def dns_domain():
if request.body.len > 0:
incoming = TRX.MaltegoMsg(request.body.getvalue())
xform = TRX.MaltegoTransform()
if (incoming.Type == "Domain" or incoming.Type == "DNSName"
or incoming.Type == "NSRecord") and re.match(
ValidHostnameRegex, incoming.Value):
if 'api' in incoming.TransformSettings:
s = spyonweb.Spyonweb(incoming.TransformSettings['api'])
data = s.dns_domain(incoming.Value, limit=incoming.Slider)
if data is None:
xform.addUIMessage("No results found", TRX.UIM_FATAL)
return xform.returnOutput()
for name in data:
ent = xform.addEntity("maltego.Domain", name)
ent.setLinkLabel(
data[name]
) # date domain name was associated with server
return xform.returnOutput()
else:
xform = TRX.MaltegoTransform()
xform.addException("Must submit an API key")
return xform.throwExceptions()
else:
xform.addException("Must submit a valid host name")
return xform.throwExceptions()
def test_entity_link_style(self):
entity = TRX.MaltegoEntity()
entity.setLinkStyle(TRX.LINK_STYLE_DASHED)
out = xmltodict.parse(entity.returnEntity())
assert_equal(entity.additionalFields['link#maltego.link.style'].value,
"1")
assert_equal(out['Entity']['AdditionalFields']['Field']['#text'], "1")
def test_entity_note(self):
entity = TRX.MaltegoEntity()
note = "Test Note"
entity.setNote(note)
out = xmltodict.parse(entity.returnEntity())
assert_equal(entity.additionalFields['notes#'].value, note)
assert_equal(out['Entity']['AdditionalFields']['Field']['#text'], note)
def test_entity_iconurl(self):
entity = TRX.MaltegoEntity()
url = "http://example.com/example.png"
entity.setIconURL(url)
assert_equal(entity.iconURL, url)
out = xmltodict.parse(entity.returnEntity())
assert_equal(out['Entity']['IconURL'], url)
def test_entity_link_thickness(self):
entity = TRX.MaltegoEntity()
entity.setLinkThickness(42)
out = xmltodict.parse(entity.returnEntity())
assert_equal(
entity.additionalFields['link#maltego.link.thickness'].value, "42")
assert_equal(out['Entity']['AdditionalFields']['Field']['#text'], "42")
def domain():
if request.body.len > 0:
incoming = TRX.MaltegoMsg(request.body.getvalue())
if (incoming.Type == "Domain" or incoming.Type
== "DNSName") and re.match(ValidHostnameRegex, incoming.Value):
if 'api' in incoming.TransformSettings:
s = spyonweb.Spyonweb(incoming.TransformSettings['api'])
data = s.domain(incoming.Value)
return process_domain(data)
else:
xform = TRX.MaltegoTransform()
xform.addException("Must submit an API key")
return xform.throwExceptions()
else:
xform = TRX.MaltegoTransform()
xform.addException("Must submit a valid host name or domain name")
return xform.throwExceptions()
def test_entity_displayinfo_results(self):
entity = TRX.MaltegoEntity()
entity.addDisplayInformation("TestValue", "TestLabel")
r = xmltodict.parse(entity.returnEntity())
assert_equal(r['Entity']['DisplayInformation']['Label']['@Name'],
"TestLabel")
assert_equal(r['Entity']['DisplayInformation']['Label']['#text'],
"TestValue")
def test_entity_strict(self):
entity = TRX.MaltegoEntity()
entity.addProperty('test', matchingRule="strict", value="StrictTest")
out = xmltodict.parse(entity.returnEntity())
assert_equal(entity.additionalFields['test'].matchingRule, "strict")
assert_equal(
out['Entity']['AdditionalFields']['Field']['@MatchingRule'],
'strict')
def test_entity_property_results(self):
entity = TRX.MaltegoEntity("IPv4Address", "10.0.0.1")
entity.addProperty("ipaddress.internal", value="True")
assert_is_instance(entity.additionalFields['ipaddress.internal'],
TRX.Property)
# NOTE: The following tests for the string "True", not the bool True
assert_equal(entity.additionalFields["ipaddress.internal"].value,
"True")
def test_entity_link_color(self):
entity = TRX.MaltegoEntity()
color = '0xff00ff'
entity.setLinkColor(color)
out = xmltodict.parse(entity.returnEntity())
assert_equal(entity.additionalFields['link#maltego.link.color'].value,
color)
assert_equal(out['Entity']['AdditionalFields']['Field']['#text'],
color)
def test_entity_link_label(self):
entity = TRX.MaltegoEntity()
label = "Test Label"
entity.setLinkLabel(label)
out = xmltodict.parse(entity.returnEntity())
assert_equal(entity.additionalFields['link#maltego.link.label'].value,
label)
assert_equal(out['Entity']['AdditionalFields']['Field']['#text'],
label)
def analytics():
if request.body.len > 0:
incoming = TRX.MaltegoMsg(request.body.getvalue())
xform = TRX.MaltegoTransform()
if incoming.Type == "Phrase" and re.match(ValidAnalyticsRegex,
incoming.Value):
if 'api' in incoming.TransformSettings:
s = spyonweb.Spyonweb(incoming.TransformSettings['api'])
data = s.analytics(incoming.Value, limit=incoming.Slider)
if data is None:
xform.addUIMessage("No results found", TRX.UIM_FATAL)
return xform.returnOutput()
for name in data:
ent = xform.addEntity("maltego.Domain", name)
ent.setLinkLabel(
data[name]) # date ID was associated with domain
return xform.returnOutput()
else:
xform = TRX.MaltegoTransform()
xform.addException("Must submit an API key")
return xform.throwExceptions()
else:
xform.addException("Must submit a valid Analytics tracking ID")
return xform.throwExceptions()
def process_domain(data):
xform = TRX.MaltegoTransform()
if data['status'] != 'found':
xform.addUIMessage("No results found", TRX.UIM_FATAL)
return xform.returnOutput()
name = data['result']['domain'].keys()[0]
for code in data['result']['domain'][name]['items'].get('adsense', ''):
ent = xform.addEntity("maltego.Phrase", code)
ent.setWeight(data['result']['domain'][name]['items']['adsense'][code])
for code in data['result']['domain'][name]['items'].get('analytics', ''):
ent = xform.addEntity("maltego.Phrase", code)
ent.setWeight(
data['result']['domain'][name]['items']['analytics'][code])
for server in data['result']['domain'][name]['items'].get(
'dns_servers', ''):
ent = xform.addEntity("maltego.NSRecord", server)
# TODO: how to represent IP addresses returned in this API call?
for ip in data['result']['domain'][name]['items'].get('ip', ''):
ent = xform.addEntity("maltego.IPv4Address", ip)
ent.setWeight(data['result']['domain'][name]['items']['ip'][ip])
return xform.returnOutput()
def test_entity_set_value(self):
entity = TRX.MaltegoEntity()
entity.setValue("Maltego")
assert_equal(entity.value, "Maltego")
out = xmltodict.parse(entity.returnEntity())
assert_equal(out['Entity']['Value'], "Maltego")
def test_entity_weight(self):
entity = TRX.MaltegoEntity()
entity.setWeight(100)
assert_equal(entity.weight, 100)
out = xmltodict.parse(entity.returnEntity())
assert_equal(out['Entity']['Weight'], "100")
def test_entity_set_type(self):
entity = TRX.MaltegoEntity()
entity.setType("Location")
assert_equal(entity.entityType, "Location")
def test_entity_init_value(self):
entity = TRX.MaltegoEntity("IPv4Address", "127.0.0.1")
# FIXME: the below matches the library but not the documentation!
assert_equal(entity.value, "127.0.0.1")
def test_entity_displayinfo_dict(self):
entity = TRX.MaltegoEntity()
entity.addDisplayInformation("TestValue", "TestLabel")
assert_equal(entity.displayInformation.keys(), ["TestLabel"])
assert_equal(entity.displayInformation['TestLabel'], "TestValue")
def test_entity_bookmark(self):
entity = TRX.MaltegoEntity()
entity.setBookmark(TRX.BOOKMARK_COLOR_GREEN)
out = xmltodict.parse(entity.returnEntity())
assert_equal(entity.additionalFields['bookmark#'].value, "1")
assert_equal(out['Entity']['AdditionalFields']['Field']['#text'], "1")
def test_entity_default_type(self):
entity = TRX.MaltegoEntity()
assert_equal(entity.entityType, "Phrase")
def test_entity_property_count(self):
entity = TRX.MaltegoEntity("IPv4Address", "10.0.0.1")
entity.addProperty("ipaddress.internal", value="True")
assert_equal(len(entity.additionalFields), 1)
def test_entity_init_type(self):
entity = TRX.MaltegoEntity("IPv4Address")
assert_equal(entity.entityType, "IPv4Address")
def test_entity_default_value(self):
entity = TRX.MaltegoEntity()
assert_equal(entity.value, "")
def setUpClass(self):
self.xform = TRX.MaltegoTransform()
def test_entity_property_dict(self):
entity = TRX.MaltegoEntity("IPv4Address", "10.0.0.1")
entity.addProperty("ipaddress.internal", value="True")
assert_is_instance(entity.additionalFields, dict)
assert_equal(entity.additionalFields.keys(), ["ipaddress.internal"])
def test_msg_meta(self):
m = TRX.MaltegoMsg(self.m_xml)
assert_equal(m.Value, "127.0.0.1")
assert_equal(m.Weight, "100")
assert_equal(m.Slider, 50)
assert_equal(m.Type, "IPAddress")
def test_entity_displayinfo_count(self):
entity = TRX.MaltegoEntity()
entity.addDisplayInformation("TestValue", "TestLabel")
assert_equal(len(entity.displayInformation), 1)
assert_is_instance(entity.displayInformation, dict)
def test_msg_property(self):
m = TRX.MaltegoMsg(self.m_xml)
assert_equal(m.getProperty('ipv4-address'), "127.0.0.1")
assert_equal(m.getProperty('ipaddress.internal'), "true")
assert_is_none(m.getProperty('nope'))
def test_msg_entity(self):
m = TRX.MaltegoMsg(self.m_xml)
assert_is_instance(m, TRX.MaltegoMsg)
def test_msg_setting(self):
m = TRX.MaltegoMsg(self.m_xml)
assert_equal(m.getTransformSetting("api"), "JUSTKIDDING")
assert_is_none(m.getTransformSetting("nope"))