Ghostwriter v3.1.2

Summary

This is a minor patch release that fixes an issue that could prevent a project from being updated.

[3.1.2] - 31 October 2022

Fixed

• Fixed error that could cause project updates to fail when no Slack channel is set (Fixes #261)

Changed

• Extended list of bad categories for domain health checks (Related to #236)

Ghostwriter v3.1.1

Summary

This is a hotfix release for v3.1.0 that fixes some minor issues that slipped past unit testing.

[3.1.1] - 18 October 2022

Fixed

• Fixed "added as blank" flag being cleared from a finding following an update
• Fixed initial data for DeconflictionStatus model missing a status option

Changed

• Increased size of the modal for previewing log entries related to deconfliction events
• Adjusted the design of the domain and server dashboards to match the new design of the client and project dashboards

Ghostwriter v3.1.0

Summary

This release fixes a bug and includes some minor enhancements and changes to new features introduced in v3.0.6.

CHANGELOG

[3.1.0] - 14 October 2022

Fixed

• Fixed a bug that could cause content or styling to be lost inside nested text formatting

Added

• New deconfliction event tracking feature now available under the "Deconflictions" tab on project dashboards
• New white card tracking feature now available under the "White Cards" tab on project dashboards

Changed

• Findings added to a report via a blank template (i.e., not added from the library) will now appear with a flag icon for easy identification
• All fields that use the WYSIWYG editor now have a RichText counterpart available in report templates (Closes #241)
• Improved sample "tutorial" template to cover more advanced usage of filters, variables, and more

Ghostwriter v3.0.7

Summary

This release fixes a bug and includes some minor enhancements and changes to new features introduced in v3.0.6.

CHANGELOG

[3.0.7] - 10 October 2022

Fixed

• Fixed evidence files with uppercase extensions not being included in rendered reports (Closes #74)

Added

• Logs now have an option to mute notifications (available to users with the admin and manager roles)

Changed

• Log activity monitor will now only check logs for projects inside the execution window
• Tweaked report template permissions to allow users with the admin role that are not flagged as staff to edit or delete protected templates

Ghostwriter v3.0.6

Summary

This release includes enhancements to cloning reports and new features for monitoring system health.

CHANGELOG

[v3.0.5] - 3 October 2022

Added

• Added system health API endpoints and Docker health check commands (see wiki for details)
• Added curl to container images to aid in troubleshooting and enable health checks

Changed

• Calendar view selection will now persist across sessions and page refreshes
• Upgraded Ghostwriter CLI binaries to v0.2.5
• Cloning a report will now clone any evidence files associated with the findings (Thanks to @ly4k! Closes PR #234)

Ghostwriter v3.0.5

Summary

This release includes two new features and minor bug fixes.

CHANGELOG

[v3.0.5] - 23 September 2022

Fixed

• Fixed finding guidance display when viewing a finding attached to a report
• Fixed connection errors with an AWS region causing remaining regions to be skipped in the cloud monitoring task

Added

• Added an attachFinding mutation to the GraphQL API for easily attaching a copy of a finding from the library to a report
• Added ability to copy/paste evidence into the upload form and view a preview (Thanks to @brandonscholet! Closes PR #228)

Ghostwriter v3.0.3

Summary

This release includes changes from the unreleased v3.0.1 and v3.0.2 hotfix releases. Changes address some small issues reported by users, improvements to the GraphQL API to support mythic_sync v2 and other external projects, and quality of life improvements.

CHANGELOG

[3.0.3] - 5 August 2022

Added

• Added the CSRF_TRUSTED_ORIGINS to the base configuration to make it easier to add trusted origins for accessing Ghostwriter via a web proxy
• Oplog ID now appears at the top of the log entries view for easier identification
• Committed Ghostwriter CLI binaries (v0.2.2) for Windows, macOS, and Linux
• Added project notes to the serialized report data as a list under project.notes (Closes #210)

Fixed

• Fixed "Stand by" message appearing for all users viewing a report when one user generates a report
• Fixed domain expiration dates not sorting properly in the domain table when date format is changed
• Fixed operation log entries not loading if null values were present from GraphQL submissions
• Fixed complete field being required for reported findings but unavailable in the GraphQL schema (Fixes #226)
• Fixed log entry tables not showing "No entries to display" row when no entries are available
• Fixed an issue that could cause an error when making a new activity log with a name longer than 50 characters
• Fixed minor issue that could prevent PowerPoint generation if multiple evidence images were stacked on top of each other inside a list
• Removed duplicate toast message displayed after the successful creation of a new oplog
• Fixed GraphQL configuration that could cause webhook authentication to fail
• Fixed server error when trying to view entries for an oplog that does not exist

Changed

• Set defaults on some fields to make it easier to insert new domains, objectives, and findings via GraphQL
  • New domains will now default to WHOIS enabled, healthy, and available
  • Objectives will now default to primary priority and position one (top of the list)
  • Reported findings will now insert into position one (top of the list for its severity category)
• Log entry fields can now be null to make it easier to insert new entries via GraphQL
• Improved log entry view to make it easier to view logs
• Users with the manager role can now update and delete protected report templates
• User accounts can now be filtered by role in the admin panel
• Removed GraphQL operatorName field preset to allow this value to be set by the user
• Groups are now hidden on the user profile unless a user is part of a group
• Adjusted client and project dashboards for better display of information and controls
• Display of client's timezone has been changed to display the client's current date and time with the abbreviated timezone name
• API keys now start with an initial expiry date that is +1 day from the current date
• Project descriptions are now truncated after 35 words to make lengthy descriptions more readable in some sections of the UI
• Infrastructure notes under the project dashboard are now inside collapsible sections for easier reading
• Upgraded Ghostwriter CLI binaries to v0.2.3

Ghostwriter v3.0.4

Summary

This release includes some small bug fixes and adjustments to Slack notifications.

CHANGELOG

[3.0.4] - 12 September 2022

Fixed

• Fixed "No entries to display" reappearing during log syncs under some circumstances

Added

• Added Slack notification to confirm Slack configuration for a new project
• Added Slack notification for project date changes and checkout adjustments
• Added new scheduled task that checks for activity logs for active projects that have not been synced in the last 24 hours and sends a Slack notification to the project channel
• Added a .dockeringore file to reduce size and build time of Docker images

Changed

• Slack alert target can now be left blank if you do not want to target a person or channel
• Completed projects will no longer appear in the list of projects for a domain checkout
• Domain health checks will now flag a domain if VirusTotal has applied the dga tag to it
• Slack message formatting has been improved and will no longer include very large task outputs
• Updated Nginx image to 1.23.1 to enable building it on M1 macOS machines

Ghostwriter v3.0.0

Summary

This is the final release for v3.0.0. This release includes all the changes and features of the tagged v2.3.0-rc2 and v3.0.0-rc1 releases. There is a consolidated CHANGELOG below.

For existing installations of v2.x.x, please refer to the updated installation guide and new update guide.

Before building any containers, you will need to migrate your current PostgreSQL username and password. Get your username and password from the old .envs/.production/.postgres file and run these commands:

./ghostwriter-cli config set POSTGRES_USER <YOUR USERNAME>
./ghostwriter-cli config set POSTGRES_PASSWORD <YOUR PASSWORD>
./ghostwriter-cli config containers build
./ghostwriter-cli config containers up

Note on the API: Until cobalt_sync and mythic_sync are updated, the old REST API keys will still be issued for activity logging. In the near future, these projects will switch to using the GraphQL API and new API tokens, and a v3.x.x release will remove the old REST API endpoints and keys. This will also provide time for any other projects that use the REST API to switch to the GraphQL API.

CHANGELOG

[3.0.0] - 22 June 2022

Added

• Committed Ghostwriter CLI binaries (v0.2.1) for Windows, macOS, and Linux
• Added support for CVSS scoring with a calculator for findings (big thanks to @therealtoastycat and PR #189)
• Added user controls for generating and revoking API tokens from the user profile page
• Added Hasura GraphQL engine to production environments
• Usernames are now clickable and open the user's profile page for viewing
• User profiles now have a role field for managing permissions in the upcoming GraphQL API
• Added support for block quotes in report templates and WYSIWYG editor
• Added ProjectInvite and ClientInvite models to support role-based access controls in the GraphQL API
• Added a menu option to export a project scope to a text file from the project dashboard
  • Exports only the scope list for easy use with other tools–e.g., Nmap

Changed

• Ghostwriter CLI will now be used for installation, configuration, and management of the Ghostwriter server
• Docker will now use one .env file with values for all environments
  • The file is generated by Ghostwriter CLI
• Updated style of the finding preview pages for the finding library
• Updated style of notes to make them cleaner and easier to manage
• Project dashboard's "Objectives" tab will now show the current number of incomplete objectives and update when toggling objectives
• Updated keyword reference panel displayed when editing findings
• Subtask forms for objectives will now default to the objective's deadline date instead of "today"
• Objective deadlines will now be automatically adjusted when the parent objective's deadline changes
• Disabled L10N by default in favor of using DATE_FORMAT for managing the server's preferred date format (closes #193)
• User profiles now only show the user's role, groups, and Ghostwriter user status to the profile owner
• Updated nginx.conf to align it with Mozilla's recommendations for nginx v1.21.1 and OpenSSL 1.1.1l
  • See config: https://ssl-config.mozilla.org/#server=nginx&version=1.21.1&config=intermediate&openssl=1.1.1l&ocsp=false&guideline=5.6
• Toast messages for errors are no longer sticky so they do not have to be manually dismissed when covering UI elements
• Domain list table now shows an "Expiry" column and "Categories" column now parses the new categorization JSON field data
• Domain list filtering now includes a "Filter Expired" toggle that is on by default
  • Filters out domains with expiration dates in the past and auto_renew set to False even if status is set to "Available"
• The table on the domain list page and the menu on the domain details page will no longer disable the check out option if a domain's status is set to "Burned"
• Simplified usage of the format_datetime filter
  • Filter now accepts only two arguments: the date and the new format string
  • Format string should use Django values (e.g., M d, Y) instead of values translated to Python's standard (e.g., %b %d, %Y)
• Simplified usage of the add_says filter
  • Filter now accepts only two arguments: the date and an integer

Deprecated

• The individual .env files stored in .envs/ are no longer used and will be ignored by v3.x.x and later
• v2.2.x usage of the format_datetime and add_days filters is deprecated in v2.3.0
  • Both filters will no longer accept Python-style strftime strings
  • Both filters no longer needs or accepts the current_format and format_str parameters
  • Templates using the old style will fail linting

Removed

• Removed old environmnt variable templates from the project because they are no longer used for setup or management
• Removed unnecessary status badges on tabs in the project dashboard that were confusing and not very helpful
• Revoked direct insert permissions for History and ServerHistory tables used for tracking domain and server checkouts
• Removed "WHOIS Privacy" column on domain list page to make room for more pertinent information

Fixed

• Upgraded django-bleach dependency to fix error with latest python-bleach (Fixes #208)
• Fixed error that blocked creation of default BlockQuote style in the report template
• Fixed domain age column not sorting correctly in domain library table
• Checkbox in server form will no longer appear way bigger than intended
• Fixed issue where <em> tags could cause report generation to fail
• Bumped djangorestframework-api-key to v2.2.0 to fix REST API key creation (closes #197)
• Fixed project dashboard's "Import Oplog" button not pointing to the correct URL
• Fixed URL conflicts with export links for domains, servers, and findings

Security

• Restricted edit and delete actions on notes to close possibility of other users editing or deleting notes they do not own

Ghostwriter v3.0.0-rc1

This release candidate for v3.0.0 contains the final code for the release. It will only change if someone discovers an issue. Features are locked.

This release includes all the changes and features of the tagged v2.3.0-rc2 release. After reviewing some of the changes, we determined the GraphQL API and Docker changes warranted a significant version adjustment, so we have v3.0.0.

For existing installations of v2.2.x or lower, please refer to the updated installation guide and new update guide.

Before building any containers, you will need to migrate your current PostgreSQL password. Get your password from the old .envs/.production/.postgres file and run this command:

./ghostwriter-cli config set POSTGRES_PASSWORD <YOUR PASSWORD>

Note on the API: Until cobalt_sync and mythic_sync are updated, the old REST API keys will still be issued for activity logging. In the near future, these projects will switch to using the GraphQL API and new API tokens, and a v3.x.x release will remove the old REST API endpoints and keys. This will also provide time for any other projects that use the REST API to switch to the GraphQL API.

See the CHANGE LOG for a complete list of changes.