specterops/ghost_scout — explained in plain English
Analysis updated 2026-07-18 · repo last pushed 2026-04-30
Automate reconnaissance for a red team engagement by discovering target company domains and employees.
Generate realistic spear-phishing test emails personalized with public information about each employee.
Streamline phishing simulation prep by replacing manual research with an automated AI-driven pipeline.
Review and export AI-generated phishing pretexts for client security awareness testing.
| specterops/ghost_scout | 1tdspw-26/front-aula-08-1sem | 1tdspy-26/front-1sem-aula-03 | |
|---|---|---|---|
| Stars | 14 | 14 | 14 |
| Language | HTML | HTML | HTML |
| Last pushed | 2026-04-30 | — | — |
| Maintenance | Maintained | — | — |
| Setup difficulty | hard | easy | easy |
| Complexity | 4/5 | 1/5 | 1/5 |
| Audience | ops devops | general | general |
Figures from each repo's GitHub metadata at analysis time.
Requires paid API keys for both Hunter.io and Anthropic, plus a Redis server for background job management.
Ghost Scout is a tool for security professionals who run simulated phishing campaigns against companies. It automates the research phase, finding a company's domains, discovering their employees, gathering publicly available information about those employees, and then using AI to write personalized phishing emails tailored to each person. The goal is to make red team engagements more efficient by replacing hours of manual research and email drafting with an automated pipeline. The workflow is straightforward: you start by entering a target company's domain, and the tool discovers related domains, email formats, and potential employees using the Hunter.io service. It then scrapes public sources for information about those individuals, converts what it finds into a format suitable for AI processing, and builds detailed profiles. Finally, it uses Anthropic's AI to generate convincing outreach messages, called "pretexts", that reference details gleaned from the research. You can review, approve, and export the results. This is designed for red teamers and penetration testers, security professionals hired by organizations to test their defenses. For example, if a company wants to know whether its employees would fall for a spear-phishing attack, a red teamer could use this tool to quickly gather intelligence on staff and generate realistic test emails. It requires paid API keys for both Hunter.io (for finding contacts) and Anthropic (for AI text generation), plus some infrastructure setup including a Redis server for managing background jobs. The project is built with a Node.js backend and a lightweight frontend. It uses a job queue system to handle tasks like DNS lookups, web scraping, and AI generation asynchronously, with real-time updates as work progresses. The README notes it's intended for personal use and legitimate security assessments, and the project still has planned improvements like Docker Compose support, additional data sources, and more AI provider options.
Ghost Scout automates the research phase of simulated phishing campaigns. It discovers a company's domains and employees, then uses AI to generate personalized phishing test emails for security assessments.
Mainly HTML. The stack also includes Node.js, HTML, Redis.
Maintained — commit in last 6 months (last push 2026-04-30).
The explanation does not mention a specific license, the project notes it is intended for personal use and legitimate security assessments only.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.