Integrate Ghostwriter with Vulnetix. Deploy Ghostwriter via Docker Compose, use the GraphQL API to query findings from engagements, and export to Vulnetix.
Install & scan
$ git clone https://github.com/GhostManager/Ghostwriter
cd Ghostwriter
python3 ghostwriter-cli.py install
$ GW_URL="https://ghostwriter.example.com"
GW_TOKEN="your-jwt-token"
curl -s -X POST "${GW_URL}/v1/graphql" -H "Content-Type: application/json" -H "Authorization: Bearer ${GW_TOKEN}" -d '{
"query": "query GetFindings($projectId: bigint!) { reportFindingLink(where: {report: {project: {id: {_eq: $projectId}}}}) { id title severity description mitigation } }",
"variables": {"projectId": 1}
}' | jq '.data.reportFindingLink' > ghostwriter-findings.json
Run Ghostwriter in CI
Scan on every push and upload the results to Vulnetix:
- name: Export Ghostwriter findings
env:
GW_URL: ${{ secrets.GW_URL }}
GW_TOKEN: ${{ secrets.GW_TOKEN }}
PROJECT_ID: ${{ secrets.GW_PROJECT_ID }}
run: |
curl -s -X POST "$GW_URL/v1/graphql" -H "Content-Type: application/json" -H "Authorization: Bearer $GW_TOKEN" -d "{"query":"query { reportFindingLink(where: {report: {project: {id: {_eq: $PROJECT_ID}}}}) { id title severity description } }"}" | jq '.data.reportFindingLink' > ghostwriter-findings.json
- name: Upload to Vulnetix
run: vulnetix upload --file ghostwriter-findings.json
How Vulnetix compares — better together
Vulnetix does not replace Ghostwriter. Keep running it. Vulnetix sits on top of Ghostwriter — and every other scanner you already own — turning disconnected tool outputs into one prioritised, fixable queue.
Ghostwriter is strongest at its core category and also carries features in Network & Vulnerability Scanners — just like Vulnetix spans categories.
| Capability | Vulnetix | Ghostwriter |
|---|---|---|
| Security coverage | ||
| SAST (static code analysis) | ✓ Built-in rules + Semgrep augmentation | ✗ |
| SCA / dependencies | ✓ 40+ ecosystems, transitive graph | ✗ |
| DAST (dynamic testing) | ~ Ingests DAST results; no native dynamic engine | ✗ |
| Container & image | ✓ Image CVEs, base image, Dockerfile | ✗ |
| IaC / misconfiguration | ✓ Terraform, k8s, CloudFormation | ✗ |
| Secret scanning | ✓ 1,000+ rules, source + binary + git history | ✗ |
| Cloud / CSPM | ✓ Cloud-posture findings, compliance tab | ✗ |
| Mobile (MAST) | ~ Ingests mobile scanner output; no native mobile engine | ✗ |
| License compliance | ✓ SPDX, copyleft/AGPL/SSPL policy | ✗ |
| SBOM generation | ✓ CycloneDX 1.7 + SPDX 2.3, cosign-signable | ✗ |
| Malware / supply-chain | ✓ De-duplicated corpus + install-time firewall (25+ registries) | ✗ |
| Network / infra vuln | ~ Ingests network scanner output; no native network scanner | ~ Tracks red-team infrastructure/domains and logs operation data; no vuln scanning engine |
| Fuzzing | ✗ Ingests fuzzing crashes; no native fuzzer | ✗ |
| Pentest / bug bounty | ✗ Ingests pentest/bug-bounty findings; not a testing service | ✓ Core: red-team project/finding management and report generation via findings library |
| The Vulnetix orchestration layer | ||
| Cross-scanner dedup & one queue (ASPM) | ✓ Correlates every scanner into one prioritised queue with ownership routing | ~ Reusable findings library standardizes entries but is not a cross-scanner dedup engine |
| Exploit-intel prioritisation | ✓ EPSS, CISA KEV, Coalition ESS, CWSS, Vulnetix LEV | ✗ |
| Reachability analysis | ✓ Tree-sitter + CVEAffected; direct/transitive/semantic | ✗ |
| Versioned VEX + audit trail | ✓ Immutable OpenVEX/CycloneDX, cosign-signable | ✗ |
| Safe Harbour autofix | ✓ Resolves + applies the nearest safe version | ✗ |
| End-of-life policy | ✓ Flags/blocks past-EOL runtimes & packages | ✗ |
| SSVC / risk-based policy | ✓ SSVC v2 + CISA/FedRAMP/Essential-8 presets | ✗ |
✓ full · ~ partial · ✗ not covered
What Ghostwriter does well
- Purpose-built red-team engagement management: clients, projects, covert infrastructure, domains and evidence tracked in one place
- Reusable findings library plus a powerful Jinja2 report engine producing DOCX, XLSX, PPTX and JSON from custom templates
- Operation Logging (oplog) that auto-captures operator commands via REST, integrating C2 frameworks like Cobalt Strike and Mythic
- Full Hasura-powered GraphQL API exposing every data model for automation, with SSO, MFA and RBAC
Where Vulnetix adds to it: Ghostwriter is a red-team engagement and reporting engine focused on operations logging and deliverable generation, not vulnerability scanning. Vulnetix ingests and orchestrates the findings Ghostwriter's operators produce (it never runs the offensive testing itself) and folds them into a prioritised, deduplicated queue alongside its native SAST/SCA/IaC/container/secrets/cloud/malware scanners. Vulnetix then adds exploit-intel scoring (EPSS/KEV/ESS/CWSS/LEV), reachability, versioned VEX with audit, EOL/SSVC policy and Safe Harbour autofix — remediation-side capabilities outside Ghostwriter's engagement-management scope.
No migration, no rip-and-replace. Ghostwriter keeps doing what it does best; Vulnetix adds the orchestration, exploit-intelligence prioritisation and remediation layer built for the way AppSec works today.
Centralise Ghostwriter results in Vulnetix
Upload Ghostwriter JSON, DOCX, XLSX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.