Comments (6)
Brief update: we have been working on how we want to track project scope. Now that activity logging is implemented, we can proceed with some of these ideas. The broad goals for the initial release are:
- Support a general scope, an allowlist, and a blocklist
- Build (or add to) a scope from activity logs
- Display alerts if activity logs show activity involving a host in the blocklist
- Automatically associate hostnames and IP addresses (where possible) based on logs
- Provide auto-complete in the WYSIWYG editors for addresses and hostnames in the scope
from ghostwriter.
You will be able to add and track scope lists in the next release. They can marked as requiring caution and disallowed (for blocklists). You can chunk up lists and add as many as you like. The lists are all accessible in reports. We'll continue building on this to create some nice features around this (as described above), but I'd rather get the core functionality working well before we try adding bells and whistles. 😃
from ghostwriter.
That's awesome, thank you to everyone who contributed to making this a reality!
from ghostwriter.
I agree. This is something we are tracking as an enhancement. I like the idea of it potentially being linked to findings somehow – maybe the affected hosts section might have an autocomplete like we have for evidence files.
I believe this can be more than just a text field that tracks a list of IP addresses. That's why it wasn't in the latest update. It could use some design time. I've pinned this issue in case anyone who sees it would like to share ideas.
from ghostwriter.
I believe this can be more than just a text field that tracks a list of IP addresses. That's why it wasn't in the latest update. It could use some design time. I've pinned this issue in case anyone who sees it would like to share ideas.
Before coming across Ghostwriter, I had written a tool that does something similar. In my experience. I had tried defining very specific models, only to end up adding a free-form area that we could use as a scope "dumping grounds". We largely focus on penetration testing and red team operations, but the variety in scoping in just those two things made it difficult to get specific.
Because GW has 3-4 different engagements, you may be able to be more specific per engagement type, but when it gets to RTOs it's the kitchen sink, IMO.
from ghostwriter.
While not the final state (see above), this feature is included in the latest release: https://github.com/GhostManager/Ghostwriter/releases/tag/v2.1
from ghostwriter.
Related Issues (20)
- Add short_name and address to company HOT 4
- Failures during backup HOT 3
- Export feature within Operation Logs broken HOT 2
- Plextrac Database to Ghostwriter HOT 3
- Automatically adjusted text box size HOT 3
- Django No such file or directory error HOT 2
- Seed_data instructions missing from wiki HOT 1
- Report fields not available for output reports filename HOT 4
- Group permissions not being honored HOT 7
- CVSS v4 calculator HOT 1
- Issues with the Scan Servers task HOT 1
- Compile ghostwriter-cli for ARM HOT 1
- Django fails to start after upgrade from 3.2.9 HOT 8
- Reassigning Report to different Project
- Backup not backing up archives, evidence, templates HOT 2
- Stored Cross-Site Scripting - report_detail HOT 1
- Copy paste image in reproduce vulnerability steps HOT 2
- Installation sequence fails: Django container exited unexpectedly HOT 5
- Can't delete Notes from findings in the Ghostwritter UI (version v4.0.5) HOT 3
- OKTA Authentication HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ghostwriter.