CMU GHOSTS is a user simulation tool built by engineers at CMU for their CTFs and Cyberwarfare training. They have published this code to their public Github for others to use.
This is a really great tool even for home lab environments where you want “real world” like data and users in your network. My use case for this was to generate data on endpoints for malicious activities and for network traffic to simulate real-world user web traffic.
CMU has even added in a component to assist in making the NPCs, Non-player Characters as they refer to these simulated users as, with another AI tool called Spectre. With the use of this add-on tool you can give each of the NPCs a “personality” that will dictate how the user goes around on the web.
One of the downsides of GHOSTS is the fact that it does take a decent amount of time to get all the NPC files and processes set up and some of the times the randomness ends up leaving gaps in times where it is just not doing anything at all.
Here is how I went about installing and using GHOSTS also my own insight. Sorry for the lack of screenshots, did not think about that while testing this code.
First, I am installing Ubuntu 20.04 with Docker and going to try and deploy the Docker Container first to see how this goes. It will be easier to deploy and use if the Docker containers work.
Navigate to /scr
Edit the docker-compose.yml file to map the Docker locations to your current directory schema.
docker-compose up -d
This will build out the containers
I ran into an issue where the Grafana container would not boot up, so I just killed that container and manually ran it with
docker run -d -p 3000:3000 grafana/grafana
That allowed it to come online and I was able to pull the webpage successfully and continue on with the process.
default login is admin:admin
Then go to Configurations (sprocket on the left menu) and select data sources
set Source to PostgreSQL
Fill in the host information
The database name is ghost
user is ghost
password is scott@1
The above can be modified if you change the app settings but it is just best to leave them be.
Set SSL Mode to disabled
You can leave everything else to default and hit Save & test then this should confirm it is good to go and you can move onto the next steps.
Next we have to import the Grafana JSON for the tables
Left side go to the plus sign and select IMPORT
You can just copy the JSON from the GHOSTS repo at linked here
then paste it in the Import via panel JSON
Select the datasouce as PostgreSQL that we set earlier and that should be all good to go now
After going through all of this you will now have to compile the Client code and run it on the system that you would like an NPC to be on. Then you are going to have to start editing the Timeline files that run on each of the NPCs. It did look like you should be able to push this from the Server but I could not get that feature to work.
If you are having issues with your Timeline, there are examples of them in the repo itself and it does take a good amount of time to really get a timeline in place for what you are trying to get it to do.
But for me it really turns out that the GHOSTS tool was not 100% for what I was looking for and the fact that it is written in C#, a language I do not know, I am not able to modify it effectively or contribute to the project.
I am now creating a framework that is like GHOSTS but in Python. This will basically take all of the scripts I have already written for user simulation and make it Client/Server based and easily modifiable and user friendly for more people to use in their own Home Labs.