-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Idea: Add project section for capturing scope #59
Comments
I agree. This is something we are tracking as an enhancement. I like the idea of it potentially being linked to findings somehow – maybe the affected hosts section might have an autocomplete like we have for evidence files. I believe this can be more than just a text field that tracks a list of IP addresses. That's why it wasn't in the latest update. It could use some design time. I've pinned this issue in case anyone who sees it would like to share ideas. |
Before coming across Ghostwriter, I had written a tool that does something similar. In my experience. I had tried defining very specific models, only to end up adding a free-form area that we could use as a scope "dumping grounds". We largely focus on penetration testing and red team operations, but the variety in scoping in just those two things made it difficult to get specific. Because GW has 3-4 different engagements, you may be able to be more specific per engagement type, but when it gets to RTOs it's the kitchen sink, IMO. |
Brief update: we have been working on how we want to track project scope. Now that activity logging is implemented, we can proceed with some of these ideas. The broad goals for the initial release are:
|
You will be able to add and track scope lists in the next release. They can marked as requiring caution and disallowed (for blocklists). You can chunk up lists and add as many as you like. The lists are all accessible in reports. We'll continue building on this to create some nice features around this (as described above), but I'd rather get the core functionality working well before we try adding bells and whistles. 😃 |
That's awesome, thank you to everyone who contributed to making this a reality! |
Release: Merge for v2.1 Closes GHOST-198, GHOST-201, GhostManager#59, and GhostManager#74 See merge request ghostmanager/Ghostwriter!108
While not the final state (see above), this feature is included in the latest release: https://github.com/GhostManager/Ghostwriter/releases/tag/v2.1 |
Currently, the project page doesn't allow for you to import or provide a list of IP Addresses, domain names, or other asset items as a section denoting the scope of the project. This could assist with the findings reporting by allowing for autocomplete or in-scope items / hosts.
The text was updated successfully, but these errors were encountered: