High-performance secret scanner for source code, using Vectorscan/Hyperscan for fast multi-pattern matching. Poltergeist is designed to be easy to use by humans and AI agents alike. For AI agent integration, see Ghost Security Skills.
Supports Linux, macOS, and Windows (via Git Bash, MSYS2, or Cygwin).
curl -sfL https://raw.githubusercontent.com/ghostsecurity/poltergeist/main/scripts/install.sh | bashAlternatively, download a release directly from GitHub Releases.
As a Go library:
go get github.com/ghostsecurity/poltergeistPoint Poltergeist at a file or directory and it scans with the built-in rules, printing redacted matches by default:
poltergeist /path/to/codeCommon flags let you change the engine, the output format, and the destination:
# Emit JSON to a file using the pure-Go engine.
poltergeist -engine go -format json -output findings.json /path/to/code
# Scan with a custom rule file instead of the embedded rules.
poltergeist -rules ./my-rules.yaml /path/to/codeUse -engine to choose between auto, go, and hyperscan, -format to
choose text, json, or md, -dnr to show unredacted matches, and
-low-entropy to include matches below their entropy threshold. Run
poltergeist -help for the full list.
Building requires Go and the Vectorscan/Hyperscan development library, since the
default engine binds to it through CGO. On Debian and Ubuntu install
libhyperscan-dev, and on macOS install vectorscan or hyperscan with
Homebrew. When the native library is unavailable you can still run the tool with
the pure-Go engine by passing -engine go.
git clone https://github.com/ghostsecurity/poltergeist.git
cd poltergeist
make build
./poltergeist --versionThe Makefile drives the common workflows, and make help lists every target:
make test # run the full test suite
make test-rules # validate the built-in rules against their own test cases
make lint # run golangci-lint, whose default checks include go vet
make docs # regenerate docs/rules.md after editing pkg/rulesRun make test and make lint before opening a pull request, and run make docs whenever you change a rule so the generated documentation stays current.
See CONTRIBUTING for the full contribution workflow
and CLAUDE.md for an architecture-level guide aimed at coding
agents.
Full documentation, tutorials, and video guides at oss.ghostsecurity.ai.
Open an Issue per the Contributing guidelines and Code of Conduct
We'd like to thank the following projects for providing inspiration for Poltergeist and doing tremendous work in the secret scanning space:
This repository is licensed under the Apache License 2.0. See LICENSE for details.

