Skip to content

Ghostwriter v2.0
Compare
Choose a tag to compare
@chrismaddalena chrismaddalena released this 20 Nov 18:56
· 2707 commits to master since this release
v2.0.0.0
124a9f7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release Details

Read this post for full details and examples: https://posts.specterops.io/ghostwriter-v2-0-release-638cef16deb7

Also, this release included an overhaul of the documentation. The latest version is live at: https://ghostwriter.wiki/

Highlights

  • Upgraded to Django 3 and updated all dependencies
  • Initial commit of CommandCenter application and related configuration options
    • VirusTotal Configuration
    • Global Report Configuration
    • Slack Configuration
    • Company information
    • Namecheap Configuration
  • Initial support for adding users to groups for Role-Based Access Controls
  • Automated Activity Logging (Oplog application) moved out of beta
  • Implemented initial "overwatch" notifications
    • Domain check-out: alert if domain will expire soon and is not set to auto-renew
    • Domain check-out: alert if domain is marked as burned
    • Domain check-out: alert if domain has been previously used with selected client
  • Updated user interface elements
    • New tabbed dashboards for clients, projects, and domains
    • New inline forms for creating and managing clients and projects and related items
    • New sidebar menu to improve legibility
    • Migrated buttons and background tasks to WebSockets and AJAX for a more seamless experience
  • Initial release of refactored reporting engine
    • New drag-and-drop report management interface
    • Added many more options to the WYSIWYG editor's formatting menus
    • Initial support for rich text objects for Word documents
    • Added new filter_severity filter for Word templates
  • Initial support for report template and management
    • Upload report template files for Word and PowerPoint
    • New template linter to check and verify templates
  • Security updates and fixes
    • Resolved potential stored cross-site scripting in operational logs
    • Resolved unvalidated evidence file uploads and new note creation
      • Associated user account is now set server-side
    • Resolved issues with WebSocket authentication
    • Locked-down evidence uploads to close potential loopholes
      • Evidence form now only allows specific filetypes: md, txt, log, jpg, jpeg, png
      • Requesting an evidence file requires an active user session
  • Removed web scraping from domain health checks
  • Numerous bug fixes and enhancements to address reported issues
Assets 2
Loading