GhostManifest is a lightweight Python-based system state collection and transfer tool designed for controlled. It gathers specified files or directories from a target system, packages them into a ZIP archive, and securely posts the archive to a designated server endpoint for analysis or scoring.
- Collects files or directories from a target system
- Automatically generates a ZIP archive of collected data
- Sends the archive to a remote server via HTTP POST
- Includes a minimal Python server for receiving and storing uploads
- Cross-platform compatibility (Windows, macOS, Linux)
- No external dependencies beyond Python standard libraries
(OPTIONAL) Change values at the beginning of the file (values like max file size, max files to extract, etc.)
- Configure the target directory or files inside the script.
- Set the server URL where the ZIP archive will be uploaded.
- Run the script
- Start the server to listen for incoming uploads
- The Client side (GhostManifest.py) is meant to be run on the victim's computer, while the Server side (ManifestServer.py) is meant to run on the attack's computer.
- Run the server prior to running the client, this will allow you to change the URL of the server before trying to exfiltrate data.
How to run Client (GhostManifest.py)
python GhostManifest.pyHow to run Server
python ManifestServer.py