Ejemplo n.º 1
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    hostid = mt.getVar("id")
    db = mt.getVar("db")
    user = mt.getVar("user")
    workspace = mt.getVar("workspace")
    password = mt.getVar("password").replace("\\", "")
    arch = mt.getVar("arch")
    osfamily = mt.getVar("os_family")
    mpost = MsploitPostgres(user, password, db)
    for vuln in mpost.getVulnsForHost(hostid):
        vulnentity = mt.addEntity("maltego.Vulnerability",
                                  "{}:{}".format(vuln.get("vulnname"), hostid))
        vulnentity.setValue("{}:{}".format(vuln.get("vulnname"), hostid))
        vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
        vulnentity.addAdditionalFields("user", "User", False, user)
        vulnentity.addAdditionalFields("password", "Password", False, password)
        vulnentity.addAdditionalFields("db", "db", False, db)
        if arch:
            vulnentity.addAdditionalFields("arch", "Arch", False, arch)
        vulnentity.addAdditionalFields("workspace", "Workspace", False,
                                       workspace)
        vulnentity.addAdditionalFields("osfamily", "OS", False, osfamily)
        for k, v in vuln.items():
            if isinstance(v, datetime):
                vulnentity.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                vulnentity.addAdditionalFields(k, k.capitalize(), False,
                                               str(v))
    mt.returnOutput()
Ejemplo n.º 2
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    workspace = mt.getValue()
    workspaceid = mt.getVar("workspaceid")
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for host in mpost.getAllHosts(workspaceid):
        hostentity = mt.addEntity("maltego.IPv4Address", host.get("address"))
        hostentity.setValue(host.get("address"))
        for k, v in host.items():
            if isinstance(v, datetime):
                hostentity.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                hostentity.addAdditionalFields(k, k.capitalize(), False,
                                               str(v))
        hostentity.addAdditionalFields("user", "User", False, user)
        hostentity.addAdditionalFields("password", "Password", False, password)
        hostentity.addAdditionalFields("db", "db", False, db)
        hostentity.addAdditionalFields("workspace", "Workspace Name", False,
                                       workspace)
    mt.returnOutput()
Ejemplo n.º 3
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    db = mt.getVar("db")
    user = mt.getVar("user")
    hostid = mt.getVar("id")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    # for loot in mpost.getLootforHost(ip):
    for loot in mpost.getLootforHost(hostid):
        if loot.get("name"):
            lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("name"),hostid))
            lootentity.setValue("{}:{}".format(loot.get("name"),hostid))
        else:
            lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("ltype"),hostid))
            lootentity.setValue("{}:{}".format(loot.get("ltype"),hostid))
        for k,v in loot.items():
            if isinstance(v,datetime):
                lootentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
            elif v and str(v).strip():
                lootentity.addAdditionalFields(k, k.capitalize(), False, str(v))
        if loot.get("path"):
            filecontents = getFileContents(loot.get("path"))
            if filecontents:
                lootentity.addAdditionalFields("details", "Details", False, "".join(filecontents))
        lootentity.addAdditionalFields("user", "User", False, user)
        lootentity.addAdditionalFields("password", "Password", False, password)
        lootentity.addAdditionalFields("db", "db", False, db)
        lootentity.addAdditionalFields("ip", "IP Address", False, ip)
    mt.returnOutput()
Ejemplo n.º 4
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    db = mt.getVar("db")
    workspaceid = mt.getVar("workspaceid")
    user = mt.getVar("user")
    dbpassword = mt.getVar("password").replace("\\","")
    mpost = MsploitPostgres(user, dbpassword, db)
    for cred in mpost.getCredentials(workspaceid):
        if cred.get("privtype") == "Metasploit::Credential::Password":
            entityname = "msploitego.Password"
            password = cred.get("privdata").split(":")[0]
        elif cred.get("privtype") == "Metasploit::Credential::NTLMHash":
            entityname = "msploitego.EncryptedPassword"
            password = cred.get("privdata")
        else:
            entityname = "msploitego.Credentials"
            password = cred.get("privdata")
        username = cred.get("username")
        coreid = cred.get("coreid")
        credentity = mt.addEntity(entityname, "{}:{}".format(username,coreid))
        credentity.setValue("{}:{}".format(username,coreid))
        credentity.addAdditionalFields("password", "Password", False, password)
        for k,v in cred.items():
            if isinstance(v,datetime):
                credentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
            elif v and str(v).strip():
                credentity.addAdditionalFields(k, k.capitalize(), False, str(v))
    mt.returnOutput()
Ejemplo n.º 5
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    db = mt.getValue()
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    creds = mpost.getCredentials()
    for cred in mpost.getCredentials():
        if cred.get("type") == "Metasploit::Credential::Password":
            entityname = "msploitego.Password"
            data = cred.get("data").split(":")[0]
        elif cred.get("type") == "Metasploit::Credential::NTLMHash":
            entityname = "msploitego.EncryptedPassword"
            data = cred.get("data")
        else:
            entityname = "msploitego.Credentials"
            data = cred.get("data")
        hostentity = mt.addEntity(entityname, data)
        hostentity.setValue(data)
        for k, v in cred.items():
            if isinstance(v, datetime):
                hostentity.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                hostentity.addAdditionalFields(k, k.capitalize(), False,
                                               str(v))
    mt.returnOutput()
    mt.addUIMessage("completed!")
Ejemplo n.º 6
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    db = mt.getValue()
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\","")
    mpost = MsploitPostgres(user, password, db)
    creds = mpost.getCredentials()
    for cred in mpost.getCredentials():
        if cred.get("type") == "Metasploit::Credential::Password":
            entityname = "msploitego.Password"
            data = cred.get("data").split(":")[0]
        elif cred.get("type") == "Metasploit::Credential::NTLMHash":
            entityname = "msploitego.EncryptedPassword"
            data = cred.get("data")
        else:
            entityname = "msploitego.Credentials"
            data = cred.get("data")
        hostentity = mt.addEntity(entityname, data)
        hostentity.setValue(data)
        for k,v in cred.items():
            if isinstance(v,datetime):
                hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
            elif v and str(v).strip():
                hostentity.addAdditionalFields(k, k.capitalize(), False, str(v))
    mt.returnOutput()
    mt.addUIMessage("completed!")
Ejemplo n.º 7
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    hostid = mt.getVar("id")

    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for vuln in mpost.getforHost(ip, "vulns"):
        vulnentity = mt.addEntity("maltego.Vulnerability", vuln.get("name"))
        vulnentity.setValue(vuln.get("name"))
        vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
        for k, v in vuln.items():
            if isinstance(v, datetime):
                vulnentity.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                vulnentity.addAdditionalFields(k, k.capitalize(), False,
                                               str(v))
        vulnentity.addAdditionalFields("user", "User", False, user)
        vulnentity.addAdditionalFields("db", "db", False, db)
    mt.returnOutput()
    mt.addUIMessage("completed!")
Ejemplo n.º 8
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    workspace = mt.getValue()
    workspaceid = mt.getVar("workspaceid")
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for session in mpost.getSessions(workspaceid):
        sessionentity = mt.addEntity(
            "msploitego.MeterpreterSession",
            "{}:{}".format(session.get("ip"), str(session.get("sessionid"))))
        sessionentity.setValue("{}:{}".format(session.get("ip"),
                                              str(session.get("sessionid"))))
        for k, v in session.items():
            if isinstance(v, datetime):
                sessionentity.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                sessionentity.addAdditionalFields(k, k.capitalize(), False,
                                                  str(v))
        sessionentity.addAdditionalFields("user", "User", False, user)
        sessionentity.addAdditionalFields("password", "Password", False,
                                          password)
        sessionentity.addAdditionalFields("db", "db", False, db)
    mt.returnOutput()
Ejemplo n.º 9
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    db = mt.getValue()
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\","")
    mpost = MsploitPostgres(user, password, db)
    for workspace in mpost.getWorkspaces():
        wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name"))
        wsentity.setValue(workspace.get("name"))
        wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id")))
        wsentity.addAdditionalFields("db", "Database", False, db)
        inheritvalues(wsentity, mt.values)
    mt.returnOutput()
Ejemplo n.º 10
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    db = mt.getVar("db")
    hostid = mt.getVar("id")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for page in mpost.getwebpagesforhost(hostid):
        urlstring = "http"
        if "ssl" in page.get("protoname"):
            urlstring += "s"
        urlstring += "://{}:{}{}".format(ip, page.get("port"),
                                         page.get("path"))
        pageent = mt.addEntity("msploitego.SiteURL", urlstring)
        pageent.setValue(urlstring)
        pageent.addAdditionalFields("ip", "IP Address", False, ip)
        pageent.addAdditionalFields("hostid", "Host Id", False, hostid)
        for k, v in page.items():
            if isinstance(v, datetime):
                pageent.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                pageent.addAdditionalFields(k, k.capitalize(), False, str(v))

    for form in mpost.getwebformsforhost(hostid):
        urlstring = "http"
        if "ssl" in form.get("protoname"):
            urlstring += "s"
        urlstring += "://{}:{}{}".format(ip, form.get("port"),
                                         form.get("path"))
        forment = mt.addEntity("msploitego.WebForm", urlstring)
        forment.setValue(urlstring)
        for k, v in form.items():
            if isinstance(v, datetime):
                forment.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                forment.addAdditionalFields(k, k.capitalize(), False, str(v))
            forment.addAdditionalFields("ip", "IP Address", False, ip)

    mt.returnOutput()
Ejemplo n.º 11
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("address")
    hostid = mt.getVar("hostid")
    vuln = mt.getValue()
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
    cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}", re.I)
    rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
    mpost = MsploitPostgres(user, password, db)
    for ms in msreg.findall(vuln):
        # bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
        ms = ms.replace("-", "_").lower()
        mods = mpost.queryModules()

        # for line in bashlog:
        #     if rankreg.search(line):
        #         rank = rankreg.search(line).group(0)
        #         msfmod = re.split(" {2,}", line.lstrip())
        #         msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
        #         msfentity.setValue(msfmod[0])
        #         msfentity.addAdditionalFields("rank", "Rank", False, rank)
        #         msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
        #         msfentity.addAdditionalFields("ip", "IP Address", False, ip)
    for cve in cvereg.findall(vuln):
        bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
        for line in bashlog:
            if rankreg.search(line):
                rank = rankreg.search(line).group(0)
                msfmod = re.split(" {2,}", line.lstrip())
                msfentity = mt.addEntity("msploitego.MetasploitModule",
                                         msfmod[0])
                msfentity.setValue(msfmod[0])
                msfentity.addAdditionalFields("rank", "Rank", False, rank)
                msfentity.addAdditionalFields("details", "Details", False,
                                              msfmod[-1])

    mt.returnOutput()
Ejemplo n.º 12
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    sessionid = mt.getVar("sessionid")
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for detail in mpost.getSessionDetails(sessionid):
        detailent = mt.addEntity("msploitego.SessionDetail", str(detail.get("id")))
        detailent.setValue(str(detail.get("id")))
        for k,v in detail.items():
            if isinstance(v,datetime):
                detailent.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
            elif v and str(v).strip():
                detailent.addAdditionalFields(k, k.capitalize(), False, str(v))
        detailent.addAdditionalFields("user", "User", False, user)
        detailent.addAdditionalFields("password", "Password", False, password)
        detailent.addAdditionalFields("db", "db", False, db)
    mt.returnOutput()
Ejemplo n.º 13
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    db = mt.getValue()
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for session in mpost.getForAllHosts("sessions"):
        sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id")))
        sessionentity.setValue(str(session.get("id")))
        for k,v in session.items():
            if isinstance(v,datetime):
                sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
            elif v and str(v).strip():
                sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v))
        sessionentity.addAdditionalFields("user", "User", False, user)
        sessionentity.addAdditionalFields("password", "Password", False, password)
        sessionentity.addAdditionalFields("db", "db", False, db)
    mt.returnOutput()
    mt.addUIMessage("completed!")
Ejemplo n.º 14
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    hostid = mt.getVar("id")

    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for vuln in mpost.getforHost(ip, "vulns"):
        vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("name"),hostid))
        vulnentity.setValue("{}:{}".format(vuln.get("name"),hostid))
        vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
        for k,v in vuln.items():
            if isinstance(v,datetime):
                vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
            elif v and str(v).strip():
                vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v))
        vulnentity.addAdditionalFields("user", "User", False, user)
        vulnentity.addAdditionalFields("db", "db", False, db)
    mt.returnOutput()
    mt.addUIMessage("completed!")
Ejemplo n.º 15
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    mac = mt.getVar("mac")
    machinename = mt.getVar("name")
    os_family = mt.getVar("os_family")
    os_name = mt.getVar("os_name")
    os_sp = mt.getVar("os_sp")
    hostid = mt.getVar("id")
    if not hostid:
        hostid = mt.getVar("hostid")
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    mpost = MsploitPostgres(user, password, db)
    for service in mpost.getforHost(ip, "services"):
        entityname = getserviceentity(service)
        servicename = service.get("name")
        if not servicename:
            servicename = "unknown"
        hostservice = mt.addEntity(
            entityname, "{}/{}:{}".format(servicename, service.get("port"),
                                          hostid))
        hostservice.setValue("{}/{}:{}".format(servicename,
                                               service.get("port"), hostid))
        hostservice.addAdditionalFields("ip", "IP Address", True, ip)
        if service.get("info"):
            hostservice.addAdditionalFields("banner.text", "Service Banner",
                                            True, service.get("info"))
        else:
            hostservice.addAdditionalFields("banner.text", "Service Banner",
                                            True, "")
        hostservice.addAdditionalFields(
            "service.name", "Description", True,
            "{}/{}".format(service.get("port"), servicename))

        for k, v in service.items():
            if isinstance(v, datetime):
                hostservice.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                hostservice.addAdditionalFields(k, k.capitalize(), False,
                                                str(v))
        hostservice.addAdditionalFields("user", "User", False, user)
        hostservice.addAdditionalFields("password", "Password", False,
                                        password)
        hostservice.addAdditionalFields("db", "db", False, db)
    if mac:
        macentity = mt.addEntity("maltego.MacAddress", mac)
        macentity.setValue(mac)
        macentity.addAdditionalFields("ip", "IP Address", True, ip)
    if machinename and re.match("^[a-zA-z]+", machinename):
        hostentity = mt.addEntity("msploitego.Hostname", machinename)
        hostentity.setValue(machinename)
        hostentity.addAdditionalFields("ip", "IP Address", True, ip)
    osentityname, osdescription = getosentity(os_family, os_name)
    if os_sp:
        osdescription += " {}".format(os_sp)
    osentity = mt.addEntity(osentityname, osdescription)
    osentity.setValue(osdescription)
    osentity.addAdditionalFields("ip", "IP Address", True, ip)

    mt.returnOutput()
    mt.addUIMessage("completed!")
Ejemplo n.º 16
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getValue()
    mac = mt.getVar("mac")
    machinename = mt.getVar("name")
    os_family = mt.getVar("os_family")
    os_name = mt.getVar("os_name")
    os_sp = mt.getVar("os_sp")
    hostid = mt.getVar("id")
    if not hostid:
        hostid = mt.getVar("hostid")
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    # workspace = mt.getVar("workspace")
    mpost = MsploitPostgres(user, password, db)
    for service in mpost.getServices(hostid):
        entityname = getserviceentity(service)
        servicename = service.get("servicename")
        if not servicename:
            servicename = "unknown"
        hostservice = mt.addEntity(
            entityname, "{}/{}:{}".format(servicename, service.get("port"),
                                          hostid))
        hostservice.setValue("{}/{}:{}".format(servicename,
                                               service.get("port"), hostid))
        hostservice.addAdditionalFields("ip", "IP Address", True, ip)
        hostservice.addAdditionalFields(
            "service.name", "Description", True,
            "{}/{}:{}".format(servicename, service.get("port"), hostid))
        if machinename:
            hostservice.addAdditionalFields("machinename", "Machine Name",
                                            True, machinename)
        if service.get("info"):
            hostservice.addAdditionalFields("banner.text", "Service Banner",
                                            True, service.get("info"))
        else:
            hostservice.addAdditionalFields("banner.text", "Service Banner",
                                            True, "")

        if servicename in [
                "http", "https", "possible_wls", "www", "ncacn_http",
                "ccproxy-http", "ssl/http", "http-proxy"
        ]:
            hostservice.addAdditionalFields("niktofile", "Nikto File", True,
                                            '')
        elif any(x in servicename for x in [
                "samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns",
                "netbios-dgm"
        ]):
            hostservice.addAdditionalFields("enum4linux", "enum4linux File",
                                            True, '')
        for k, v in service.items():
            if isinstance(v, datetime):
                hostservice.addAdditionalFields(
                    k, k.capitalize(), False,
                    "{}/{}/{}".format(v.day, v.month, v.year))
            elif v and str(v).strip():
                hostservice.addAdditionalFields(k, k.capitalize(), False,
                                                str(v))
        hostservice.addAdditionalFields("user", "User", False, user)
        hostservice.addAdditionalFields("password", "Password", False,
                                        password)
        hostservice.addAdditionalFields("db", "db", False, db)
    if mac:
        macentity = mt.addEntity("maltego.MacAddress", mac)
        macentity.setValue(mac)
        macentity.addAdditionalFields("ip", "IP Address", True, ip)
    # if machinename and re.match("^[a-zA-z]+", machinename):
    if machinename:
        hostentity = mt.addEntity("msploitego.Hostname", machinename)
        hostentity.setValue(machinename)
        hostentity.addAdditionalFields("ip", "IP Address", True, ip)
    osentityname, osdescription = getosentity(os_family, os_name)
    if os_sp:
        osdescription += " {}".format(os_sp)
    osentity = mt.addEntity(osentityname, osdescription)
    osentity.setValue(osdescription)
    osentity.addAdditionalFields("ip", "IP Address", True, ip)

    mt.returnOutput()