Ghostwriter v2.3.0 and 2022 roadmap
Ghostwriter changes! We try to be transparent in our development work, but making this information accessible has been difficult. We’ve tried using a Trello board, blog posts, Twitter updates, Slack channels, and other tools, but we’ve heard that these media aren’t always easy to follow. So we are trying a new approach.
If you visit the GitHub repository now you will see some new things:
- Active Projects tongue
- Active Discussions tongue
- A new version of Ghostwriter v2.3.0-rc1
Let’s break it down and explain why you should care.
Quarterly and annual public roadmaps
In March 2022, we released a month-long survey asking the community to respond to various feature requests and new ideas so we can get an idea of what to prioritize over the course of the year. to come. We plan to create annual goals which we will then break down into quarterly releases.
You will now find published road maps under the Projects tongue at the top of the code repository. We moved to GitHub projects to make these roadmaps more accessible and in sync with development work. The project dashboard is also where you can track the progress of open issues.
We’ve taken the survey responses and converted the most popular features into a 2022 roadmap. Here’s what’s on deck for the next few quarters in order of popularity:
- CVSS / DREAD Score Calculator and Tracker
- Added new sections to reports in Ghostwriter
- GraphQL API
- Cropping and Annotating Image Evidence
We have more survey features tracked in the GitHub project. We may be able to implement them sooner depending on the effort required for the above features and bug fixes that arise during development.
Discuss new features and releases
We have also enabled the Discussions characteristic on the code repository. The community can use this section to ask questions more effectively and come up with new ideas. We will still have the #Writer ghost soft channel and discussions inside the issues, but this new space will greatly facilitate ongoing searchable discussions.
The dedicated Release Discussion is where you can give feedback on new releases. These threads are handy for release candidates.
Ghostwriter v2.3.0 RC 1
Speaking of candidate releases, Ghostwriter’s latest release, v2.3.0-rc1, brings it all together and is our first release after the 2022 roadmap. ‘GraphQL API.
The GraphQL API implementation is not complete as a release candidate, but it is ready for testing. The API comes with several important new features that will help make this API very powerful and unlock future improvements:
- Initial implementation of granular role-based access controls for project data
- Easy Authentication with JSON Web Tokens
- Docker container for Hasura GraphQL engine to manage and publish schema
Read more on the wiki for how to get started and current limitations:
The API gives the community the power to develop automation and middleware. We’ve heard from several teams who wanted an easier way to integrate the JSON report into their workflow or asked for a way to pull data from Ghostwriter for display in another application. With GraphQL, you can query anything stored in Ghostwriter and retrieve only the data you need.
With this new API, you can do things like:
- Automate project creation
- Extract project data for custom workflows
- View project data and assignments on a personalized dashboard
- Update the project infrastructure deployed by a custom application or script
- Analyze the health of your domains with custom scripts and update their status
- Much more
You may already know the initial iteration of this feature via mythic_sync and cobalt_sync for automated logging. The new API creates more possibilities for other types of middleware. We are very excited to use the API for internal development. You can expect the GhostManager organization on GitHub to grow with additional tools that you can use or customize.
The GraphQL API will continue to evolve as we get closer to the final release of v2.3.0. In the meantime, the API will only be available when you run Ghostwriter in “development mode” with the local.yml file.
There is a dedicated thread in the Release Discussion section, and we will follow new developments on the API on the GitHub project board.
The development team is excited about this latest release candidate and changes to the repository. We hope it will be easier for the community to provide feedback, report issues, and learn how to use the new GraphQL API. As the API matures, we hope the community will find creative uses for it.
Do you have an idea or feedback to share? We’ve also hired new community resources to guide you:
*** This is a syndicated blog from the Security Bloggers Network of SpecterOps Team Member Posts – Medium written by Christopher Maddalena. Read the original post at: https://posts.specterops.io/ghostwriter-v2-3-0-2022-road-map-13cb7a64ff89?source=rss—-f05f8696e3cc—4