class Service(Entity):
_category_ = 'Infrastructure'
name = StringEntityField('service.name',
display_name='Description',
is_value=True)
banner = StringEntityField('banner.text', display_name='Service Banner')
ports = StringEntityField('port.number', display_name='Ports')
class Hash(Observable):
_category_ = 'Yeti'
_namespace_ = 'Yetigo'
malicious = StringEntityField('Malicious', display_name='Malicious')
undetected = StringEntityField('Undetected', display_name='Undetected')
suspicious = StringEntityField('Suspicious', display_name='Suspicious')
magic = StringEntityField('Magic', display_name='Magic')
class URL(Entity):
_category_ = 'Infrastructure'
short_title = StringEntityField('short-title',
display_name='Short title',
is_value=True,
alias='maltego.v2.value.property')
url = StringEntityField('url', display_name='URL', alias='theurl')
title = StringEntityField('title', display_name='Title', alias='fulltitle')
class TrackingCode(Entity):
_alias_ = 'maltego.UniqueIdentifier'
_category_ = 'Infrastructure'
unique_identifier = StringEntityField('properties.uniqueidentifier',
display_name='Uniqueidentifier',
is_value=True)
identifier_type = StringEntityField('identifierType',
display_name='Identifier Type')
class Observable(Entity):
_category_ = 'Yeti'
_namespace_ = 'Yetigo'
observable = StringEntityField('Observable', display_name='Observable')
type_obs = StringEntityField('type', display_name='type')
tags = ArrayEntityField('Tags', display_name='Tags')
context = StringEntityField('Context', display_name='Context')
source = StringEntityField('Source', display_name='Source')
class Twitter(Affiliation):
_alias_ = 'AffiliationTwitter'
number = IntegerEntityField('twitter.number',
display_name='Twitter Number')
screenname = StringEntityField('twitter.screen-name',
display_name='Screen Name')
friendcount = IntegerEntityField('twitter.friendcount',
display_name='Friend Count')
fullname = StringEntityField('person.fullname', display_name='Real Name')
class MISPEvent(Entity):
_category_ = 'MISP'
_namespace_ = 'misp'
icon_url = 'file://MISP_maltego/resources/images/MISPEvent.png'
uuid = StringEntityField('uuid', display_name='UUID', matching_rule=MatchingRule.Loose)
id = IntegerEntityField('id', display_name='id', is_value=True)
# date = DateEntityField('type.date', display_name='Event date')
info = StringEntityField('info', display_name='Event info', matching_rule=MatchingRule.Loose)
class IPv4Address(Entity):
_category_ = 'Infrastructure'
_namespace_ = 'maltego'
# Main properties ---------------------------//
host_id = IntegerEntityField('id', display_name='Host ID')
workspace_id = IntegerEntityField('workspace_id', display_name='Workspace ID')
# Icon Properties ---------------------------//
origin_tool = StringEntityField('origin_tool', display_name='Origin Tool', decorator=getOriginTool)
tool_icon = StringEntityField('tool_icon', display_name='Tool Icon')
class MISPObject(Entity):
_category_ = 'MISP'
_namespace_ = 'misp'
icon_url = 'file://MISP_maltego/resources/images/MISPObject.png'
uuid = StringEntityField('uuid', display_name='UUID')
event_id = IntegerEntityField('event_id', display_name='Event ID')
name = StringEntityField('name', display_name='Name', is_value=True)
meta_category = StringEntityField('meta_category', display_name='Meta Category')
description = StringEntityField('description', display_name='Description')
comment = StringEntityField('comment', display_name='Comment')
class MISPObject(Entity):
_category_ = 'MISP'
_namespace_ = 'misp'
icon_url = 'file://MISP_maltego/resources/images/MISPObject.png'
uuid = StringEntityField('uuid', display_name='UUID')
event_id = IntegerEntityField('event_id', display_name='Event ID') # LATER remove this once MISP provides objects correctly when requesting only the object. See https://github.com/MISP/MISP/issues/3801
name = StringEntityField('name', display_name='Name', is_value=True)
meta_category = StringEntityField('meta_category', display_name='Meta Category', matching_rule=MatchingRule.Loose)
description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose)
comment = StringEntityField('comment', display_name='Comment', matching_rule=MatchingRule.Loose)
class Person(Entity):
_category_ = 'Personal'
fullname = StringEntityField('person.fullname',
display_name='Full Name',
is_value=True)
lastname = StringEntityField('person.lastname',
display_name='Surname',
alias='lastname')
firstnames = StringEntityField('person.firstnames',
display_name='First Names',
alias='firstname')
class Document(Entity):
_category_ = 'Personal'
url = StringEntityField('url',
display_name='URL',
alias='link',
is_value=True)
title = StringEntityField('title',
display_name='Title',
alias='maltego.v2.value.property')
metadata = StringEntityField('document.metadata',
display_name='Meta-Data',
alias='metainfo')
class Hash(Entity):
_category_ = 'Malware'
hash = StringEntityField('properties.hash',
display_name='Hash',
is_value=True)
type = StringEntityField('type', display_name='Hash Type')
owner = StringEntityField('owner', display_name='Owner')
before = DateEntityField('before', display_name='Before')
after = DateEntityField('after', display_name='After')
included_media_types = StringEntityField(
'includeMediaType', display_name='Included Media Types')
excluded_media_types = StringEntityField(
'excludeMediaType', display_name='Excluded Media Types')
class Affiliation(Entity):
_category_ = 'Social Network'
_namespace_ = 'maltego.affiliation'
person_name = StringEntityField('person.name',
display_name='Name',
is_value=True)
uid = StringEntityField('affiliation.uid', display_name='UID', alias='uid')
network = StringEntityField('affiliation.network',
display_name='Network',
alias='network')
profile_url = StringEntityField('affiliation.profile-url',
display_name='Profile URL',
alias='profile_url')
class Netblock(Entity):
_category_ = 'Infrastructure'
_namespace_ = 'maltego'
# Main properties ---------------------------//
name = StringEntityField('name', display_name='Workspace Name',
description='The name of the workspace. This is the unique identifier \
for determining which workspace is being accessed.')
workspace_id = IntegerEntityField('workspace_id', display_name='ID',
description='The primary key used to identify this object in the database.')
boundary = StringEntityField('boundary', display_name='Boundary',
description='Comma separated list of IP ranges (in various formats) \
and IP addresses that users of this workspace are allowed to interact \
with if limit_to_network is true.')
description = StringEntityField('description', display_name='Description',
description='Long description that explains the purpose of this workspace.')
owner_id = StringEntityField('owner_id', display_name='Owner ID',
description='ID of the user who owns this workspace.')
limit_to_network = BooleanEntityField('limit_to_network', display_name='Limit to Network',
description='true to restrict the hosts and services in this workspace \
to the IP addresses listed in boundary')
import_fingerprint = BooleanEntityField('import_fingerprint', display_name='Import fingerprint',
description='Identifier that indicates if and where this workspace was imported from.')
created_at = StringEntityField('created_at', display_name='Created at')
updated_at = StringEntityField('updated_at', display_name='Updated at')
# Icon Properties ---------------------------//
origin_tool = StringEntityField('origin_tool', display_name='Origin Tool', decorator=getOriginTool)
tool_icon = StringEntityField('tool_icon', display_name='Tool Icon')
class GPS(Entity):
_category_ = 'Locations'
gps = StringEntityField('properties.gps',
display_name='GPS Co-ordinate',
is_value=True)
latitude = FloatEntityField('latitude', display_name='Latitude')
longitude = FloatEntityField('longitude', display_name='Longitude')
class SourceYeti(Phrase):
_category_ = 'Yeti'
_namespace_ = 'Yetigo'
link = StringEntityField('link',
display_name='link',
matching_rule=MatchingRule.Loose)
class CircularArea(Entity):
_category_ = 'Locations'
area_circular = StringEntityField('area.circular',
display_name='Circular Area',
is_value=True)
latitude = FloatEntityField('latitude', display_name='Latitude')
longitude = FloatEntityField('longitude', display_name='Longitude')
radius = IntegerEntityField('radius', display_name='Radius (m)')
class PhoneNumber(Entity):
_category_ = 'Personal'
phonenumber = StringEntityField('phonenumber',
display_name='Phone Number',
is_value=True)
areacode = StringEntityField('phonenumber.areacode',
display_name='Area Code',
alias='areacode')
lastnumbers = StringEntityField('phonenumber.lastnumbers',
display_name='Last Digits',
alias='lastnumbers')
citycode = StringEntityField('phonenumber.citycode',
display_name='City Code',
alias='citycode')
countrycode = StringEntityField('phonenumber.countrycode',
display_name='Country Code',
alias='countrycode')
class IPv4Address(Entity):
_category_ = 'Infrastructure'
_alias_ = 'IPAddress'
ipv4address = StringEntityField('ipv4-address',
display_name='IP Address',
is_value=True)
internal = BooleanEntityField('ipaddress.internal',
display_name='Internal')
class Tweet(Entity):
_category = "Social Network"
tweet = StringEntityField('twit.name', display_name='Tweet', is_value=True)
tweet_id = StringEntityField('id', display_name='Tweet ID')
author = StringEntityField('author', display_name='Author')
author_uri = StringEntityField('author_uri', display_name='Author URI')
content = StringEntityField('content', display_name='Content')
image_link = StringEntityField('imglink', display_name='Image Link')
date_published = StringEntityField('pubdate',
display_name='Date published')
title = StringEntityField('title', display_name='Title')
class TestEntity(Entity):
str = StringEntityField('type.str')
int = IntegerEntityField('type.int')
float = FloatEntityField('type.float')
bool = BooleanEntityField('type.bool')
enum = EnumEntityField('type.enum', choices=[2, 1, 0])
date = DateEntityField('type.date')
datetime = DateTimeEntityField('type.datetime')
timespan = TimeSpanEntityField('type.timespan')
color = ColorEntityField('type.color')
class Twit(Entity):
_category_ = 'Social Network'
name = StringEntityField('twit.name', display_name='Twit', is_value=True)
content = StringEntityField('content', display_name='Content')
pubdate = StringEntityField('pubdate', display_name='Date published')
img_link = StringEntityField('img_link',
display_name='Image Link',
alias='imglink')
author = StringEntityField('author', display_name='Author')
title = StringEntityField('title', display_name='Title')
author_uri = StringEntityField('author_uri', display_name='Author URI')
id = StringEntityField('id', display_name='Twit ID')
class MISPGalaxy(Entity):
_category_ = 'MISP'
_namespace_ = 'misp'
uuid = StringEntityField('uuid', display_name='UUID', matching_rule=MatchingRule.Loose)
name = StringEntityField('name', display_name='Name', is_value=True, matching_rule=MatchingRule.Loose)
description = StringEntityField('description', display_name='Description', matching_rule=MatchingRule.Loose)
cluster_type = StringEntityField('galaxy_type', display_name='Type', matching_rule=MatchingRule.Loose)
cluster_value = StringEntityField('value', display_name='Value', matching_rule=MatchingRule.Loose)
synonyms = StringEntityField('synonyms', display_name='Synonyms', matching_rule=MatchingRule.Loose)
tag_name = StringEntityField('tag_name', display_name='Tag')
class MISPEvent(Entity):
_category_ = 'MISP'
_namespace_ = 'misp'
icon_url = 'file://MISP_maltego/resources/images/MISPEvent.png'
uuid = StringEntityField('uuid',
display_name='UUID',
matching_rule=MatchingRule.Loose)
id = IntegerEntityField('id', display_name='id', is_value=True)
# date = DateEntityField('type.date', display_name='Event date')
info = StringEntityField('info',
display_name='Event info',
matching_rule=MatchingRule.Loose)
# threat_level = EnumEntityField('type.enum', choices=['Undefined', 'Low', 'Medium', 'High'], display_name='Threat Level')
# analysis = EnumEntityField('type.enum', choices=['Initial', 'Ongoing', 'Completed'])
# org = StringEntityField('type.str', display_name='Organisation')
count_attributes = IntegerEntityField('count_attributes',
display_name="# attributes",
matching_rule=MatchingRule.Loose)
count_objects = IntegerEntityField('count_objects',
display_name="# objects",
matching_rule=MatchingRule.Loose)
class TwitterUserList(Entity):
_category_ = "Social Network"
name = StringEntityField('twitter.list.name',
display_name='Name',
is_value=True)
full_name = StringEntityField('twitter.list.fullname',
display_name='Full Name')
id_ = StringEntityField('twitter.list.id', display_name='ID')
description = StringEntityField('twitter.list.description',
display_name='Description')
member_count = StringEntityField('twitter.list.members',
display_name='Member Count')
subscriber_count = StringEntityField('twitter.list.subscribers',
display_name='Subscriber Count')
slug = StringEntityField('twitter.list.slug', display_name='Slug')
uri = StringEntityField('twitter.list.uri', display_name='URI')
class Location(Entity):
_category_ = 'Locations'
name = StringEntityField('location.name',
display_name='Name',
is_value=True)
city = StringEntityField('city', display_name='City')
countrycode = StringEntityField('countrycode',
display_name='Country Code',
alias='countrysc')
area = StringEntityField('location.area',
display_name='Area',
alias='area')
country = StringEntityField('country', display_name='Country')
longitude = FloatEntityField('longitude',
display_name='Longitude',
alias='long')
latitude = FloatEntityField('latitude',
display_name='Latitude',
alias='lat')
streetaddress = StringEntityField('streetaddress',
display_name='Street Address')
areacode = StringEntityField('location.areacode', display_name='Area Code')
class Tactic(Entity):
name = StringEntityField('Tactic.name',
display_name='Tactic name',
is_value=True,
description='Tactic')
class Technique(Entity):
name = StringEntityField('Technique.name',
display_name='Technique name',
is_value=True,
description='Technique')
class Tools(Entity):
name = StringEntityField('Tools.name',
display_name='Tools name',
is_value=True,
description='Tools')
