Introducing Ghostwriter v3.0 – Security Boulevard

The Ghostwriter team recently released v3.0.0. This release represents an important milestone for the project, and there’s never been a better time to try Ghostwriter.

Our goal was to greatly simplify the installation and management of the application and to allow the addition of external functionality via an API. This release accomplishes all of that and more, and we’re excited for you to see it.

DevOps/Cloud-Native Live!  Boston

Introducing Ghostwriter CLI

For this release, we’ve created a brand new tool to help you manage Ghostwriter services, Ghostwriter CLI!

GitHub – GhostManager/Ghostwriter_CLI: Golang CLI binary used to install and manage Ghostwriter

Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use any operating system you want as a host system for Ghostwriter. You only need to have Docker installed.

Ghostwriter CLI greatly simplifies server management. Current Ghostwriter users will notice that we have removed the need for old environment files. We’ve even removed the requirement for you to generate TLS/SSL certificates for production environments (unless you want to use your own signed certificates).

$ ./ghostwriter-cli help
Ghostwriter-CLI ( v0.1.1, 8 June 2022 ):
********************************************************************
*** source code: https://github.com/GhostManager/Ghostwriter_CLI ***
********************************************************************
help
Displays this help information
install {dev|production}
Builds containers and performs first-time setup of Ghostwriter
build {dev|production}
Builds the containers for the given environment (only necessary for upgrades)
restart {dev|production}
Restarts all Ghostwriter services in the given environment
up {dev|production}
Bring up all Ghostwriter services in the given environment
down {dev|production}
Bring down all Ghostwriter services in the given environment
config
** No parameters will dump the entire config **
get [varname ...]
set
allowhost
disallowhost
logs
Displays logs for the given container
Options: ghostwriter_{django|nginx|postgres|redis|graphql|queue}
running
Print a list of running Ghostwriter services
update
Displays version information for the local Ghostwriter installation and the latest stable release on GitHub
test
Runs Ghostwriter's unit tests in the development environment
Requires to `ghostwriter_cli install dev` to have been run first
version
Displays the version information at the top of this message

The new quick install guide describes how to use Ghostwriter CLI:

Quick Start

We will continue to develop this new tool to simplify server updating and other maintenance tasks.

Finalizing the GraphQL API

After Ghostwriter, you may have heard of the GraphQL API in the past year. The initial version of the API is production ready and will soon replace the old minimal REST API! GraphQL API documentation is available here:

GraphQL API

Ghostwriter uses fantasy Hasura GraphQL Engine to manage the API. You can access the Hasura console to explore and expand your queries.

Running a “whoami” query in the console

The new API allows you to interact with all aspects of Ghostwriter to perform tasks such as:

  • Domain categorization update
  • Synchronize your domain library with a registrar
  • Extract project data into a workflow or custom reporting tool
  • Exporting results from a tool like Burp Suite into a Ghostwriter report
  • Push new projects and assignments from a CRM or project planner

The API offers many possibilities for integration with external tools. For example, SpecterOps uses the API to transfer infrastructure information from an external application to Ghostwriter. Each time the app creates a new server for a project, it updates Ghostwriter’s project dashboard.

With this new API, managing API tokens is simplified. Users can now visit their profiles to generate API tokens and view or revoke existing tokens.

Managing API tokens in a user profile

To note: Until we update cobalt_sync and mythic_sync, Ghostwriter will still issue the old REST API keys for logging activities with these tools. Soon, these projects will transition to using the GraphQL API and new API tokens, and a future v3.xx release will remove old REST API endpoints and keys. This delay will also give time for all other projects using the REST API to switch to the GraphQL API.

New CVSS calculator

This release also supports CVSS scores for results. This feature was a popular request in our user survey, which @therealtoastycat on GitHub supported and contributed to the project.

You will see CVSS Rating and CVSS Vector fields when modifying a result. You can fill in these fields or use the new CVSS calculator to automatically set the score, vector, and gravity dropdown!

The new CVSS calculator in action

Wrap

These new features and improvements are some of the biggest changes in v3.0.0, but there’s a full changelog with even bigger tweaks. We’ve fixed a few bugs, added support for quote formatting in Word reports, improved the use of date filters in reports, and more.

You can view the full list here:

Ghostwriter/CHANGELOG.md at master GhostManager/Ghostwriter

We’re working on examples to show how you can leverage the GraphQL API for automation, pull/push insights, and more. In August, we will present these examples and Ghostwriter v3 at Black Hat USA Arsenal. We’ll announce where you can find Ghostwriter once Black Hat updates the schedule.

If you miss Ghostwriter at Arsenal, you can also find us at the SpecterOps stand. We hope to see you there!


Introducing Ghostwriter v3.0 was originally published in Messages from SpecterOps team members on Medium, where people continue the conversation by highlighting and responding to this story.

*** This is a syndicated blog from the Security Bloggers Network of SpecterOps Team Member Posts – Medium written by Christopher Maddalena. Read the original post at: https://posts.specterops.io/introducing-ghostwriter-v3-0-db462a1c688c?source=rss—-f05f8696e3cc—4

About Jon Moses

Check Also

Development of a robust technique for the transmission of synchronized data in real time from a Magnetic Observatory to an INTERMAGNET GIN

Since internet availability at PowerLine is very limited due to its remote location from a …