Released: 2026-01-20
Status: Alpha / Public Research Release
GhostShip v1.0.0 is the first public release of a peer-to-peer (P2P) Command & Control (C2) system designed for stealth and absolute network silence on the target side.
- Universal Project Structure: Single codebase supporting both Linux and Windows.
- Phantom Socket Stealth: Inter-process communication via kernel-level Anonymous Pipes (Linux) and Named Pipes (Windows). Zero network indicators on the target machine;
netstatandssreport no listening ports. - Embedded P2P Transport: Integrated HyperDHT for NAT-traversing, encrypted communications without central infrastructure.
- Hardened Stealth (Windows):
- PPID Spoofing: Automatically impersonates
svchost.exeas the parent process. - Memory Patching: In-memory patching of AMSI and ETW to blind local telemetry.
- PPID Spoofing: Automatically impersonates
- Fileless Execution:
- Linux: Resident in memory via
memfd_create. - Windows: Hidden folder residency with aggressive self-deletion logic.
- Linux: Resident in memory via
Refer to README.md for installation and usage instructions.
# Build GhostShip
make build-allFor academic research and authorized security testing only