Ghostwriter is changing! We try to be transparent with our development work, but it has been tricky to make that information accessible. We tried to use a Trello board, blog posts, Twitter updates, Slack channels, and other tools, but we heard these media are not always easy to follow. So, we’re trying a new approach.
If you visit the GitHub repository now, you will see a few new things:
- An active Projects tab
- An active Discussions tab
- A new Ghostwriter v2.3.0-rc1 release
Let’s break this down and explain why you should care about this.
Public Quarterly and Annual Road Maps
In March 2022, we published a month-long survey asking the community to react to various feature requests and new ideas so we could get a sense of what to prioritize in the coming year. We plan to create annual goals we then break up into quarterly releases.
You will now find the road maps published under the Projects tab at the top of the code repository. We have switched to GitHub Projects to make these road maps more accessible and sync them with development work. The project board is also where you can track progress on open issues.
We took the survey responses and converted the most popular features into a 2022 road map. Here is what is on deck for the next several quarters in order of popularity:
- CVSS / DREAD score calculator and tracking
- Adding new sections to reports within Ghostwriter
- GraphQL API
- Cropping and annotating image evidence
We have more features from the survey tracked in the GitHub Project. We may be able to implement them sooner depending on the effort required for the above features and bug fixes that come up during development.
Discussing New Features and Releases
We have also enabled the Discussions feature on the code repository. The community can use this section to ask questions more efficiently and propose new ideas. We’ll still have the #ghostwriter Slack channel and discussions inside issues, but this new area will make it much easier to have ongoing searchable discussions.
The dedicated Release Discussion section is where you can offer feedback on new releases. These discussion threads are handy for release candidates.
Ghostwriter v2.3.0 RC 1
Speaking of release candidates, the latest Ghostwriter release, v2.3.0-rc1, brings all of this together and is our first release following the 2022 road map. This release contains many changes, but the biggest is the introduction of the GraphQL API.
The GraphQL API implementation is not complete as a release candidate, but it is ready for testing. The API comes with several significant new features that will help make this API very powerful and unlock future enhancements:
- Initial implementation of granular role-based access controls for project data
- Easy authentication with JSON Web Tokens
- Docker container for the Hasura GraphQL Engine to manage and publish the schema
Read more on the wiki to learn about how to get started and current limitations:
https://www.ghostwriter.wiki/features/graphql-api
The API gives the community the power to develop automation and middleware. We heard from several teams who wanted an easier way to integrate the JSON report into their workflow or requested a way to pull data from Ghostwriter to display in another application. With GraphQL, you can query anything stored within Ghostwriter and get back only the data you need.
With this new API, you can do things like:
- Automate the creation of a project
- Pull project data for custom workflows
- Display project data and assignments on a custom dashboard
- Update project infrastructure deployed by a custom application or script
- Analyze the health of your domains with custom scripts and update their status
- Much, much more
You may already be familiar with the initial iteration of this functionality via mythic_sync and cobalt_sync for automated logging. The new API creates more possibilities for other types of middleware. We’re very much looking forward to using the API for internal development. You can expect the GhostManager organization on GitHub to grow with additional tools for you to use or customize.
The GraphQL API will continue to evolve as we get closer to the final release of v2.3.0. In the meantime, the API will only be available when you launch Ghostwriter in “development mode” with the local.yml file.
There is a dedicated discussion thread in the Release Discussion section, and we will track new developments on the API on the GitHub Project board.
Wrap Up
The development team is excited about this latest release candidate and the changes to the repository. We hope it will make it easier for the community to provide feedback, report issues, and learn how to use the new GraphQL API. As the API matures, we expect we will see the community find some creative uses for it.
Do you have an idea or feedback to share? We have also committed new community resources to guide you:
Ghostwriter v2.3.0 & 2022 Road Map was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.
Article Link: Ghostwriter v2.3.0 & 2022 Road Map | by Christopher Maddalena | Apr, 2022 | Posts By SpecterOps Team Members