Jun 14 2022 | Christopher Maddalena

Introducing Ghostwriter v3.0

Share

The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a better time to try out Ghostwriter.

Our goal was to make it much simpler to install and manage the application and make it possible to add external functionality via an API. This release accomplishes all of this and more, and we’re excited for you to see it.

Introducing Ghostwriter CLI

For this release, we created an all-new tool to help you manage Ghostwriter’s services, Ghostwriter CLI!

GitHub – GhostManager/Ghostwriter_CLI: Golang CLI binary used for installing and managing Ghostwriter

Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for Ghostwriter. You only need to have Docker installed.

Ghostwriter CLI greatly simplifies server management. Current Ghostwriter users will notice we have removed the need for the old environment files. We even removed the requirement for you to generate the TLS/SSL certificates for production environments (unless you want to use your own signed certificates).

$ ./ghostwriter-cli help
Ghostwriter-CLI ( v0.1.1, 8 June 2022 ):
********************************************************************
*** source code: https://github.com/GhostManager/Ghostwriter_CLI ***
********************************************************************
help
Displays this help information
install {dev|production}
Builds containers and performs first-time setup of Ghostwriter
build {dev|production}
Builds the containers for the given environment (only necessary for upgrades)
restart {dev|production}
Restarts all Ghostwriter services in the given environment
up {dev|production}
Bring up all Ghostwriter services in the given environment
down {dev|production}
Bring down all Ghostwriter services in the given environment
config
** No parameters will dump the entire config **
get [varname ...]
set <var name> <var value>
allowhost <var hostname/address>
disallowhost <var hostname/address>
logs <container name>
Displays logs for the given container
Options: ghostwriter_{django|nginx|postgres|redis|graphql|queue}
running
Print a list of running Ghostwriter services
update
Displays version information for the local Ghostwriter installation and the latest stable release on GitHub
test
Runs Ghostwriter's unit tests in the development environment
Requires to `ghostwriter_cli install dev` to have been run first
version
Displays the version information at the top of this message

The new quickstart installation guide outlines the use of Ghostwriter CLI:

Quickstart

We will continue developing this new tool to simplify updating the server and other maintenance tasks.

Finalizing the GraphQL API

Following Ghostwriter, you may have heard about the GraphQL API over the past year. The initial API version is ready for production and will soon replace the old minimal REST API! The GraphQL API documentation is available here:

GraphQL API

Ghostwriter uses the fantastic Hasura GraphQL Engine to manage the API. You can access the Hasura Console to explore and develop your queries.

Running a `whoami` query in the console

The new API enables you to interact with all aspects of Ghostwriter to perform tasks like:

  • Updating domain categorization
  • Syncing your domain library with a registrar
  • Pulling project data into a custom reporting workflow or tooling
  • Exporting findings from a tool like Burp Suite into a Ghostwriter report
  • Pushing new projects and assignments from a CRM or project scheduler

The API provides numerous integration possibilities with external tools. For example, SpecterOps uses the API to push information about infrastructure from an external application to Ghostwriter. Each time the application creates a new server for a project, it updates Ghostwriter’s project dashboard.

With this new API comes easier management of API tokens. Users can now visit their profiles to generate API tokens and view or revoke existing tokens.

Managing API tokens in a user profile

Note: Until we update cobalt_sync and mythic_sync, Ghostwriter will still issue the old REST API keys for activity logging with these tools. Soon, these projects will switch to using the GraphQL API and new API tokens, and a future v3.x.x release will remove the old REST API endpoints and keys. This delay will also provide time for any other projects that use the REST API to switch to the GraphQL API.

New CVSS Calculator

Also in this release is support for CVSS scores for findings. This feature was a popular request in our user survey, one that @therealtoastycat on GitHub took on and contributed to the project.

You will see CVSS Score and CVSS Vector fields when editing a finding. You can fill in these fields or use the new CVSS calculator to set the score, vector, and severity dropdown automatically!

The new CVSS calculator in action

Wrap Up

These new features and enhancements are some of the most significant changes in v3.0.0, but there is an extensive change log with even more great adjustments. We fixed some bugs, added support for blockquote formatting in Word reports, improved usage of the date filters in reports, and much more.

You can review the complete list here:

Ghostwriter/CHANGELOG.md at master · GhostManager/Ghostwriter

We are working on examples to show how you can leverage the GraphQL API for automation, pull/push information, and more. In August, we will be presenting those examples and Ghostwriter v3 at Black Hat USA’s Arsenal. We will announce where you can find Ghostwriter once Black Hat updates the schedule.

If you miss Ghostwriter at Arsenal, you can also find us at the SpecterOps booth. We hope to see you there!


Introducing Ghostwriter v3.0 was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.