Ability to add "Tools" as assets along with Servers

GhostManager / Ghostwriter

The SpecterOps project management and reporting engine

https://ghostwriter.wiki

BSD 3-Clause "New" or "Revised" License

1.35k stars 183 forks source link

Ability to add "Tools" as assets along with Servers #512

Open mynoc96 opened 2 months ago

mynoc96 commented 2 months ago

Is your feature request related to a problem? Please describe. When performing tests that don't require an IP stack (WiFi, embedded, pick a protocol), there's no way to track what asset/tooling was used for the test.

Describe the solution you'd like Ideally, I'd like a solution similar to servers, but labeled "Tools" with fields of:

Description
Location (tied to a table similar to "Server Provider")
Status: Available, Reserved, Unavailable, N/A
Tags
Notes

Describe alternatives you've considered In the short term, repurposing servers and making IP address and data center optional could alleviate the issue, but the addition of a "Tools" section under assets would be awesome.

er4z0r commented 1 month ago

What kinds of tools are your thinking? Stuff like drop-boxes and stuff for physical access? I'm asking because there is/was an issue for this #260 . I just never got around to looking into it. If that is what you're looking for, maybe we can reopen that and collaborate there.

mynoc96 commented 1 month ago

That's pretty similar to what I'm after. I want to able to capture which tools (physical or virtual) were used either on a report or on a finding. We usually provide a list of tools used during the penetration test, to aid in reproduction, and I would like to able to look back and determine which tools were the most effective at creating findings.

I would envision that as an "uncountable" tool table (no checkout required), that would serve as a data source for a "tools" reference in either the finding or report (report would be "easier" to make it iterable without hitting duplicates). And, I understand that the implementation I am suggesting is A way, not necessarily THE way. :-)

mynoc96 commented 1 month ago

I found a hackish work-around that gets at what I'm after. I created an extra field for oplogs called "Tool Description (tool_description)". For my report, I iterate through, and if there is a tool description, it grabs the tool name (with the capitalization used in the oplog) and tool description for my "Tools Used" table.

The downside is I have to enter the tool description for each test, rather than having a dataset of tools I could pull from.