Ghostwriter
Learn MoreGet the CodeSpecterOps Blog
Search…
Ghostwriter
Welcome to Ghostwriter
Getting Started
Quickstart
Updating Ghostwriter
Managing the Server
Configuring Global Settings
Introduction to Command Center
Personalizing Company Information
Configuring Global Report Options
Configuring APIs
Features
Findings Library
Infrastructure Management
Server Management
Domains Management
Populating the Domain Library
Domain Checkout
Monitoring Domains
Operation Logs
Reporting
Background Tasks
GraphQL API
Health Monitoring
Getting Help
FAQ
Reporting a Problem
Reporting a Security Issue
Workflow & Usage
The Workflow
Coding Style Guide
Basic Formatting
Form Layouts & Design
Development
Development Road Map
Stack Overview
Modifying Code
Testing Code
Contributing to the Project
Database Models
Expected Services & Processes
Change Logs
4 April 2022, v2.3.0-rc1
16 February 2022, v2.2.3
9 February 2022, v2.2.3-rc2
28 January 2022, v2.2.3-rc1
22 October 2021, v2.2.2
27 September 2021, v2.2.2-rc2
15 September 2021, v2.2.2-rc1
28 May 2021, v2.2.1
10 May 2021, v2.2.0
13 April 2021, v2.2.0-rc1
Powered By GitBook
Monitoring Domains
Performing health checkups on domain names

Domain Health Checks

Ghostwriter grades a domain's health as Healthy or Burned. Health is based on domain categorization and VirusTotal information.

Categorization Health

Domain categories are pulled from VirusTotal, which pulls categorization information from multiple sources. See the VirusTotal configuration for more information.
Categorization data is stored as jsonb in the categorization field. The format is:
{
"VENDOR": "CATEGORY",
"VENDOR": "CATEGORY",
...
}
Ghostwriter assumes these categories are bad and any source flagging a domain with one of these categories will trigger the health status to flip to Burned:
  • spam
  • phishing
  • gambling
  • suspicious
  • pornography
  • placeholders
  • web ads/analytics
  • scam/questionable/illegal
  • malicious sources/malnets
Most of these categories are self-explanatory, but some ⁠— like gambling ⁠— may not seem like they belong.
  • Placeholders: This often appears when a domain's category is undetermined. It translates to Uncategorized and may mean the domain is under review.
  • Gambling: Not malicious, but likely blocked in a corporate environment.
If a domain is flagged as Burned it may still be recoverable. If you have a domain you really like, it may be worth trying to get it recategorized and continuing to monitor its reputation to determine if it can be used after a cool-off period.

Additional Checks

The infrastructure manager also references malwaredomains.com to check if one of your domain names appears in their list of malicious domains.

Domain DNS Updates

You can also track the current DNS records for your domain names. Ghostwriter pulls this information using DNS queries.
These queries will not return subdomain records. You will have to manually track subdomains or use your registrar's API (if available) to pull these records.
You can edit or add tasks to tasks.py to leverage an API.

Queuing Domain Updates

Scheduling these tasks will keep records up-to-date without requiring any user interaction.
Domain update tasks exist in the tasks.py. These functions can be scheduled or requested manually.
Update All Domains
Update Individual Domains
The Domain Update Control Panel lives at /shepherd/update and provides information on when the updates were last run, how long they took to complete, and their exit state (success or error messages).
The Control Panel Under /shepherd/update
Click the Start Update button under the desired check to queue a check for all domains.
To update domain information or DNS records for just a single domain, open the domain's details and expand the Health and Categories or DNS Records panes.
Each of these panes contains a Refresh button. Click this button to queue an update for just the one domain.
Previous
Domain Checkout
Next - Features
Operation Logs
Last modified 7mo ago
Copy link
On this page
Domain Health Checks
Categorization Health
Additional Checks
Domain DNS Updates
Queuing Domain Updates