (Visa/MC/Amex/Discover + Luhn validation)	High	CWE-359
Basic authentication over HTTP	High	CWE-522
Mixed content (HTTP resources in HTTPS pages)	Medium	CWE-311
Missing anti-CSRF tokens on POST forms	Medium	CWE-352
Directory listing enabled	Medium	CWE-548
SQL errors + framework debug pages (Django, Laravel, Spring, Express, Rails, Flask, ASP.NET)	Medium	CWE-209
Cache-Control missing on sensitive responses	Medium	CWE-525
Open redirect via Location header	Medium	CWE-601

Extended Checks — Tier 2: High Value (10)

Check	Severity	CWE
Missing Referrer-Policy	Low	CWE-200
Missing Permissions-Policy	Low	CWE-693
Cross-domain script without SRI	Low	CWE-829
Reverse tabnabbing (target=_blank without noopener)	Medium	CWE-1022
Dangerous JavaScript sinks (eval, document.write, innerHTML)	Info	CWE-79
Session ID in URL (JSESSIONID, PHPSESSID, sid)	Medium	CWE-598
Full path disclosure (/home/, /var/www/, C:\inetpub)	Low	CWE-200
Source map exposed (header + sourceMappingURL in JS)	Info	CWE-540
Debug headers (X-Debug-Token, X-ChromeLogger-Data)	Medium	CWE-200
Password returned in API response	High	CWE-200

Extended Checks — Tier 3: Comprehensive (25)

Email disclosure, suspicious comments, HSTS misconfiguration, cookie domain scope, password autocomplete, deprecated headers (X-XSS-Protection), X-AspNet-Version disclosure, X-Backend-Server disclosure, GraphQL introspection, sensitive JSON fields, CORS null origin, Java serialization, SSN patterns, cleartext password submission, user input reflection, insecure HTTP methods (TRACE), big redirect bodies, source code disclosure (PHP/ASP/JSP), compromised CDN domains (polyfill.io).

For full details on every check, see the Security Interceptor backend reference.

Body Scanning

Only text content types are scanned (8 prefix patterns). Maximum body size: 5 MB (maxBodyScanSize). All regex patterns are compiled once at package level (not per-call). HTML-specific checks (mixed content, anti-CSRF, SRI) only run when content-type contains html. JS-specific checks (dangerous sinks, source maps) only run when content-type contains javascript.

Cookie flag checks use isLikelySessionCookie() to avoid false positives on harmless cookies. Only cookies with names containing session-related substrings (session, token, auth, jwt, etc.) are flagged. Flag detection parses only the attributes portion (after first ;) to avoid false negatives on cookie names containing flag-like strings.

Deduplication

Each finding gets a dedup key formatted as host|type|title — for example, api.example.com|config|Missing HSTS Header. A UNIQUE database index on (session_id, dedup_key) ensures the same issue is only stored once per session.

Finding Model

Every security finding — whether from passive detection, active scanning, or AI analysis — follows the same structure:

Field	Type	Description
id	string	Unique ULID identifier
session_id	string	Which session this finding belongs to
flow_id	string	The specific HTTP flow where this was detected (nullable — some findings aren’t tied to a single flow)
dedup_key	string	Deduplication key: `host\|type\|title`
type	string	Category of vulnerability (see table below)
severity	string	Impact level: `critical`, `high`, `medium`, `low`, or `info`
confidence	float	How confident the detection is (0.0 to 1.0). A confidence of 0.95 means very likely a real issue. Lower values (0.7) indicate heuristic detections that may be false positives.
title	string	Short description of the finding (e.g., “Missing HSTS Header”)
description	string	Detailed explanation of the vulnerability and its impact
evidence	string	The specific data that triggered the finding (e.g., the header value, the leaked key, the stack trace excerpt)
remediation	string	How to fix the issue
cwe_id	string	Common Weakness Enumeration identifier (e.g., `CWE-319`) — the industry-standard vulnerability classification
owasp_id	string	OWASP Top 10 category (e.g., `A02:2021`) — the most well-known web application security risk list
status	string	Current review state: `open`, `confirmed`, `false_positive`, or `fixed`
source	string	What created this finding: `passive` (interceptor), `active` (scanners/attacker), or `ai` (agent analysis)
metadata	map	Additional key-value data specific to the finding
created_at	datetime	When the finding was first detected
updated_at	datetime	Last status change

Finding Types

Type	What It Covers
auth	Authentication and authorization issues — weak auth mechanisms, missing auth on endpoints, session fixation
injection	SQL injection, XSS, command injection, template injection, NoSQL injection
exposure	Data exposure — sensitive information in responses, leaked API keys, PII in URLs
config	Security misconfiguration — missing headers, dangerous CORS, verbose error messages
crypto	Cryptographic weaknesses — weak TLS versions, bad JWT configuration, missing encryption
access	Access control issues — IDOR (insecure direct object references), privilege escalation, broken authorization
session	Session management — cookie flag issues, session fixation, predictable session IDs

Finding Lifecycle

Status	Meaning
open	Newly detected, not yet reviewed by a human
confirmed	Reviewed and verified as a real vulnerability
false_positive	Reviewed and dismissed as not a real issue (the detection was wrong)
fixed	The vulnerability has been remediated

Source Attribution

Source	Created By
passive	SecurityInterceptor (runs automatically on every response matching target patterns)
active	External scanners (`run_nuclei`, `run_dalfox`, etc.) or `attack_request` payloads
ai	AI agent’s analysis of traffic patterns and flow data

Finding Numbering

Security findings use VULN-NNN prefix (e.g., VULN-001, VULN-002), while QA mode findings use BUG-NNN. This is managed by the EngagementState which tracks a sequential counter per session. The counter is zero-padded to 3 digits and capped at 100 findings per session.

Deduplication at the engagement level: the same finding type for the same endpoint is only counted once. Evidence files are tracked when the agent writes files like findings/VULN-001-sqli.md — the path is parsed to link the file back to the finding.

External Scanners

Ghost integrates external CLI security tools. There are 7 tools with full UI management (install, toggle, version detection) and 3 additional tools available only to the AI agent:

UI-Managed Tools (7)

These appear in the Security Tools panel where you can install them with one click, see their version, and toggle them on/off:

Tool	Purpose	What It Does
nuclei	Template-based vulnerability scanner	Runs 9,000+ security checks against target URLs. The most comprehensive single-tool scanner.
dalfox	XSS specialist scanner	Focused specifically on finding cross-site scripting (XSS) vulnerabilities with advanced payload generation.
ffuf	Path and parameter fuzzer	Discovers hidden directories, files, and parameters by trying thousands of common paths and names.
sqlmap	SQL injection detection	The industry-standard SQL injection tool. In Active Safe mode, restricted to risk level 1 (detection only, no exploitation). Requires Python.
trufflehog	Secret scanner	Scans for leaked secrets — API keys, passwords, tokens — using 800+ detector types. In passive mode, runs with `--no-verification` (checks patterns but doesn’t verify against live services).
katana	JavaScript endpoint discovery	Crawls JavaScript files to find hidden API endpoints, internal URLs, and hardcoded paths.
semgrep	Static analysis for DOM XSS	Analyzes JavaScript code for DOM XSS patterns using semantic analysis rules. Requires Python.

Tool management:

Auto-detection: Ghost checks for each tool using exec.LookPath + a version command (10-second timeout) on startup
Installation: SSE (Server-Sent Events) streaming shows real-time progress during installation (10-minute timeout, 512 KB output cap)
Toggle: Per-tool enable/disable stored in ~/.ghost/config.toml under security.disabled_tools

Agent-Only Tools (3)

These are registered as agent tools but have no UI management — they must be pre-installed on the system:

Tool	Purpose
nmap	Network port scanning and service detection
sslscan	SSL/TLS configuration auditing (cipher suites, certificate details, protocol versions)
hydra	Credential brute force testing (requires `request_approval` even in Active Full mode)

Agent Tool Names

Agent Tool	Scanner	Scan Mode Restriction
`run_nuclei`	nuclei	Active Safe+
`run_dalfox`	dalfox	Active Safe+
`run_ffuf`	ffuf	Active Safe+
`run_sqlmap`	sqlmap	Active Safe+ (risk capped at 1)
`run_trufflehog`	trufflehog	Passive (with `--no-verification`) or Active
`run_katana`	katana	Active Safe+
`run_semgrep`	semgrep	Passive+
`run_nmap`	nmap	Active Safe+
`run_ssl_scan`	sslscan	Active Safe+
`run_hydra`	hydra	Active Full (requires approval)

AI Security Agent

In security mode, the agent operates as a senior penetration tester following PTES methodology. The agent progresses through phases autonomously using a plan-execute-reflect-terminate loop.

Engagement Phases

What this diagram shows: The agent moves through five phases, with each phase unlocking different tool categories. Phase transitions happen automatically based on how many tools the agent has used in the current phase:

Phase	Transitions After	What The Agent Does
Traffic Analysis	3+ reconnaissance tool calls	Examines captured traffic to understand the application — maps endpoints, identifies auth mechanisms, catalogs technologies
Passive Detection	4+ passive tool calls	Analyzes headers, cookies, response bodies for vulnerabilities without sending any traffic
Active Scanning	3+ active tool calls	Runs external scanners, sends test payloads, probes for vulnerabilities
Exploitation	4+ exploit tool calls	Generates proof-of-concept scripts, validates findings, tests exploit chains
Reporting	(Terminal)	Summarizes findings, generates report, writes PoC files

Security-Specific Agent Tools

The following tools are registered and available in security mode:

Tool	Purpose
`list_findings`	Query existing findings from the store (filter by severity, type, status)
`send_http_request`	Send arbitrary HTTP requests with SSRF protection and scan mode enforcement
`get_page_resources`	Map JavaScript, CSS, and image dependencies from HTML responses
`attack_request`	Automated payload testing (see Request Attacker)
`list_wordlists`	List available attack payload wordlists
`request_approval`	Gate for write operations — the agent asks for your permission before modifying data
6 Frida tools	See Frida Integration
10 external scanner tools	See the scanner table above

Note: The AI agent performs authentication analysis, JWT decoding, sensitive data detection, IDOR pattern recognition, security header auditing, and PoC generation directly using its language understanding capabilities — it reads the raw flow data and reasons about it, rather than using dedicated tools for these tasks.

Security UI

Replaces the Scope Panel when in security mode:

Target hosts — add/remove glob patterns for what the passive interceptor should scan
Severity stats bar — color-coded breakdown showing how many findings at each severity level (critical=red, high=orange, medium=yellow, low=blue, info=gray)
Clickable severity filters — tap a severity segment to filter the flow list
Three tabs: Traffic, Devices, Findings

Security Flow List

The flow list gains security-specific columns:

Severity dot — color-coded left border indicating the highest finding severity for that flow
Findings count — number of security findings associated with each flow
Security-test badge — marks flows generated by active testing tools (scanners, attacker)
Auth type badge — shows the detected authentication mechanism (JWT, cookie, API key)

Security Inspector

The flow inspector adds security context:

Findings tab — per-flow findings with severity badges, evidence (shown in code blocks), and remediation guidance
Request/Response — standard headers and body view
Auth Analysis — JWT decoder with security checks

JWT Decoder

A standalone JWT analysis tool in the auth analysis tab:

Decodes header, payload, and signature sections
alg:none detection — flags tokens with no algorithm (can be forged without a key)
HS256/RS256 confusion — flags algorithm switching attacks (where an attacker tricks the server into using the public key as an HMAC secret)
Expiry check — warns on expired tokens or missing exp claim
PII detection — warns if the JWT payload contains email addresses, phone numbers, or SSN patterns (these shouldn’t be in tokens)

Findings View

Full-screen findings list with:

Severity pill filters — click to filter by critical / high / medium / low / info
Status filter dropdown — filter by open / confirmed / false_positive / fixed
Card-based display — each finding shows severity badge, type tag, description, evidence (in a code block), remediation guidance, CWE/OWASP references, a status dropdown to change the finding’s state, and a link to the source flow

WebSocket Events

Event	When It Fires	What Happens in UI
`finding.created`	New finding detected (passive or active)	Finding appears in panel. Critical and high severity findings trigger toast notifications automatically.
`finding.updated`	Finding status changed (e.g., open → confirmed)	Status badge updates in the findings list
`finding.deleted`	Finding removed	Finding disappears from the panel

API Reference

Findings

Method	Endpoint	Description
`GET`	`/api/v1/findings`	List findings. Requires `session_id`. Supports filters: `type`, `severity`, `status`, `flow_id`, `limit` (max 500), `offset`.
`GET`	`/api/v1/findings/stats`	Get finding statistics by session — totals broken down by severity, type, and status.
`GET`	`/api/v1/findings/{id}`	Get a single finding with full details.
`PATCH`	`/api/v1/findings/{id}/status`	Update a finding’s status. Body: `{ "status": "confirmed" }`. Validates against allowed statuses.
`DELETE`	`/api/v1/findings/{id}`	Delete a finding.

Note: There is no POST /findings endpoint — findings are created exclusively by the SecurityInterceptor callbacks and AI agent tools, never directly via the API.

Security Tools

Method	Endpoint	Description
`GET`	`/api/v1/security/tools`	List all external security tools with installation status, version, and enabled state. Includes Frida status.
`POST`	`/api/v1/security/tools/install`	Install a tool via package manager. SSE streaming output. 10-minute timeout.
`PATCH`	`/api/v1/security/tools/{name}/toggle`	Toggle a tool’s enabled/disabled state.

Use Cases

Passive security audit — Just capture traffic from your application normally. Ghost’s security interceptor automatically finds missing security headers, exposed API keys, dangerous CORS configurations, and sensitive data in response bodies — all without sending a single additional request.

Active penetration test — Switch to Active Safe mode and let the AI agent run nuclei, dalfox, and sqlmap against your application. The agent follows PTES methodology — starting with reconnaissance, moving to passive detection, then active scanning, and finally generating a report with findings and PoC scripts.

Mobile app security — Switch to Mobile sub-mode. Use Frida to bypass SSL pinning and root detection, then let the passive interceptor analyze the now-visible traffic. The mobile vulnerability taxonomy guides the agent to check for certificate pinning bypass, insecure local storage, sensitive data in logs, and other mobile-specific issues.

JWT security analysis — The JWT decoder instantly reveals weak algorithms (alg:none, HS256/RS256 confusion), missing expiry claims, and PII leaked in token payloads. No manual decoding needed.

Compliance checking — Run in passive mode to audit security headers across your entire application. The findings panel shows which hosts are missing HSTS, which cookies lack Secure flags, and which endpoints expose server version information — exactly the data a compliance auditor needs.