Skip to content

Installation

Jump to bottom
Melvin PETIT edited this page Jun 17, 2026 · 1 revision

Installation

Ghostline targets Debian, Ubuntu and Kali Linux. The bundled installer pulls every supported tool; you can also install manually if you prefer to control each dependency.

Prerequisites

  • A Debian-family Linux (Kali recommended, it ships most tools already).
  • git, bash (4.x+), and sudo / root access for install.sh.
  • Internet access to clone GitHub-hosted tools and install Python packages.

1. Clone the repository

git clone https://github.com/WhiteMuush/Ghostline.git
cd Ghostline
chmod +x ghostline.sh

2. Run the installer (recommended)

sudo ./install.sh

The installer is idempotent, re-running it updates already-cloned tools with git pull --ff-only instead of failing. It performs, in order:

  1. Cleans broken apt repositories (known-bad WineHQ / zara entries) so apt update does not abort.
  2. Installs base packages via apt: git, python3, python3-pip, python3-venv, pipx, samba / samba-common-bin / smbclient, an LDAP utils package, nmap, dnsrecon, dnsenum, curl, wget, and build headers (build-essential, libsasl2-dev, libldap2-dev, libssl-dev).
  3. Installs the security tools (see table below).
  4. Configures PATH so ~/.local/bin and /root/.local/bin are reachable from your shell.
  5. Prints a summary showing the resolved path of each tool.

After it finishes, reload your shell so the new PATH takes effect:

source ~/.bashrc
# or open a new terminal

What gets installed and where

Tool Source Installed to
enum4linux-ng GitHub (cddmp) /opt/enum4linux-ng → symlink /usr/local/bin/enum4linux-ng
CrackMapExec apt, fallback pipx system path or ~/.local/bin
adidnsdump GitHub (dirkjanm) + pip ~/.local/bin/adidnsdump
BloodHound.py pipx, fallback pip ~/.local/bin/bloodhound-python
ridenum GitHub (TrustedSec) /opt/ridenum → symlink /usr/local/bin/ridenum
Impacket pipx, fallback pip secretsdump.py, GetNPUsers.py, …
Kerbrute GitHub release binary /opt/kerbrute → symlink /usr/local/bin/kerbrute
ldapdomaindump pip ~/.local/bin/ldapdomaindump
nmap, rpcclient, ldapsearch, dnsrecon apt system path

The clone destination (/opt by default) can be overridden by exporting GHOSTLINE_TOOLS_DIR before running the installer, e.g. sudo GHOSTLINE_TOOLS_DIR=/usr/local/src ./install.sh.

3. Manual installation (optional)

If you would rather not run the bundled installer:

# Debian / Ubuntu / Kali base packages
sudo apt update
sudo apt install -y \
    nmap samba-common-bin ldap-utils dnsrecon \
    python3 python3-pip pipx

# Python tools
pipx install crackmapexec      # or: pipx install netexec
pipx install bloodhound
pipx install impacket

# GitHub-hosted tools
git clone https://github.com/cddmp/enum4linux-ng.git /opt/enum4linux-ng
git clone https://github.com/dirkjanm/adidnsdump.git  /opt/adidnsdump
git clone https://github.com/trustedsec/ridenum.git   /opt/ridenum

Ghostline resolves several tool aliases automatically, for CrackMapExec it accepts crackmapexec, cme or nxc (NetExec); for Impacket scripts it accepts both the *.py names and the impacket-* apt names. So either flavor works without extra configuration.

Verifying the install

Launch the menu and open [4] Special Actions → [4] View Results, or simply confirm a tool resolves:

command -v nmap bloodhound-python secretsdump.py enum4linux-ng

Missing tools are not fatal, each menu entry checks for its binary at runtime and prints an install hint if it is absent. See Troubleshooting if something does not resolve after source ~/.bashrc.

Ghostline — Active Directory enumeration toolkit by Melvin PETIT · MIT License · ⚠️ Authorized targets only

Ghostline Wiki

Getting set up

Enumeration

Reference

Repository ↗

Clone this wiki locally