Tool integration

Ghostwriter Integration Guide

SpecterOps pentest engagement platform with a GraphQL API for findings and report generation

Get a Free API Key

Integrate Ghostwriter with Vulnetix. Deploy Ghostwriter via Docker Compose, use the GraphQL API to query findings from engagements, and export to Vulnetix.

SaaS platformJSONDOCXXLSX

Install & scan

$ git clone https://github.com/GhostManager/Ghostwriter
cd Ghostwriter
python3 ghostwriter-cli.py install
$ GW_URL="https://ghostwriter.example.com"
GW_TOKEN="your-jwt-token"

curl -s -X POST "${GW_URL}/v1/graphql"   -H "Content-Type: application/json"   -H "Authorization: Bearer ${GW_TOKEN}"   -d '{
    "query": "query GetFindings($projectId: bigint!) { reportFindingLink(where: {report: {project: {id: {_eq: $projectId}}}}) { id title severity description mitigation } }",
    "variables": {"projectId": 1}
  }' | jq '.data.reportFindingLink' > ghostwriter-findings.json

Run Ghostwriter in CI

Scan on every push and upload the results to Vulnetix:

- name: Export Ghostwriter findings
  env:
    GW_URL: ${{ secrets.GW_URL }}
    GW_TOKEN: ${{ secrets.GW_TOKEN }}
    PROJECT_ID: ${{ secrets.GW_PROJECT_ID }}
  run: |
    curl -s -X POST "$GW_URL/v1/graphql"       -H "Content-Type: application/json"       -H "Authorization: Bearer $GW_TOKEN"       -d "{"query":"query { reportFindingLink(where: {report: {project: {id: {_eq: $PROJECT_ID}}}}) { id title severity description } }"}"       | jq '.data.reportFindingLink' > ghostwriter-findings.json

- name: Upload to Vulnetix
  run: vulnetix upload --file ghostwriter-findings.json

How Vulnetix compares — better together

Vulnetix does not replace Ghostwriter. Keep running it. Vulnetix sits on top of Ghostwriter — and every other scanner you already own — turning disconnected tool outputs into one prioritised, fixable queue.

Ghostwriter is strongest at its core category and also carries features in Network & Vulnerability Scanners — just like Vulnetix spans categories.

CapabilityVulnetixGhostwriter
Security coverage
SAST (static code analysis)Built-in rules + Semgrep augmentation
SCA / dependencies40+ ecosystems, transitive graph
DAST (dynamic testing)~ Ingests DAST results; no native dynamic engine
Container & imageImage CVEs, base image, Dockerfile
IaC / misconfigurationTerraform, k8s, CloudFormation
Secret scanning1,000+ rules, source + binary + git history
Cloud / CSPMCloud-posture findings, compliance tab
Mobile (MAST)~ Ingests mobile scanner output; no native mobile engine
License complianceSPDX, copyleft/AGPL/SSPL policy
SBOM generationCycloneDX 1.7 + SPDX 2.3, cosign-signable
Malware / supply-chainDe-duplicated corpus + install-time firewall (25+ registries)
Network / infra vuln~ Ingests network scanner output; no native network scanner~ Tracks red-team infrastructure/domains and logs operation data; no vuln scanning engine
FuzzingIngests fuzzing crashes; no native fuzzer
Pentest / bug bountyIngests pentest/bug-bounty findings; not a testing serviceCore: red-team project/finding management and report generation via findings library
The Vulnetix orchestration layer
Cross-scanner dedup & one queue (ASPM)Correlates every scanner into one prioritised queue with ownership routing~ Reusable findings library standardizes entries but is not a cross-scanner dedup engine
Exploit-intel prioritisationEPSS, CISA KEV, Coalition ESS, CWSS, Vulnetix LEV
Reachability analysisTree-sitter + CVEAffected; direct/transitive/semantic
Versioned VEX + audit trailImmutable OpenVEX/CycloneDX, cosign-signable
Safe Harbour autofixResolves + applies the nearest safe version
End-of-life policyFlags/blocks past-EOL runtimes & packages
SSVC / risk-based policySSVC v2 + CISA/FedRAMP/Essential-8 presets

✓ full · ~ partial · ✗ not covered

What Ghostwriter does well

Where Vulnetix adds to it: Ghostwriter is a red-team engagement and reporting engine focused on operations logging and deliverable generation, not vulnerability scanning. Vulnetix ingests and orchestrates the findings Ghostwriter's operators produce (it never runs the offensive testing itself) and folds them into a prioritised, deduplicated queue alongside its native SAST/SCA/IaC/container/secrets/cloud/malware scanners. Vulnetix then adds exploit-intel scoring (EPSS/KEV/ESS/CWSS/LEV), reachability, versioned VEX with audit, EOL/SSVC policy and Safe Harbour autofix — remediation-side capabilities outside Ghostwriter's engagement-management scope.

No migration, no rip-and-replace. Ghostwriter keeps doing what it does best; Vulnetix adds the orchestration, exploit-intelligence prioritisation and remediation layer built for the way AppSec works today.

Centralise Ghostwriter results in Vulnetix

Upload Ghostwriter JSON, DOCX, XLSX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Ghostwriter documentation ↗  ·  Source repository ↗

Wire Ghostwriter into your CI/CD pipeline →