Flit Ghost scans your Active Directory and Azure Entra ID to build a complete inventory of every service account, app registration, and managed identity — then scores each one for risk. All local. No cloud. No data leaves your network.
Service accounts created for deployments that no longer exist. App registrations with secrets that expired years ago but still authenticate. Managed identities with permissions granted in a hurry and never reviewed. Non-human identities (NHIs) are invisible, unrotated, and over-privileged — the perfect target for attackers.
Ghost connects to your Active Directory via LDAP and discovers every service account — including stale accounts that haven't been used in months or years, accounts with passwords that have never been rotated, and accounts with domain-admin level privileges that were granted temporarily and never revoked.
Ghost queries the Microsoft Graph API to enumerate app registrations, service principals, and managed identities in your Azure tenant. It tracks client secret expiry, API permission scopes, and credential age — surfacing risky identities before they become incidents.
Every NHI is scored across multiple risk dimensions: credential age, last-active staleness, privilege breadth, and known-bad patterns. Ghost produces a risk level (CRIT / HIGH / MED / LOW) and specific findings for each identity, so you can prioritise remediation instantly.
A single static binary — no runtime, no dependencies. Download for your platform, set your source credentials, and run.
GHOST_DB to a file path to persist inventory across restarts. Use DATABASE_URL for a Postgres connection string.No cloud. No account. No data leaves your network. Download Ghost and have a complete NHI inventory in under five minutes.
Open source · MIT license · SQLite or Postgres · Linux · macOS · Windows