Idea: Add project section for capturing scope

[kkirsche]

Currently, the project page doesn't allow for you to import or provide a list of IP Addresses, domain names, or other asset items as a section denoting the scope of the project. This could assist with the findings reporting by allowing for autocomplete or in-scope items / hosts.

[chrismaddalena]

I agree. This is something we are tracking as an enhancement. I like the idea of it potentially being linked to findings somehow – maybe the affected hosts section might have an autocomplete like we have for evidence files.

I believe this can be more than just a text field that tracks a list of IP addresses. That's why it wasn't in the latest update. It could use some design time. I've pinned this issue in case anyone who sees it would like to share ideas.

[eddiezab]

I believe this can be more than just a text field that tracks a list of IP addresses. That's why it wasn't in the latest update. It could use some design time. I've pinned this issue in case anyone who sees it would like to share ideas.

Before coming across Ghostwriter, I had written a tool that does something similar. In my experience. I had tried defining very specific models, only to end up adding a free-form area that we could use as a scope "dumping grounds". We largely focus on penetration testing and red team operations, but the variety in scoping in just those two things made it difficult to get specific.

Because GW has 3-4 different engagements, you may be able to be more specific per engagement type, but when it gets to RTOs it's the kitchen sink, IMO.

[chrismaddalena]

Brief update: we have been working on how we want to track project scope. Now that activity logging is implemented, we can proceed with some of these ideas. The broad goals for the initial release are:

• Support a general scope, an allowlist, and a blocklist
• Build (or add to) a scope from activity logs
• Display alerts if activity logs show activity involving a host in the blocklist
• Automatically associate hostnames and IP addresses (where possible) based on logs
• Provide auto-complete in the WYSIWYG editors for addresses and hostnames in the scope

[chrismaddalena]

You will be able to add and track scope lists in the next release. They can marked as requiring caution and disallowed (for blocklists). You can chunk up lists and add as many as you like. The lists are all accessible in reports. We'll continue building on this to create some nice features around this (as described above), but I'd rather get the core functionality working well before we try adding bells and whistles. 😃

[kkirsche]

That's awesome, thank you to everyone who contributed to making this a reality!

[chrismaddalena]

While not the final state (see above), this feature is included in the latest release: https://github.com/GhostManager/Ghostwriter/releases/tag/v2.1