Image for post
Image for post

We introduced Ghostwriter in July 2019 when we felt it was a good v1.0, but active development never slowed. If you missed the release at Black Hat Arsenal 2019, checkout Ghostwriter here first:

A lot has changed in the past six months so let’s dive into some of the most exciting changes for 2020.


Easily the biggest change is the addition of a WYSIWYG editor. Ghostwriter now uses TinyMCE for editing findings and notes. TinyMCE is widely used in products like WordPress and integrates well with Django.

Image for post
Image for post
New WYSIWYG editor with example formatting applied

This was a heavy lift that required testing multiple editors and figuring out how to best convert the WYSIWYG HTML to the various reporting formats (e.g., Office XML). Originally, we stated this feature was a low priority; however, it really needed to be in place early to reduce how much work would need to be done by current users to convert findings that used Ghostwriter’s original template keywords to the new WYSIWYG editor. …

It was about a year ago that we had the idea to make special badges for the SpecterOps team at Black Hat 2019. We initially looked at printed circuit boards, the de facto foundation for most Black Hat / DEF CON badges, but abandoned that idea early on in the process. We decided to go with something we could fabricate ourselves. Something different.

Image for post
Image for post
Making use of that DEF CON 27 badge and lanyard design

I took on the design and creation and fabricated each badge out of urethane resin, specifically Smooth-On’s Crystal Clear 200. …

Part 1 introduced Ghostwriter. This article expands upon the making of Ghostwriter, the technology stack, and the thought process that went into the development. If you have not read Part 1, check out Ghostwriter here:

Stack Overview

Ghostwriter is a web application written in Python with the Django web framework. It is a collection of Python 3.7, HTML, JavaScript, CSS, Jinja, and Django code compartmentalized into multiple Django applications. This compartmentalization helps keep the code organized and easy to peruse during customization or development efforts.

The application uses a PostgreSQL backend that Django natively supports. However, should users desire to switch to a different type of backend, the Django can be updated to use SQLite, Oracle, or MySQL without any additional libraries. Django makes it easy to modify the Ghostwriter database models as well. Migrations are usually smooth and trouble-free, especially if you are customizing the models prior to using Ghostwriter in production. …


Christopher Maddalena

A maker and a hacker

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store