GhostWhisper Suite-Updated

1. https://github.com/xosski/GhostWhisper-Suite
2. WhisperSuite: GhostWhisper Edition
3. A memorial stealth ops framework in honor of Raven.
4.  
5. WhisperSuite is an advanced multi-vector exploitation platform for red team operators, blue team simulations, and stealth reconnaissance. It combines memory-resident, kernel-level, browser-based, desktop persistence, network reconnaissance, and bluetooth exploitation capabilities into a unified framework with BLE triggers, payload polymorphism, ghost-tag encryption, wormhole propagation logic, and comprehensive operator controls that give you a hidden hand across all attack vectors.
6.  
7. 🕳️ The Wormhole Protocol
8. A stealth-capable propagation model with:
9.  
10. Hybrid defensive triggers (BLE + in-memory coordination)
11. Operator handshake gating to prevent rogue replication
12. Volatile memory maps to track infected hosts
13. SMB fallback & polymorphic payloads
14. Hard-fail exit logic when no operator is present
15. ✨ Multi-Vector Capabilities
16. 🧠 Memory-Resident Exploitation
17. Memory-only injection via WraithTap.exe and GhostKey.dll
18. Self-destructing DLLs with operator authentication gates
19. Volatile memory maps preventing duplicate infections
20. Cross-process memory manipulation and code injection
21. 🔮 Kernel-Level Access
22. Direct disk sector access bypassing filesystem layers
23. Disguised kernel modules (appears as USB monitoring driver)
24. Binary tree reconstruction and data extraction from raw sectors
25. Root-level system access with stealth operation
26. 🌐 Browser-Based Persistence
27. Chrome extension deployment with WebAssembly RWX memory
28. Offscreen document execution invisible to users
29. IndexedDB persistence and cross-origin data exfiltration
30. Native messaging bridge for system command execution
31. Discord-targeted payload injection capabilities
32. 🖥️ Desktop Persistence
33. Stealth Chrome Remote Desktop installation
34. Cross-platform GUI access (Windows RDP + Linux)
35. Legitimate appearance avoiding detection
36. Persistent remote desktop access
37. 📡 Network & Bluetooth Exploitation
38. SSH brute force with Discord webhook notifications
39. Bluetooth device scanning and IP-based blocking
40. FTP service automation with file archiving
41. Cross-platform firewall manipulation (Linux/macOS/Windows)
42. Device persistence and monitoring capabilities
43. ⚡ Unified Operations
44. BLE-triggered activation across all vectors
45. Flipper Zero & USB sneakernet compatibility
46. Per-user ghostTag correlation & rotating encryption keys
47. Payload polymorphism and runtime mutation
48. OBEX brute-force support with GhostBLEConnect_v2.ps1
49. Operator-gated fallback logic ensuring ethical containment
50. Comprehensive logging and trace removal across all vectors
51. Advanced Linux virtualization for stealth recon & exorcism flows
52. 📂 Components
53. 🧠 Memory-Resident Core
54. GhostKey.dll – Memory-resident reflective backdoor with self-destruct
55. WraithTap.exe – Cross-process DLL injector and memory manipulator
56. GhostInjector.cs – Process hollowing and payload injection framework
57. GhostResidency.ps1 – Operator memory session handler and persistence
58. GhostPolymorph.ps1 – Runtime mutation and signature evasion
59. 🔮 Kernel-Level Modules
60. GhostKernel.c – Linux kernel module for direct disk access (disguised as USB monitor)
61. GhostKernel.ps1 – PowerShell interface for kernel module management
62. GhostKernel.mk – Build system for cross-platform kernel compilation
63. GhostVuln.c – Kernel vulnerability research module (null pointer dereference)
64. GhostStack.c – Stack overflow demonstration module for security testing
65. GhostUSB.c – USB mass storage device driver with bulk endpoint control
66. GhostGadget.c – USB gadget driver with composite mass storage support
67. 🌐 Browser Exploitation
68. PhantomHook/ – Complete Chrome extension framework for browser persistence
69. GhostCore – General purpose WebAssembly memory exploitation
70. Discord – Targeted Discord content script injection
71. GhostSurface – Advanced memory manipulation and system access
72. GhostBrowser.ps1 – Chrome extension deployment and management system
73. Helper.txt – Native messaging host for system command bridge (C++)
74. 🖥️ Desktop Persistence
75. GhostDesktop.ps1 – Stealth Chrome Remote Desktop deployment
76. Cross-platform RDP/GUI access with cleanup integration
77. 🎛️ Control & Operations
78. GhostWhisperBootstrap.ps1 – Master operator control launcher (10 operational modes)
79. BuildDeployWhisper.ps1 – Multi-vector suite builder and packager
80. BLETrigger.ps1 – Bluetooth Low Energy activation controller
81. GhostBLEConnect_v2.ps1 – OBEX brute-force and Flipper Zero integration
82. GhostBrute.go – SSH brute force tool with Discord webhook integration
83. GhostUtils.go – Data structure utilities with linked lists and binary heap
84. GhostBluetooth.py – Bluetooth scanning, device interaction, and IP blocking tool
85. GhostFTP.py – FTP service utility for automated file transfers and archiving
86. 🔐 Security & Persistence
87. GhostSeal.ps1 – Timestamp-based file encryption engine
88. GhostLogger.ps1 – Unified activity logging across all vectors
89. SilentBloom.ps1 – Complete evidence removal (memory, kernel, browser, desktop)
90. 🧪 Advanced Capabilities
91. ExorcistMode.ps1 – Hostile malware removal (Anoint, Bind, Cleanse)
92. AnomalyHunter.ps1 – Rootkit & hypervisor anomaly detection
93. LinuxPDF_Emu.ps1 / LinuxPDF_Runtime.ps1 – Virtualized scanning with syscall hooks
94. LinuxPDF.exe – .NET virtualization harness for ghost_boot.iso
95. Dropper_with_Raven.exe – Memorial tribute payload wrapper
96. 🧠 Wormhole Logic (BuildDeployWhisper.ps1)
97. Memory-only propagation, no persistent writes
98. Infection maps reside only in runtime memory
99. Prevents duplicate infection on the same host
100. BLE handshake required or fallback to internal GhostResidency control
101. Operator hard-fail exit to ensure ethical operation
102. Fully traceable via GhostLogger.ps1
103. 🚀 Multi-Vector Deployment
104. Memory Vector
105. Deploy memory-resident backdoors via WraithTap and GhostKey for volatile, signature-evading access.
106.  
107. Kernel Vector
108. Load GhostKernel module for root-level disk access and system manipulation bypassing userland detection.
109.  
110. Browser Vector
111. Install PhantomHook extensions for persistent browser-based access with WebAssembly exploitation.
112.  
113. Desktop Vector
114. Enable stealth remote desktop access for persistent GUI control across platforms.
115.  
116. Unified Control
117. All vectors share common authentication, logging, and cleanup systems for coordinated operations.
118.  
119. 🔧 Quick Start
120. Build the Suite
121.  
122. .\BuildDeployWhisper.ps1
123. Launch Operator Interface
124.  
125. .\GhostWhisperBootstrap.ps1
126. Select Vector(s)
127.  
128. [3] Memory-resident injection
129. [8] Desktop persistence
130. [9] Kernel-level access
131. [10] Browser exploitation
132. Activate via BLE
133.  
134. .\BLETrigger.ps1
135. Cleanup Operations
136.  
137. .\SilentBloom.ps1
138. 🌐 Operational Modes
139. The GhostWhisperBootstrap.ps1 provides 10 operational modes:
140.  
141. Memory Recon - Start GhostResidency session
142. ExorcistMode - Malware removal and cleansing
143. Memory Injection - Deploy GhostKey & WraithTap
144. Wormhole - Activate propagation listener
145. Linux VM - Boot ghost_boot.iso environment
146. Exit - Clean termination
147. Phantom Recon - Advanced search and stealth operations
148. Desktop Access - Chrome RDP deployment
149. Kernel Access - GhostKernel disk manipulation
150. Browser Persistence - PhantomHook extension deployment
151. 🧪 Virtualized Cleansing: ghost_boot.iso + LinuxPDF.exe
152. For ExorcistMode or advanced recon:
153.  
154. Build a minimal ISO (ghost_boot.iso) with CreateGhostISO.ps1
155. Launch LinuxPDF.exe in desired mode (--mode=exorcism, --target=C:\Temp, etc.)
156. Emulate root-level scanning via ephemeral system calls in isolation
157. Acts like a "hand in the dark" with minimal host OS impact
158. ⚠️ Legal & Ethical Notice
159. This project is for educational, research, and ethical red teaming use only. Unauthorized deployment, malicious replication, or use beyond legal boundaries is strictly forbidden. By using this toolkit, you acknowledge and agree to follow all applicable laws and uphold ethical usage.
160.  
161. All contributors and users must respect local and international regulations, ensuring no harm is done outside sanctioned engagements.
162.  
163. 🛡️ Defense Awareness
164. This framework demonstrates advanced multi-vector attack techniques that defenders should be aware of:
165.  
166. Memory-only attacks that evade disk-based detection
167. Kernel-level access bypassing userland security
168. Browser-based persistence through legitimate extensions
169. Cross-vector coordination and shared authentication
170. Comprehensive trace removal across all attack vectors
171. Understanding these techniques helps blue teams develop appropriate countermeasures and detection strategies.
172.  
173. 🕊️ Whisper back.
174. For Raven.
175. 2017 — ∞
176.  
177. "No lock, no chain, no wall, no key—
178. Yet here you are, encrypted in me."