Ghostwriter v2.0 releases: The SpecterOps project management and reporting engine
Ghostwriter is a part of your team. It helps you manage clients, projects, reports, and infrastructure in one application. It does not replace some of the more common or traditional project management tools, such as CRMs, but it does consolidate all relevant project information in a way for users to easily curate every aspect of their projects.
Ghostwriter uses the Django Q project queuing and managing background tasks. Django Q hands-off tasks to the Redis server (already installed and running in Docker).
Tasks are defined in the tasks.py file. These tasks can be executed on-demand or on a schedule.
Tasks can be queued in a few different ways:
Schedule tasks to execute in the future and on a recurring schedule with Django Q.
Use the buttons (various) in Ghostwriter’s web interface.
Use a REST API endpoint (not yet available).
Ghostwriter helps you manage and monitor covert infrastructure, including servers and domain names. Tracking infrastructure in Ghostwriter creates a historical record of how and when your infrastructure is used.
Additionally, the infrastructure manager can be set up to monitor infrastructure for changes in domain categories and open ports/services exposed to the general internet.
Ghostwriter’s primary goal is bringing all of your operational data together in one place and create relationships. A starting point is needed to accomplish this goal. For Ghostwriter, that starting point is a client.
The basic workflow looks like this:
Create a new client, or open an existing client
Review points of contact for the client and add/edit as needed
Create a project under the client
Checkout servers and domain names for the new project
Create links between domain names, subdomains, and servers
At this stage your project proceeds until it’s time to begin noting observations:
Create one or more reports for the new project
Browse the database of findings/observations and add some to the report
Attach evidence files to the new finding
Return to step 2
That’s all there is to the basic procedures and their required order of precedence.
At the end of a project, a project manager or assessment lead should mark a project as complete. This is done by clicking the In Progress toggle below the project’s name on the project’s detail page.
Marking a project as complete begins a 90-day countdown to archiving. If the archive task has been configured (see Background Tasks), Ghostwriter will perform a daily check to see if any complete projects are 90 days old (or older) and archive them.
Archiving involves the following actions:
Mark all reports under the project to Complete (if they were not marked as such already)
Mark all reports under the project as archived
Generate all report types
Bundle all reports and evidence files into a zip file
Add a record to the
Archivemodel for the client and project with the report archive file
Mark the project as archived
Delete all report data
The archive file is available for download under /reporting/reports/archive. You can leave them or perform any actions required by your company’s data retention policies (e.g. download the archive and then delete it from Ghostwriter).
Once archived, the project and reports can no longer be edited, so they now exist only as a historical record.
- Upgraded to Django 3 and updated all dependencies
- Initial commit of CommandCenter application and related configuration options
- VirusTotal Configuration
- Global Report Configuration
- Slack Configuration
- Company information
- Namecheap Configuration
- Initial support for adding users to groups for Role-Based Access Controls
- Automated Activity Logging (Oplog application) moved out of beta
- Implemented initial “overwatch” notifications
- Domain check-out: alert if domain will expire soon and is not set to auto-renew
- Domain check-out: alert if domain is marked as burned
- Domain check-out: alert if domain has been previously used with selected client
- Updated user interface elements
- New tabbed dashboards for clients, projects, and domains
- New inline forms for creating and managing clients and projects and related items
- New sidebar menu to improve legibility
- Migrated buttons and background tasks to WebSockets and AJAX for a more seamless experience
- Initial release of refactored reporting engine
- New drag-and-drop report management interface
- Added many more options to the WYSIWYG editor’s formatting menus
- Initial support for rich text objects for Word documents
- Added new
filter_severityfilter for Word templates
- Initial support for report template and management
- Upload report template files for Word and PowerPoint
- New template linter to check and verify templates
- Security updates and fixes
- Resolved potential stored cross-site scripting in operational logs
- Resolved unvalidated evidence file uploads and new note creation
- Associated user account is now set server-side
- Resolved issues with WebSocket authentication
- Locked-down evidence uploads to close potential loopholes
- Evidence form now only allows specific filetypes: md, txt, log, jpg, jpeg, png
- Requesting an evidence file requires an active user session
- Removed web scraping from domain health checks
- Numerous bug fixes and enhancements to address reported issues
Copyright (c) 2019, Chris Maddalena