Read-only scanner  ·  Dry-run safe by default

Hunt Ghost Resources

Identify idle, unattached, and abandoned AWS assets draining your budget. Scan multiple regions in minutes. Purge with confidence — dry-run first, delete only when you're sure.

Run Your First Scan — Free View Security Model →
No static credentials stored Cross-account IAM via AssumeRole Read-only scanning by default ExternalID protection
ghosthunter.me

$847

waste / month

12

ghost resources

$10,164

annual waste

3

regions scanned

Detected Ghost Resources 12 found
💽

Unattached EBS Volume

vol-0a1b2c3d4e · us-east-1

$18.40/mo detached
🗄️

Idle RDS Instance

db-prod-analytics · us-east-1

$124.00/mo idle
📸

Stale EBS Snapshot

snap-0f1e2d3c4b · eu-west-1

$4.20/mo wasting
🌐

Unused Elastic IP

eipalloc-09ab8c7d · ap-southeast-1

$3.65/mo detached
⚖️

Idle Load Balancer

prod-deprecated-lb · us-east-1

$16.20/mo idle
7 more resources · register to see all →

Sample scan result — your actual numbers will vary based on your AWS account.

From zero to savings in minutes

No complex setup. No annual contracts. Cancel anytime.

☁️

Step 01

Connect in 60 Seconds

Deploy a one-click CloudFormation template that creates a read-only IAM role. No static access keys — GhostHunter uses AssumeRole with a unique ExternalID per account.

🔍

Step 02

Audit the Waste

GhostHunter scans EBS volumes, RDS instances, snapshots, Elastic IPs, load balancers, S3, Lambda, and more across all your regions simultaneously. Monthly waste is calculated in real-time.

Step 03

Purge with Confidence

Every onboarding begins as 100% Read-Only. When you are ready to eliminate waste, execute a secure 1-click upgrade to introduce targeted delete permissions. Never guess, never risk production.

What GhostHunter detects

💽 Unattached EBS Volumes
🗄️ Idle RDS Instances
📸 Stale EBS Snapshots
🌐 Unused Elastic IPs
⚖️ Idle Load Balancers
🪣 S3 Incomplete Uploads
λ Stale Lambda Functions
🔒 Unused Security Groups
🔌 Orphaned Network Interfaces
🖥️ Stopped EC2 Instances
📋 CloudWatch Log Retention
🏷️ Untagged Resources

Built for security-conscious teams

GhostHunter never stores static AWS credentials. Access is granted via IAM AssumeRole with a unique ExternalID per account — protecting against confused-deputy attacks. Integration tokens are encrypted at rest with AES-256-GCM.

Full security model →

Stop paying for ghosts.

Connect your first AWS account and run a full scan — completely free. No credit card. No commitment.

Start Hunting Ghosts →

Already have an account? Sign in →