Skip to main content
Ghostwriter
Ghostwriter is an open-source platform designed to enhance offensive security operations by simplifying report writing, asset tracking, and assessment management. It offers tools for managing clients, creating a reusable findings library, and organizing the infrastructure and domains utilized during assessments. With its powerful reporting engine, Ghostwriter includes comprehensive collaborative writing features and customizable report templates, allowing teams to produce polished deliverables with minimal manual effort. Ghostwriter comes equipped with “enterprise-level” features, such as role-based access controls, single sign-on authentication, and multi-factor authentication. Additionally, it integrates with tools like Mythic C2 and Cobalt Strike to enable automatic activity logging. These capabilities make Ghostwriter an ideal centralized and collaborative environment for red teams and consultants to efficiently plan, execute, and document their assessments. The platform effectively tracks and manages client and project information, covert infrastructure assets (such as servers and domain names), finding templates, report templates, evidence files, and more. This data is accessible to Ghostwriter’s reporting engine, which generates comprehensive Word (DOCX) reports using Jinja2 templating and your customized report templates. Ghostwriter can also produce reports in XLSX, PPTX, and JSON formats. Furthermore, you can leverage Ghostwriter’s GraphQL API to integrate custom project management, reporting workflows, and external tools into the platform. This site will always have the most up-to-date documentation on how to install and use Ghostwriter. To learn more about Ghostwriter, check out this article. Ghostwriter is entirely free and open-source (FOSS) software. All the code is available on GitHub.

License

Ghostwriter is licensed under the BSD-3 license.
LICENSE.md