Before Ghostwriter can be used, you must populate the models with the provided Django fixtures. Without this data nothing will really work and you will encounter errors.
Once Docker has built your containers, you are ready to prepare the database. You know you're ready to begin when you see:
Creating ghostwriter_postgres_1 ... doneCreating ghostwriter_redis_1 ... doneCreating ghostwriter_queue_1 ... doneCreating ghostwriter_django_1 ... done
Run this command:
docker-compose -f local.yml run --rm django /seed_data
If you remained attached to the containers in the previous step, you will need to do this from another terminal.
That command populates models like the domain status and project types. This data must be inserted into the models before proceeding. If you try to use Ghostwriter without these values you will encounter database migration errors and the application will be unusable.
# docker-compose -f local.yml run --rm django /seed_dataStarting ghostwriter_postgres_1 ... donePostgreSQL is availableLoading /app/ghostwriter/reporting/fixtures/initial.json...Installed 12 object(s) from 1 fixture(s)Loading /app/ghostwriter/rolodex/fixtures/initial.json...Installed 10 object(s) from 1 fixture(s)Loading /app/ghostwriter/shepherd/fixtures/initial.json...Installed 27 object(s) from 1 fixture(s)
Editing fixtures may have some unexpected consequences. In general, please do not edit the fixture files not mentioned below.
Each sub-application has a fixtures
folder with an initial.json
file where the fixtures live.
You can add or edit the finding types in the Reporting fixture file. The initial values include Network, Wireless, Mobile, Web, Physical, and Host.
The Rolodex fixture file has multiple types that you can change. Feel free to add or edit the project types and project roles. Project types represent the types of projects (e.g. red team, penetration test). The project roles apply to humans assigned to projects (e.g. assessment lead).
The Shepherd fixture file contains server providers and server roles that you can change. The domain status values should be left alone.
The severity ratings in Ghostwriter are customizable; however, some of the templates expect to find ratings that match the Critical, High, Medium, Low, and Informational ratings in the provided fixture file. If the ratings are changed there are several HTML template files that will also need to be edited, and it may impact some JavaScript.
All fixtures should look something like this:
{"model": "ghostwriter.findingtype","pk": 5,"fields": {"finding_type": "Mobile"}}
If you add a fixture, be careful to increment the pk
value (the primary key). If you do not, your addition will just overwrite the preceding fixture with the matching pk
.
Once the fixtures have been loaded successfully, you are ready to move forward.