def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-services", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s\s[a-zA-Z0-9_.-]+") bucket = bucketparser(regex, output) for item in bucket: serviceent = mt.addEntity( "maltego.Service", "{}:{}".format(item.get("Header"), hostid)) serviceent.setValue("{}:{}".format(item.get("Header"), hostid)) serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name")) serviceent.addAdditionalFields("ip", "IP Address", False, ip) serviceent.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "rdp-vuln-ms12-020", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: regex = re.compile("\s{2}[A-Za-z]+") output = res.get("output").split("\n") results = bucketparser(regex,output) for res in results: if res.get("Header") == "VULNERABLE": continue vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header")) vulnentity.setValue(res.get("Header")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k,v in res.items(): if k == "Details": vulnentity.addAdditionalFields("details", k, False, "\n".join(v)) else: if v and v.strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "rdp-vuln-ms12-020", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: regex = re.compile("\s{2}[A-Za-z]+") output = res.get("output").split("\n") results = bucketparser(regex, output) for res in results: if res.get("Header") == "VULNERABLE": continue vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header")) vulnentity.setValue(res.get("Header")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k, v in res.items(): if k == "Details": vulnentity.addAdditionalFields("details", k, False, "\n".join(v)) else: if v and v.strip(): vulnentity.addAdditionalFields( k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner( "wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format( ip, port)) # regp = re.compile("^\[i]\s", re.I) results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog) for res in results: if res.get("Header"): header = sanitizefield(res.get("Header")) wpent = mt.addEntity("msploitego.WordpressInfo", header) wpent.setValue(header) for k, v in res.items(): if not k or not k.strip() or k == "Header": continue k = sanitizefield(k) v = sanitizefield(v) if v and v.strip() and k and k.strip(): wpent.addAdditionalFields(k, k.capitalize(), False, v) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-users", ip) if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").strip().split("\n") regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\") bucket = bucketparser(regex, output) for item in bucket: userentity = mt.addEntity("msploitego.SambaUser", item.get("Header")) userentity.setValue(item.get("Header")) userentity.addAdditionalFields("ip", "IP Address", False, ip) userentity.addAdditionalFields("port", "Port", False, port) for k, v in item.items(): userentity.addAdditionalFields(k, k.capitalize(), False, v.strip()) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-shares", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") bucket = bucketparser(regex, output, method="search") for item in bucket: header = item.get("Header") shareentity = mt.addEntity("msploitego.SambaShare", header) shareentity.setValue(header) sharename = header.split("\\")[-1].strip().strip(":") shareentity.addAdditionalFields("sharename", "Share Name", False, sharename) shareentity.addAdditionalFields("sambashare", "Samba Share", False, header) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) for k, v in item.items(): if k == "Header": continue shareentity.addAdditionalFields(k.lower(), k, False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-mbenum", ip) if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s{2}\w") bucket = bucketparser(regex, output, sep=" ") for item in bucket: header = item.get("Header") shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header, hostid)) shareentity.setValue("{}:{}".format(header, hostid)) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) for k, v in item.items(): if k == "Header" or k == "Details": continue shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k, v)) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "http-comments-displayer", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: regex = re.compile("^\s+Path:") results = bucketparser(regex, scriptrun.get("output").split("\n")) for res in results: k, v = res.get("Header").split(":", 1) commententity = mt.addEntity("msploitego.SourceCodeComment", v) commententity.setValue(v) commententity.addAdditionalFields( "comment", "Comment", False, "\n".join(res.get("Details"))) commententity.addAdditionalFields("linenumber", "Line Number", False, res.get("Line number")) commententity.addAdditionalFields("path", "Path", False, v) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-users", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").strip().split("\n") regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\") bucket = bucketparser(regex,output) for item in bucket: userentity = mt.addEntity("msploitego.SambaUser", item.get("Header")) userentity.setValue(item.get("Header")) userentity.addAdditionalFields("ip", "IP Address", False, ip) userentity.addAdditionalFields("port", "Port", False, port) for k,v in item.items(): userentity.addAdditionalFields(k, k.capitalize(), False, v.strip()) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-mbenum", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s{2}\w") bucket = bucketparser(regex,output,sep=" ") for item in bucket: header = item.get("Header") shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header,hostid)) shareentity.setValue("{}:{}".format(header,hostid)) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) for k,v in item.items(): if k == "Header" or k == "Details": continue shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k,v)) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") machinename = mt.getVar("machinename") rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS") if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") bucket = bucketparser(regex, output, method="search") for item in bucket: warning = item.get("Warning") if warning and re.search("denied", warning, re.I): enitiyname = "msploitego.AccessDenied" else: enitiyname = "msploitego.SambaShare" header = item.get("Header") shareentity = mt.addEntity(enitiyname, header) shareentity.setValue(header) sharename = header.split("\\")[-1].strip().strip(":") shareentity.addAdditionalFields("sharename", "Share Name", False, sharename) shareentity.addAdditionalFields("sambashare", "Samba Share", False, header) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) if machinename: shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename) for k, v in item.items(): if k == "Header": continue shareentity.addAdditionalFields(k.lower(), k, False, v) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") machinename = mt.getVar("machinename") rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS") if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") bucket = bucketparser(regex,output,method="search") for item in bucket: warning = item.get("Warning") if warning and re.search("denied",warning, re.I): enitiyname = "msploitego.AccessDenied" else: enitiyname = "msploitego.SambaShare" header = item.get("Header") shareentity = mt.addEntity(enitiyname, header) shareentity.setValue(header) sharename = header.split("\\")[-1].strip().strip(":") shareentity.addAdditionalFields("sharename", "Share Name", False, sharename) shareentity.addAdditionalFields("sambashare", "Samba Share", False, header) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) if machinename: shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename) for k,v in item.items(): if k == "Header": continue shareentity.addAdditionalFields(k.lower(), k, False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-services", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s\s[a-zA-Z0-9_.-]+") bucket = bucketparser(regex,output) for item in bucket: serviceent = mt.addEntity("maltego.Service", "{}:{}".format(item.get("Header"),hostid)) serviceent.setValue("{}:{}".format(item.get("Header"),hostid)) serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name")) serviceent.addAdditionalFields("ip", "IP Address", False, ip) serviceent.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner("snmp-check -w {}".format(ip)) regex = re.compile("^\[\*\]") results = bucketparser(regex, bashlog, sep=" ") for res in results: origheader = res.get("Header") header = res.get("Header").lower() if "write access permitted" in header: phrase = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(origheader, hostid)) phrase.setValue("{}:{}".format(origheader, hostid)) elif "system information" in header: if res.get("Domain"): dname = res.get("Domain").lstrip(":") domain = mt.addEntity("maltego.Domain", dname) domain.setValue(dname) domain.addAdditionalFields("ip", "IP Address", True, ip) domain.addAdditionalFields("port", "Port", True, port) if res.get("Hostname"): hname = res.get("Hostname").lstrip(":") hostname = mt.addEntity("msploitego.Hostname", hname) hostname.setValue(hname) hostname.addAdditionalFields("ip", "IP Address", True, ip) hostname.addAdditionalFields("port", "Port", True, port) elif "user accounts" in header: for user in res.keys(): if any(x in user for x in ["Details", "Header"]): continue alias = mt.addEntity("maltego.Alias", user) alias.setValue(user) alias.addAdditionalFields("ip", "IP Address", True, ip) elif "routing information" in header: ipprefix = ".".join(ip.split(".")[0:2]) for k, v in res.items(): if any(x in k for x in ["Details", "Header", "Destination"]): continue for ipr in v.split(): if re.search(ipprefix, ipr) and ipr != ip: iprout = mt.addEntity("msploitego.RoutingIP", ipr) iprout.setValue(ipr) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "network services" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Header", "Index"]): continue nservice = mt.addEntity("msploitego.NetworkService", "{}:{}".format(v, hostid)) nservice.setValue("{}:{}".format(v, hostid)) nservice.addAdditionalFields("ip", "IP Address", True, ip) elif "processes" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Header"]): continue if "running" in v.lower(): process = mt.addEntity( "msploitego.Process", "{}:{}".format(v.split()[-1], hostid)) process.setValue("{}:{}".format(v.split()[-1], hostid)) process.addAdditionalFields("ip", "IP Address", True, ip) process.addAdditionalFields("pid", "Process ID", True, k) elif "device information" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Header", "Id"]): continue if any(x in v for x in ["unknown", "running"]): device = mt.addEntity( "maltego.Device", "{}:{}".format(" ".join(v.split()[2::]), hostid)) device.setValue("{}:{}".format(" ".join(v.split()[2::]), hostid)) device.addAdditionalFields("ip", "IP Address", True, ip) elif "software components" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Index", "Header"]): continue iprout = mt.addEntity("msploitego.SotwareComponents", "{}:{}".format(v, hostid)) iprout.setValue("{}:{}".format(v, hostid)) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "share" in header: path = res.get("Path").lstrip(":") name = res.get("Name").lstrip(":") networkshare = mt.addEntity("msploitego.NetworkShare", path) networkshare.setValue(path) networkshare.addAdditionalFields("ip", "IP Address", True, ip) networkshare.addAdditionalFields("name", "Share Name", True, name) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(sys.argv)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") servicename = mt.getVar("servicename") serviceid = mt.getVar("serviceid") hostid = mt.getVar("hostid") workspace = mt.getVar("workspace") contents = bashrunner("") regex = re.compile("^\|\s+") ignore = re.compile( "={3,}|Looking\s|padding\d|unknown_\d|logon_hrs|\[V\]\sAttempting\sto\sget|\*unknown\*|\[V\]\sassuming\sthat\suser|\[V\]\sprocessing\ssid\s|\[E\]", re.I) headsignore = re.compile("target\sinformation|getting\sprinter", re.I) results = bucketparser(regex, contents, ignoreg=ignore) for res in results: header = res.get("Header") if headsignore.search(header): continue if re.search("enumerating\sworkgroup", header, re.I): for k, v in res.items(): if re.search("got\sdomain", k, re.I): doment = mt.addEntity("maltego.Domain", v) doment.setValue(v) doment.addAdditionalFields("ip", "IP Address", True, ip) doment.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("nbtstat\sinformation", header, re.I): h = header.replace("|", "").lstrip().rstrip() nbstat = mt.addEntity("msploitego.nbstatinformation", h) nbstat.setValue(h) nbstat.addAdditionalFields("data", "Data", False, "\n".join(res.get("Details"))) nbstat.addAdditionalFields("ip", "IP Address", True, ip) nbstat.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("session\scheck\son", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() sessioncheck = mt.addEntity("msploitego.nbstatinformation", h) sessioncheck.setValue(h) sessioncheck.addAdditionalFields("data", "Data", False, "\n".join(data)) sessioncheck.addAdditionalFields("ip", "IP Address", True, ip) sessioncheck.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("getting\sdomain\ssid", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() domainsid = mt.addEntity("msploitego.RelevantInformation", h) domainsid.setValue(h) domainsid.addAdditionalFields("data", "Data", False, "\n".join(data)) domainsid.addAdditionalFields("ip", "IP Address", True, ip) domainsid.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("os\sinformation\son", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() osinfo = mt.addEntity("msploitego.SambaOSInformation", h) osinfo.setValue(h) osinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) osinfo.addAdditionalFields("ip", "IP Address", True, ip) osinfo.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("\svia\srid\scyling", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() ridinfo = mt.addEntity("msploitego.SambaAccountInformation", h) ridinfo.setValue(h) ridinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) ridinfo.addAdditionalFields("ip", "IP Address", True, ip) ridinfo.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("\susers\son\s", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() userinfo = mt.addEntity("msploitego.SambaAccountInformation", h) userinfo.setValue(h) userinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) userinfo.addAdditionalFields("ip", "IP Address", True, ip) userinfo.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("\smacine\senumeration\s", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() machineinfo = mt.addEntity( "msploitego.SambaMachineEnumeration", h) machineinfo.setValue(h) machineinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) machineinfo.addAdditionalFields("ip", "IP Address", True, ip) machineinfo.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("\sshare\senumeration\son\s", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() shareinfo = mt.addEntity("msploitego.SambaShareInformation", h) shareinfo.setValue(h) shareinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) shareinfo.addAdditionalFields("ip", "IP Address", True, ip) shareinfo.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("\spassword\spolicy\sinformation\s", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() passinfo = mt.addEntity("msploitego.SambaPasswordPolicyInfo", h) passinfo.setValue(h) passinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) passinfo.addAdditionalFields("ip", "IP Address", True, ip) passinfo.addAdditionalFields("hostid", "Host Id", True, hostid) elif re.search("\sgroups\son\s", header, re.I): data = packandroll(res) if data: h = header.replace("|", "").lstrip().rstrip() passinfo = mt.addEntity("msploitego.SambaGroupInformation", h) passinfo.setValue(h) passinfo.addAdditionalFields("data", "Data", False, "\n".join(data)) passinfo.addAdditionalFields("ip", "IP Address", True, ip) passinfo.addAdditionalFields("hostid", "Host Id", True, hostid) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner("snmp-check -w {}".format(ip)) regex = re.compile("^\[\*\]") results = bucketparser(regex, bashlog, sep=" ") for res in results: origheader = res.get("Header") header = res.get("Header").lower() if "write access permitted" in header: phrase = mt.addEntity("maltego.Pharse", origheader) phrase.setValue(origheader) elif "system information" in header: if res.get("Domain"): dname = res.get("Domain").lstrip(":") domain = mt.addEntity("maltego.Domain", dname) domain.setValue(dname) domain.addAdditionalFields("ip", "IP Address", True, ip) domain.addAdditionalFields("port", "Port", True, port) if res.get("Hostname"): hname = res.get("Hostname").lstrip(":") hostname = mt.addEntity("msploitego.Hostname", hname) hostname.setValue(hname) hostname.addAdditionalFields("ip", "IP Address", True, ip) hostname.addAdditionalFields("port", "Port", True, port) elif "user accounts" in header: for user in res.keys(): if any(x in user for x in ["Details", "Header"]): continue alias = mt.addEntity("maltego.Alias", user) alias.setValue(user) alias.addAdditionalFields("ip", "IP Address", True, ip) elif "routing information" in header: ipprefix = ".".join(ip.split(".")[0:2]) for k,v in res.items(): if any(x in k for x in ["Details", "Header","Destination"]): continue for ipr in v.split(): if re.search(ipprefix,ipr) and ipr != ip: iprout = mt.addEntity("msploitego.RoutingIP", ipr) iprout.setValue(ipr) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "network services" in header: for k,v in res.items(): if any(x in k for x in ["Details", "Header","Index"]): continue nservice = mt.addEntity("msploitego.NetworkService", v) nservice.setValue(v) nservice.addAdditionalFields("ip", "IP Address", True, ip) elif "processes" in header: for k,v in res.items(): if any(x in k for x in ["Details", "Header"]): continue if "running" in v.lower(): process = mt.addEntity("msploitego.Process", v.split()[-1]) process.setValue(v.split()[-1]) process.addAdditionalFields("ip", "IP Address", True, ip) process.addAdditionalFields("pid","Process ID", True, k) elif "device information" in header: for k,v in res.items(): if any(x in k for x in ["Details", "Header", "Id"]): continue if any(x in v for x in ["unknown","running"]): device = mt.addEntity("maltego.Device", " ".join(v.split()[2::])) device.setValue(" ".join(v.split()[2::])) device.addAdditionalFields("ip", "IP Address", True, ip) elif "software components" in header: for k,v in res.items(): if any(x in k for x in ["Details","Index","Header"]): continue iprout = mt.addEntity("msploitego.SotwareComponents", v) iprout.setValue(v) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "share" in header: path = res.get("Path").lstrip(":") name = res.get("Name").lstrip(":") networkshare = mt.addEntity("msploitego.NetworkShare", path) networkshare.setValue(path) networkshare.addAdditionalFields("ip", "IP Address", True, ip) networkshare.addAdditionalFields("name", "Share Name", True, name) mt.returnOutput() mt.addUIMessage("completed!")