terminal_sync is a standalone tool for logging Bash and PowerShell commands to GhostWriter automatically. The provided Bash script and PowerShell module register pre-exec and post-exec hooks that capture executed commands and function as clients, sending command information to the terminal_sync server for additional processing and enrichment. Any commands that meet the logging criteria (e.g., contain a specific keyword) are sent to GhostWriter.
For more information, including how to get started, please refer to our documentation
-
Automatic Shell Logging - Logs Bash and PowerShell commands directly to GhostWriter based on a configurable keyword list
-
Export Log Entries to CSV - Saves failed (or optionally all) command log entries to JSON files that can be converted to CSV and imported into GhostWriter - Supports off-line logging
-
Command Timestamps - Displays execution and completion timestamps for each command - Useful reference for commands not configured to auto-log
-
In-line Descriptions - Supports adding a description to the end of a command - Allows users to force an individual command to be logged - Maintains flow by keeping users at the command-line
-
Simple Configuration - Easy setup and configuration using YAML config file and/or environment variables
-
Management Commands - Ability to enable/disable terminal_sync or change the verbosity for an individual session
- Ghostwriter - Engagement Management and Reporting Platform
- Ghostwriter Documentation - Operation Logs - Guidance on operation logging setup and usage with Ghostwriter
Many thanks to:
- Everyone who contributed to GhostWriter and specifically chrismaddalena, its-a-feature, and hotnops for their work on mythic_sync (GraphQL) and mythic-sync (REST), from which terminal_sync "borrowed" liberally
- rcaloras and everyone who contributed to bash-preexec
- Finding this tool inspired me to build the first prototype of what later became terminal_sync