def get_directory_content(self):
"""
Get the content of a directory
"""
# Get the directory full path.
if "/" in self.value:
current_directory = self.value
elif "full_path" in self.parent_fields:
current_directory = self.parent_fields["full_path"]
else:
print("<!-- Please specify a full path -->")
exit()
# Parse the directory content.
for item in os.listdir(current_directory):
if os.path.isdir(os.path.join(current_directory,item)):
e = TransformLib.MaltegoEntity()
e.setType("maltego.custom.entities.explorer.directory")
e.addAdditionalFields(fieldName="full_path",
displayName="Full path",
value=os.path.join(current_directory,item))
e.setValue(item)
self.transform.addEntityToMessage(e)
else:
e = TransformLib.MaltegoEntity()
e.setType("maltego.custom.entities.explorer.file")
e.addAdditionalFields(fieldName="full_path",
displayName="Full path",
value=os.path.join(current_directory,item))
e.setValue(item)
self.transform.addEntityToMessage(e)
self.transform.returnOutput()
def nickname_to_exit_nodes(self):
"""
Retreive TOR exit nodes from a specific
nickname.
"""
res = requests.get("https://onionite.now.sh/?s=%s" % (self.value))
tree = etree.fromstring(res.content, etree.HTMLParser())
for td in tree.xpath("/html/body/main/table/tbody/tr"):
exit_node = td[1][0].attrib["href"][-40:]
if self.parent_fields["parent.entity.value"] != exit_node:
e = TransformLib.MaltegoEntity()
e.setType("maltego.custom.entities.infrastructure.TorExitNode")
e.addAdditionalFields(fieldName="nickname",
displayName="Nickname",
value=str(td[1][0].text),
matchingRule="strict")
e.addAdditionalFields(fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.value)
e.addAdditionalFields("link#maltego.link.direction",
"link#maltego.link.direction", "loose",
"output-to-input")
e.setValue(exit_node)
self.transform.addEntityToMessage(e)
self.transform.returnOutput()
def exitnode_to_nickname(self):
"""
Extract the nickname for the additional fields
of a Tor Exit node entity.
"""
if "nickname" in self.parent_fields:
if self.parent_fields["parent.entity.value"] != self.parent_fields[
"nickname"]:
e = TransformLib.MaltegoEntity()
e.setType("maltego.custom.entities.infrastructure.TorNickName")
e.addAdditionalFields(fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.value)
e.setValue(self.parent_fields["nickname"])
self.transform.addEntityToMessage(e)
self.transform.returnOutput()
def exit_node_to_ipv4(self):
"""
Extract the nickname for the additional fields
of a Tor Exit node entity.
"""
res = requests.get("https://onionite.now.sh/node/%s" % (self.value))
tree = etree.fromstring(res.content, etree.HTMLParser())
dd = tree.xpath("/html/body/main/div[2]/section[1]/dl/dd[3]")
ip_address = dd[0].text.split(":")[0]
if self.parent_fields["parent.entity.value"] != ip_address:
e = TransformLib.MaltegoEntity()
e.setType("maltego.IPv4Address")
e.addAdditionalFields("link#maltego.link.direction",
"link#maltego.link.direction", "loose",
"output-to-input")
e.addAdditionalFields(fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.value)
e.setValue(ip_address)
self.transform.addEntityToMessage(e)
self.transform.returnOutput()
import TransformLib
import subprocess
import sys
transform = TransformLib.MaltegoTransform()
current_file = sys.argv[1]
p = subprocess.run(["exiftool", current_file],
shell=False,
stdout=subprocess.PIPE,
timeout=10)
res = (p.stdout).decode("utf-8")
for line in res.splitlines():
try:
metadata_key = line.split(" : ")[0].strip()
metadata_value = line.split(" : ")[1].strip()
if "Author" in metadata_key:
e = TransformLib.MaltegoEntity()
e.setType("maltego.Alias")
e.setValue(metadata_value)
transform.addEntityToMessage(e)
# elif "Creator" in metadata_key...
except:
continue
transform.returnOutput()
def extract_metadata(self):
"""
Get the metadata of a file
"""
if "/" in self.value:
current_file = self.value
elif "full_path" in self.parent_fields:
current_file = self.parent_fields["full_path"]
else:
print("<!-- Please specify a full path -->")
exit()
p = subprocess.run(["exiftool", current_file],
shell=False,
stdout=subprocess.PIPE,
timeout=10)
res = (p.stdout).decode("utf-8")
returned_values = []
for line in res.splitlines():
try:
metadata_key = line.split(" : ")[0].strip()
metadata_value = line.split(" : ")[1].strip()
if "Creator" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.Alias")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setLinkLabel("Created by")
e.setValue(metadata_value)
self.transform.addEntityToMessage(e)
if "Author" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.Alias")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setLinkLabel("Author")
e.setValue(metadata_value)
self.transform.addEntityToMessage(e)
elif "Last Modified By" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.Alias")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setLinkLabel("Last Modified By")
e.setValue(metadata_value)
self.transform.addEntityToMessage(e)
elif "Software" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.Software")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setLinkLabel("Created with")
e.setValue(metadata_value)
self.transform.addEntityToMessage(e)
elif "GPS Position" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.GPS")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setValue(metadata_value)
self.transform.addEntityToMessage(e)
elif "Modify Date" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.Date")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setLinkLabel("Modified on")
e.setValue(metadata_value.split(" ")[0])
self.transform.addEntityToMessage(e)
elif "Create Date" in metadata_key:
if metadata_value not in returned_values:
returned_values.append(metadata_value)
e = TransformLib.MaltegoEntity()
e.setType("maltego.Date")
e.addAdditionalFields(
fieldName="parent.entity.value",
displayName="Parent Entity",
value=self.parent_fields["entity.value"])
e.setLinkLabel("Created on")
e.setValue(metadata_value.split(" ")[0])
self.transform.addEntityToMessage(e)
except:
continue
self.transform.returnOutput()
def __init__(self):
self.transform = TransformLib.MaltegoTransform()
self.value = None
self.parent_fields = self._additional_fields_to_dict()
def __init__(self):
self.transform = TransformLib.MaltegoTransform()
self.value = None