def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
workspace = mt.getValue()
workspaceid = mt.getVar("workspaceid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for host in mpost.getAllHosts(workspaceid):
hostentity = mt.addEntity("maltego.IPv4Address", host.get("address"))
hostentity.setValue(host.get("address"))
for k, v in host.items():
if isinstance(v, datetime):
hostentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
hostentity.addAdditionalFields("user", "User", False, user)
hostentity.addAdditionalFields("password", "Password", False, password)
hostentity.addAdditionalFields("db", "db", False, db)
hostentity.addAdditionalFields("workspace", "Workspace Name", False,
workspace)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
workspace = mt.getValue()
workspaceid = mt.getVar("workspaceid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for session in mpost.getSessions(workspaceid):
sessionentity = mt.addEntity(
"msploitego.MeterpreterSession",
"{}:{}".format(session.get("ip"), str(session.get("sessionid"))))
sessionentity.setValue("{}:{}".format(session.get("ip"),
str(session.get("sessionid"))))
for k, v in session.items():
if isinstance(v, datetime):
sessionentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
sessionentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
sessionentity.addAdditionalFields("user", "User", False, user)
sessionentity.addAdditionalFields("password", "Password", False,
password)
sessionentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
body = mt.getVar("body")
url = mt.getValue()
details = None
if body:
details = body
else:
bashlog = bashrunner("wget -qO- {}".format(url))
if bashlog:
details = "".join(bashlog)
if details:
webfile = mt.addEntity("msploitego.WebFile", url)
webfile.setValue(url)
webfile.addAdditionalFields("details", "Details", False, details)
webfile.addAdditionalFields("url", "Site URL", False, url)
webfile.addAdditionalFields("ip", "IP Address", False, ip)
webfile.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
creds = mpost.getCredentials()
for cred in mpost.getCredentials():
if cred.get("type") == "Metasploit::Credential::Password":
entityname = "msploitego.Password"
data = cred.get("data").split(":")[0]
elif cred.get("type") == "Metasploit::Credential::NTLMHash":
entityname = "msploitego.EncryptedPassword"
data = cred.get("data")
else:
entityname = "msploitego.Credentials"
data = cred.get("data")
hostentity = mt.addEntity(entityname, data)
hostentity.setValue(data)
for k, v in cred.items():
if isinstance(v, datetime):
hostentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
hostid = mt.getVar("id")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for vuln in mpost.getforHost(ip, "vulns"):
vulnentity = mt.addEntity("maltego.Vulnerability", vuln.get("name"))
vulnentity.setValue(vuln.get("name"))
vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
for k, v in vuln.items():
if isinstance(v, datetime):
vulnentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
vulnentity.addAdditionalFields("user", "User", False, user)
vulnentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
db = mt.getVar("db")
user = mt.getVar("user")
hostid = mt.getVar("id")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
# for loot in mpost.getLootforHost(ip):
for loot in mpost.getLootforHost(hostid):
if loot.get("name"):
lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("name"),hostid))
lootentity.setValue("{}:{}".format(loot.get("name"),hostid))
else:
lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("ltype"),hostid))
lootentity.setValue("{}:{}".format(loot.get("ltype"),hostid))
for k,v in loot.items():
if isinstance(v,datetime):
lootentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
lootentity.addAdditionalFields(k, k.capitalize(), False, str(v))
if loot.get("path"):
filecontents = getFileContents(loot.get("path"))
if filecontents:
lootentity.addAdditionalFields("details", "Details", False, "".join(filecontents))
lootentity.addAdditionalFields("user", "User", False, user)
lootentity.addAdditionalFields("password", "Password", False, password)
lootentity.addAdditionalFields("db", "db", False, db)
lootentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
creds = mpost.getCredentials()
for cred in mpost.getCredentials():
if cred.get("type") == "Metasploit::Credential::Password":
entityname = "msploitego.Password"
data = cred.get("data").split(":")[0]
elif cred.get("type") == "Metasploit::Credential::NTLMHash":
entityname = "msploitego.EncryptedPassword"
data = cred.get("data")
else:
entityname = "msploitego.Credentials"
data = cred.get("data")
hostentity = mt.addEntity(entityname, data)
hostentity.setValue(data)
for k,v in cred.items():
if isinstance(v,datetime):
hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False, str(v))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
body = mt.getVar("body")
url = mt.getValue()
details = None
if body:
details = body
else:
bashlog = bashrunner("wget -qO- {}".format(url))
if bashlog:
details = "".join(bashlog)
if details:
webfile = mt.addEntity("msploitego.WebFile", url)
webfile.setValue(url)
f = tempfile.NamedTemporaryFile(delete=False)
f.file.write(details)
f.file.close()
webfile.addAdditionalFields("localfile","Local File",False, f.name)
webfile.addAdditionalFields("url", "Site URL", False, url)
webfile.addAdditionalFields("ip", "IP Address", False, ip)
webfile.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|low")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if msreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule",
msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False,
msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
hostid = mt.getVar("id")
db = mt.getVar("db")
user = mt.getVar("user")
workspace = mt.getVar("workspace")
password = mt.getVar("password").replace("\\", "")
arch = mt.getVar("arch")
osfamily = mt.getVar("os_family")
mpost = MsploitPostgres(user, password, db)
for vuln in mpost.getVulnsForHost(hostid):
vulnentity = mt.addEntity("maltego.Vulnerability",
"{}:{}".format(vuln.get("vulnname"), hostid))
vulnentity.setValue("{}:{}".format(vuln.get("vulnname"), hostid))
vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
vulnentity.addAdditionalFields("user", "User", False, user)
vulnentity.addAdditionalFields("password", "Password", False, password)
vulnentity.addAdditionalFields("db", "db", False, db)
if arch:
vulnentity.addAdditionalFields("arch", "Arch", False, arch)
vulnentity.addAdditionalFields("workspace", "Workspace", False,
workspace)
vulnentity.addAdditionalFields("osfamily", "OS", False, osfamily)
for k, v in vuln.items():
if isinstance(v, datetime):
vulnentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
noteon = mt.getValue()
noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon))
noteent.setValue("Note:{}".format(noteon))
noteent.addAdditionalFields("note", "Note", False, "")
noteent.addAdditionalFields("link", "Link", False, "")
inheritvalues(noteent, mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
module = mt.getValue()
falsepos = mt.addEntity("msploitego.FalsePositive", "{}:{}".format(module,ip,port))
falsepos.setValue("{}:{}".format(module,ip,port))
falsepos.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
filenmame = mt.getVar("localfile")
if filenmame:
if os.path.exists(filenmame):
webbrowser.open("file://{}".format(filenmame))
else:
url = mt.getValue()
if validators.url(url):
webbrowser.open(url)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
module = mt.getValue()
falsepos = mt.addEntity("msploitego.Checked", "{}:{}".format(module,ip,port))
falsepos.setValue("{}:{}".format(module,ip,port))
falsepos.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
for workspace in mpost.getWorkspaces():
wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name"))
wsentity.setValue(workspace.get("name"))
wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id")))
wsentity.addAdditionalFields("db", "Database", False, db)
inheritvalues(wsentity, mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
proto = mt.getVar("proto")
service = mt.getValue()
rep = scriptrunner(
port,
"smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info",
ip)
if rep.hosts[0].status == "up":
d = {}
for res in rep.hosts[0].scripts_results:
elems = res.get("elements")
for k, v in elems.items():
if v and v.strip():
d.update({k: v})
server = d.get("server").split("\\")[0]
workgroup = d.get("workgroup").split("\\")[0]
sambaentity = mt.addEntity("msploitego.SambaServer",
"{}:{}".format(server, workgroup))
sambaentity.setValue("{}:{}".format(server, workgroup))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False,
workgroup)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("info", "Info", False, d.get("os"))
sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn"))
sambaentity.addAdditionalFields("banner.text", "Service Banner", False,
d.get("os"))
sambaentity.addAdditionalFields("service.name", "Description", False,
service)
sambaentity.addAdditionalFields("properties.service", "Service", False,
service)
sambaentity.addAdditionalFields("proto", "Protocol", False, proto)
for k, v in d.items():
if any(x in k for x in ["server", "workgroup"]):
continue
sambaentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
diry = mt.getValue()
# website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry))
# website.setValue("http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("dir", "Directory", False, diry)
# website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("ip", "IP Address", False, ip)
# website.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
db = mt.getVar("db")
hostid = mt.getVar("id")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for page in mpost.getwebpagesforhost(hostid):
urlstring = "http"
if "ssl" in page.get("protoname"):
urlstring += "s"
urlstring += "://{}:{}{}".format(ip, page.get("port"),
page.get("path"))
pageent = mt.addEntity("msploitego.SiteURL", urlstring)
pageent.setValue(urlstring)
pageent.addAdditionalFields("ip", "IP Address", False, ip)
pageent.addAdditionalFields("hostid", "Host Id", False, hostid)
for k, v in page.items():
if isinstance(v, datetime):
pageent.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
pageent.addAdditionalFields(k, k.capitalize(), False, str(v))
for form in mpost.getwebformsforhost(hostid):
urlstring = "http"
if "ssl" in form.get("protoname"):
urlstring += "s"
urlstring += "://{}:{}{}".format(ip, form.get("port"),
form.get("path"))
forment = mt.addEntity("msploitego.WebForm", urlstring)
forment.setValue(urlstring)
for k, v in form.items():
if isinstance(v, datetime):
forment.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
forment.addAdditionalFields(k, k.capitalize(), False, str(v))
forment.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
diry = mt.getValue()
# website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry))
# website.setValue("http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("dir", "Directory", False, diry)
# website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("ip", "IP Address", False, ip)
# website.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
fn = mt.getValue()
path = mt.getVar("path")
bashlog = bashrunner("cat {}".format(path))
details = "".join(bashlog)
if details:
fileent = mt.addEntity("msploitego.LootFile", fn)
fileent.setValue(fn)
fileent.addAdditionalFields("details", "Details", False, details)
fileent.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
for cve in cvereg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
url = mt.getValue()
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
# gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
bashlog = bashrunner("gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}".format(url))
for line in bashlog:
webdir = mt.addEntity("maltego.WebDir", line.split()[0])
webdir.setValue(line.split()[0])
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
webdir.addAdditionalFields("url", "URL", False, url)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
fn = mt.getValue()
path = mt.getVar("path")
bashlog = bashrunner("cat {}".format(path))
details = "".join(bashlog)
if details:
fileent = mt.addEntity("msploitego.LootFile", fn)
fileent.setValue(fn)
fileent.addAdditionalFields("details", "Details", False, details)
fileent.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}", re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
mpost = MsploitPostgres(user, password, db)
for ms in msreg.findall(vuln):
# bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
ms = ms.replace("-", "_").lower()
mods = mpost.queryModules()
# for line in bashlog:
# if rankreg.search(line):
# rank = rankreg.search(line).group(0)
# msfmod = re.split(" {2,}", line.lstrip())
# msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
# msfentity.setValue(msfmod[0])
# msfentity.addAdditionalFields("rank", "Rank", False, rank)
# msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
for cve in cvereg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule",
msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False,
msfmod[-1])
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
url = mt.getValue()
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
# gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
bashlog = bashrunner(
"gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}"
.format(url))
for line in bashlog:
webdir = mt.addEntity("maltego.WebDir", line.split()[0])
webdir.setValue(line.split()[0])
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
webdir.addAdditionalFields("url", "URL", False, url)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for session in mpost.getForAllHosts("sessions"):
sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id")))
sessionentity.setValue(str(session.get("id")))
for k,v in session.items():
if isinstance(v,datetime):
sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v))
sessionentity.addAdditionalFields("user", "User", False, user)
sessionentity.addAdditionalFields("password", "Password", False, password)
sessionentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
proto = mt.getVar("proto")
service = mt.getValue()
rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip)
if rep.hosts[0].status == "up":
d = {}
for res in rep.hosts[0].scripts_results:
elems = res.get("elements")
for k,v in elems.items():
if v and v.strip():
d.update({k:v})
server = d.get("server").split("\\")[0]
workgroup = d.get("workgroup").split("\\")[0]
sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup))
sambaentity.setValue("{}:{}".format(server,workgroup))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("info", "Info", False, d.get("os"))
sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn"))
sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os"))
sambaentity.addAdditionalFields("service.name", "Description", False, service)
sambaentity.addAdditionalFields("properties.service", "Service", False, service)
sambaentity.addAdditionalFields("proto", "Protocol", False, proto)
for k,v in d.items():
if any(x in k for x in ["server","workgroup"]):
continue
sambaentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
sessionid = mt.getValue()
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for detail in mpost.getSessionDetails(sessionid):
detailent = mt.addEntity("msploitego.SessionDetail", str(detail.get("id")))
detailent.setValue(str(detail.get("id")))
for k,v in detail.items():
if isinstance(v,datetime):
detailent.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
detailent.addAdditionalFields(k, k.capitalize(), False, str(v))
detailent.addAdditionalFields("user", "User", False, user)
detailent.addAdditionalFields("password", "Password", False, password)
detailent.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
hostid = mt.getVar("id")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for vuln in mpost.getforHost(ip, "vulns"):
vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("name"),hostid))
vulnentity.setValue("{}:{}".format(vuln.get("name"),hostid))
vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
for k,v in vuln.items():
if isinstance(v,datetime):
vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v))
vulnentity.addAdditionalFields("user", "User", False, user)
vulnentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
mac = mt.getVar("mac")
machinename = mt.getVar("name")
os_family = mt.getVar("os_family")
os_name = mt.getVar("os_name")
os_sp = mt.getVar("os_sp")
hostid = mt.getVar("id")
if not hostid:
hostid = mt.getVar("hostid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
# workspace = mt.getVar("workspace")
mpost = MsploitPostgres(user, password, db)
for service in mpost.getServices(hostid):
entityname = getserviceentity(service)
servicename = service.get("servicename")
if not servicename:
servicename = "unknown"
hostservice = mt.addEntity(
entityname, "{}/{}:{}".format(servicename, service.get("port"),
hostid))
hostservice.setValue("{}/{}:{}".format(servicename,
service.get("port"), hostid))
hostservice.addAdditionalFields("ip", "IP Address", True, ip)
hostservice.addAdditionalFields(
"service.name", "Description", True,
"{}/{}:{}".format(servicename, service.get("port"), hostid))
if machinename:
hostservice.addAdditionalFields("machinename", "Machine Name",
True, machinename)
if service.get("info"):
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, service.get("info"))
else:
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, "")
if servicename in [
"http", "https", "possible_wls", "www", "ncacn_http",
"ccproxy-http", "ssl/http", "http-proxy"
]:
hostservice.addAdditionalFields("niktofile", "Nikto File", True,
'')
elif any(x in servicename for x in [
"samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns",
"netbios-dgm"
]):
hostservice.addAdditionalFields("enum4linux", "enum4linux File",
True, '')
for k, v in service.items():
if isinstance(v, datetime):
hostservice.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostservice.addAdditionalFields(k, k.capitalize(), False,
str(v))
hostservice.addAdditionalFields("user", "User", False, user)
hostservice.addAdditionalFields("password", "Password", False,
password)
hostservice.addAdditionalFields("db", "db", False, db)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
# if machinename and re.match("^[a-zA-z]+", machinename):
if machinename:
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
osentityname, osdescription = getosentity(os_family, os_name)
if os_sp:
osdescription += " {}".format(os_sp)
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
mac = mt.getVar("mac")
machinename = mt.getVar("name")
os_family = mt.getVar("os_family")
os_name = mt.getVar("os_name")
os_sp = mt.getVar("os_sp")
hostid = mt.getVar("id")
if not hostid:
hostid = mt.getVar("hostid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for service in mpost.getforHost(ip, "services"):
entityname = getserviceentity(service)
servicename = service.get("name")
if not servicename:
servicename = "unknown"
hostservice = mt.addEntity(
entityname, "{}/{}:{}".format(servicename, service.get("port"),
hostid))
hostservice.setValue("{}/{}:{}".format(servicename,
service.get("port"), hostid))
hostservice.addAdditionalFields("ip", "IP Address", True, ip)
if service.get("info"):
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, service.get("info"))
else:
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, "")
hostservice.addAdditionalFields(
"service.name", "Description", True,
"{}/{}".format(service.get("port"), servicename))
for k, v in service.items():
if isinstance(v, datetime):
hostservice.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostservice.addAdditionalFields(k, k.capitalize(), False,
str(v))
hostservice.addAdditionalFields("user", "User", False, user)
hostservice.addAdditionalFields("password", "Password", False,
password)
hostservice.addAdditionalFields("db", "db", False, db)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
if machinename and re.match("^[a-zA-z]+", machinename):
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
osentityname, osdescription = getosentity(os_family, os_name)
if os_sp:
osdescription += " {}".format(os_sp)
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
