ghost.withflit.app — NHI inventory & risk scanner · on-prem

Non-human identitiesare your largestattack surface.

Flit Ghost scans your Active Directory and Azure Entra ID to build a complete inventory of every service account, app registration, and managed identity — then scores each one for risk. All local. No cloud. No data leaves your network.

Scroll to explore
The Problem

Every organization has hundreds
of identities nobody manages.

Service accounts created for deployments that no longer exist. App registrations with secrets that expired years ago but still authenticate. Managed identities with permissions granted in a hurry and never reviewed. Non-human identities (NHIs) are invisible, unrotated, and over-privileged — the perfect target for attackers.

01
Source: Active Directory
AD Service Accounts

Ghost connects to your Active Directory via LDAP and discovers every service account — including stale accounts that haven't been used in months or years, accounts with passwords that have never been rotated, and accounts with domain-admin level privileges that were granted temporarily and never revoked.

Full LDAP enumeration
Password age & last-set tracking
Last-login & staleness detection
Group membership & privilege scope
02
Source: Azure Entra ID
App Registrations & Managed Identities

Ghost queries the Microsoft Graph API to enumerate app registrations, service principals, and managed identities in your Azure tenant. It tracks client secret expiry, API permission scopes, and credential age — surfacing risky identities before they become incidents.

App registrations & service principals
Client secret expiry tracking
Managed identity inventory
Delegated vs. application permissions
03
Risk Engine
Risk Scoring & Findings

Every NHI is scored across multiple risk dimensions: credential age, last-active staleness, privilege breadth, and known-bad patterns. Ghost produces a risk level (CRIT / HIGH / MED / LOW) and specific findings for each identity, so you can prioritise remediation instantly.

Composite risk score per identity
Specific findings with context
CRIT / HIGH / MED / LOW triage
Trend tracking across scans
Download

Running in under
five minutes.

A single static binary — no runtime, no dependencies. Download for your platform, set your source credentials, and run.

Quick start — Linux / macOS
$ chmod +x flit-ghost-linux-amd64
$ GHOST_LDAP_HOST=ldap-srv:389 ./flit-ghost-linux-amd64
✓ Listening · http://localhost:8080
✓ Sources → Add Source → Scan Now
Set GHOST_DB to a file path to persist inventory across restarts. Use DATABASE_URL for a Postgres connection string.
All releases on GitHub →
v0.5.0-alphaMIT licenseCGO_ENABLED=0SQLite + Postgres
How it works

From configuration
to full inventory.

1
Configure your sources
Add your Active Directory LDAP endpoint and Azure tenant ID via environment variables or the web UI. Ghost supports multiple sources simultaneously.
GHOST_LDAP_HOST=ldap-srv-01:389
2
Run your first scan
Trigger a manual scan or set a schedule. Ghost connects to each source, enumerates all NHIs, extracts attributes, and stores everything in a local database — SQLite by default.
http://localhost:8080 → Sources → Scan Now
3
Review your inventory
Every NHI appears in the inventory view with its risk score, age, source, and specific findings. Filter by risk level, type, or source to focus on what matters most.
http://localhost:8080/identities
4
Schedule continuous scanning
Set Ghost to re-scan on a schedule so your inventory stays current. Track when risk levels change, when new NHIs appear, and when stale accounts get cleaned up.
Scan interval: every 6h · next: 02:14:07
flit-ghost · scanning · AD:ldap-srv-01 · Azure:tenant-prod
IDENTITYTYPESOURCERISKKEY AGEFINDING
SCANNING·0 identities·0 high risk·2 sources
NHI by the numbers
0
Identity types discovered
ServiceAccount · AppReg · ManagedIdentity
0
Risk factors scored
credential age · staleness · scope · MFA
0
Avg. NHIs rated HIGH or above
in a typical enterprise environment
0
Minutes to first full inventory
from install to complete NHI picture

Know every
identity you trust.
Before attackers do.

No cloud. No account. No data leaves your network. Download Ghost and have a complete NHI inventory in under five minutes.

Open source · MIT license · SQLite or Postgres · Linux · macOS · Windows