def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex, output)
for item in bucket:
serviceent = mt.addEntity(
"maltego.Service", "{}:{}".format(item.get("Header"),
hostid))
serviceent.setValue("{}:{}".format(item.get("Header"), hostid))
serviceent.addAdditionalFields("displayname", "Service Name",
False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex,output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False, "\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex, output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability",
res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k, v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False,
"\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(
k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner(
"wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format(
ip, port))
# regp = re.compile("^\[i]\s", re.I)
results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog)
for res in results:
if res.get("Header"):
header = sanitizefield(res.get("Header"))
wpent = mt.addEntity("msploitego.WordpressInfo", header)
wpent.setValue(header)
for k, v in res.items():
if not k or not k.strip() or k == "Header":
continue
k = sanitizefield(k)
v = sanitizefield(v)
if v and v.strip() and k and k.strip():
wpent.addAdditionalFields(k, k.capitalize(), False, v)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-users", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\")
bucket = bucketparser(regex, output)
for item in bucket:
userentity = mt.addEntity("msploitego.SambaUser",
item.get("Header"))
userentity.setValue(item.get("Header"))
userentity.addAdditionalFields("ip", "IP Address", False, ip)
userentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
userentity.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-shares", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex, output, method="search")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.SambaShare", header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name",
False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share",
False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-mbenum", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s{2}\w")
bucket = bucketparser(regex, output, sep=" ")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.WindowsMasterBrowser",
"{}:{}".format(header, hostid))
shareentity.setValue("{}:{}".format(header, hostid))
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
if k == "Header" or k == "Details":
continue
shareentity.addAdditionalFields(k.lower(), k, False,
"{}/{}".format(k, v))
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-comments-displayer", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
regex = re.compile("^\s+Path:")
results = bucketparser(regex, scriptrun.get("output").split("\n"))
for res in results:
k, v = res.get("Header").split(":", 1)
commententity = mt.addEntity("msploitego.SourceCodeComment", v)
commententity.setValue(v)
commententity.addAdditionalFields(
"comment", "Comment", False, "\n".join(res.get("Details")))
commententity.addAdditionalFields("linenumber",
"Line Number", False,
res.get("Line number"))
commententity.addAdditionalFields("path", "Path", False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-users", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\")
bucket = bucketparser(regex,output)
for item in bucket:
userentity = mt.addEntity("msploitego.SambaUser", item.get("Header"))
userentity.setValue(item.get("Header"))
userentity.addAdditionalFields("ip", "IP Address", False, ip)
userentity.addAdditionalFields("port", "Port", False, port)
for k,v in item.items():
userentity.addAdditionalFields(k, k.capitalize(), False, v.strip())
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-mbenum", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s{2}\w")
bucket = bucketparser(regex,output,sep=" ")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header,hostid))
shareentity.setValue("{}:{}".format(header,hostid))
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k,v in item.items():
if k == "Header" or k == "Details":
continue
shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k,v))
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
machinename = mt.getVar("machinename")
rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS")
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex, output, method="search")
for item in bucket:
warning = item.get("Warning")
if warning and re.search("denied", warning, re.I):
enitiyname = "msploitego.AccessDenied"
else:
enitiyname = "msploitego.SambaShare"
header = item.get("Header")
shareentity = mt.addEntity(enitiyname, header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name",
False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share",
False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
if machinename:
shareentity.addAdditionalFields("machinename",
"Machine Name", False,
machinename)
for k, v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
machinename = mt.getVar("machinename")
rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS")
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex,output,method="search")
for item in bucket:
warning = item.get("Warning")
if warning and re.search("denied",warning, re.I):
enitiyname = "msploitego.AccessDenied"
else:
enitiyname = "msploitego.SambaShare"
header = item.get("Header")
shareentity = mt.addEntity(enitiyname, header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name", False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share", False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
if machinename:
shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename)
for k,v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex,output)
for item in bucket:
serviceent = mt.addEntity("maltego.Service", "{}:{}".format(item.get("Header"),hostid))
serviceent.setValue("{}:{}".format(item.get("Header"),hostid))
serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner("snmp-check -w {}".format(ip))
regex = re.compile("^\[\*\]")
results = bucketparser(regex, bashlog, sep=" ")
for res in results:
origheader = res.get("Header")
header = res.get("Header").lower()
if "write access permitted" in header:
phrase = mt.addEntity("msploitego.RelevantInformation",
"{}:{}".format(origheader, hostid))
phrase.setValue("{}:{}".format(origheader, hostid))
elif "system information" in header:
if res.get("Domain"):
dname = res.get("Domain").lstrip(":")
domain = mt.addEntity("maltego.Domain", dname)
domain.setValue(dname)
domain.addAdditionalFields("ip", "IP Address", True, ip)
domain.addAdditionalFields("port", "Port", True, port)
if res.get("Hostname"):
hname = res.get("Hostname").lstrip(":")
hostname = mt.addEntity("msploitego.Hostname", hname)
hostname.setValue(hname)
hostname.addAdditionalFields("ip", "IP Address", True, ip)
hostname.addAdditionalFields("port", "Port", True, port)
elif "user accounts" in header:
for user in res.keys():
if any(x in user for x in ["Details", "Header"]):
continue
alias = mt.addEntity("maltego.Alias", user)
alias.setValue(user)
alias.addAdditionalFields("ip", "IP Address", True, ip)
elif "routing information" in header:
ipprefix = ".".join(ip.split(".")[0:2])
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Destination"]):
continue
for ipr in v.split():
if re.search(ipprefix, ipr) and ipr != ip:
iprout = mt.addEntity("msploitego.RoutingIP", ipr)
iprout.setValue(ipr)
iprout.addAdditionalFields("ip", "IP Address", True,
ip)
elif "network services" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Index"]):
continue
nservice = mt.addEntity("msploitego.NetworkService",
"{}:{}".format(v, hostid))
nservice.setValue("{}:{}".format(v, hostid))
nservice.addAdditionalFields("ip", "IP Address", True, ip)
elif "processes" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header"]):
continue
if "running" in v.lower():
process = mt.addEntity(
"msploitego.Process",
"{}:{}".format(v.split()[-1], hostid))
process.setValue("{}:{}".format(v.split()[-1], hostid))
process.addAdditionalFields("ip", "IP Address", True, ip)
process.addAdditionalFields("pid", "Process ID", True, k)
elif "device information" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Id"]):
continue
if any(x in v for x in ["unknown", "running"]):
device = mt.addEntity(
"maltego.Device",
"{}:{}".format(" ".join(v.split()[2::]), hostid))
device.setValue("{}:{}".format(" ".join(v.split()[2::]),
hostid))
device.addAdditionalFields("ip", "IP Address", True, ip)
elif "software components" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Index", "Header"]):
continue
iprout = mt.addEntity("msploitego.SotwareComponents",
"{}:{}".format(v, hostid))
iprout.setValue("{}:{}".format(v, hostid))
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "share" in header:
path = res.get("Path").lstrip(":")
name = res.get("Name").lstrip(":")
networkshare = mt.addEntity("msploitego.NetworkShare", path)
networkshare.setValue(path)
networkshare.addAdditionalFields("ip", "IP Address", True, ip)
networkshare.addAdditionalFields("name", "Share Name", True, name)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
contents = bashrunner("")
regex = re.compile("^\|\s+")
ignore = re.compile(
"={3,}|Looking\s|padding\d|unknown_\d|logon_hrs|\[V\]\sAttempting\sto\sget|\*unknown\*|\[V\]\sassuming\sthat\suser|\[V\]\sprocessing\ssid\s|\[E\]",
re.I)
headsignore = re.compile("target\sinformation|getting\sprinter", re.I)
results = bucketparser(regex, contents, ignoreg=ignore)
for res in results:
header = res.get("Header")
if headsignore.search(header):
continue
if re.search("enumerating\sworkgroup", header, re.I):
for k, v in res.items():
if re.search("got\sdomain", k, re.I):
doment = mt.addEntity("maltego.Domain", v)
doment.setValue(v)
doment.addAdditionalFields("ip", "IP Address", True, ip)
doment.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("nbtstat\sinformation", header, re.I):
h = header.replace("|", "").lstrip().rstrip()
nbstat = mt.addEntity("msploitego.nbstatinformation", h)
nbstat.setValue(h)
nbstat.addAdditionalFields("data", "Data", False,
"\n".join(res.get("Details")))
nbstat.addAdditionalFields("ip", "IP Address", True, ip)
nbstat.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("session\scheck\son", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
sessioncheck = mt.addEntity("msploitego.nbstatinformation", h)
sessioncheck.setValue(h)
sessioncheck.addAdditionalFields("data", "Data", False,
"\n".join(data))
sessioncheck.addAdditionalFields("ip", "IP Address", True, ip)
sessioncheck.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("getting\sdomain\ssid", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
domainsid = mt.addEntity("msploitego.RelevantInformation", h)
domainsid.setValue(h)
domainsid.addAdditionalFields("data", "Data", False,
"\n".join(data))
domainsid.addAdditionalFields("ip", "IP Address", True, ip)
domainsid.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("os\sinformation\son", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
osinfo = mt.addEntity("msploitego.SambaOSInformation", h)
osinfo.setValue(h)
osinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
osinfo.addAdditionalFields("ip", "IP Address", True, ip)
osinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\svia\srid\scyling", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
ridinfo = mt.addEntity("msploitego.SambaAccountInformation", h)
ridinfo.setValue(h)
ridinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
ridinfo.addAdditionalFields("ip", "IP Address", True, ip)
ridinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\susers\son\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
userinfo = mt.addEntity("msploitego.SambaAccountInformation",
h)
userinfo.setValue(h)
userinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
userinfo.addAdditionalFields("ip", "IP Address", True, ip)
userinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\smacine\senumeration\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
machineinfo = mt.addEntity(
"msploitego.SambaMachineEnumeration", h)
machineinfo.setValue(h)
machineinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
machineinfo.addAdditionalFields("ip", "IP Address", True, ip)
machineinfo.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("\sshare\senumeration\son\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
shareinfo = mt.addEntity("msploitego.SambaShareInformation", h)
shareinfo.setValue(h)
shareinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
shareinfo.addAdditionalFields("ip", "IP Address", True, ip)
shareinfo.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("\spassword\spolicy\sinformation\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
passinfo = mt.addEntity("msploitego.SambaPasswordPolicyInfo",
h)
passinfo.setValue(h)
passinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
passinfo.addAdditionalFields("ip", "IP Address", True, ip)
passinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\sgroups\son\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
passinfo = mt.addEntity("msploitego.SambaGroupInformation", h)
passinfo.setValue(h)
passinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
passinfo.addAdditionalFields("ip", "IP Address", True, ip)
passinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner("snmp-check -w {}".format(ip))
regex = re.compile("^\[\*\]")
results = bucketparser(regex, bashlog, sep=" ")
for res in results:
origheader = res.get("Header")
header = res.get("Header").lower()
if "write access permitted" in header:
phrase = mt.addEntity("maltego.Pharse", origheader)
phrase.setValue(origheader)
elif "system information" in header:
if res.get("Domain"):
dname = res.get("Domain").lstrip(":")
domain = mt.addEntity("maltego.Domain", dname)
domain.setValue(dname)
domain.addAdditionalFields("ip", "IP Address", True, ip)
domain.addAdditionalFields("port", "Port", True, port)
if res.get("Hostname"):
hname = res.get("Hostname").lstrip(":")
hostname = mt.addEntity("msploitego.Hostname", hname)
hostname.setValue(hname)
hostname.addAdditionalFields("ip", "IP Address", True, ip)
hostname.addAdditionalFields("port", "Port", True, port)
elif "user accounts" in header:
for user in res.keys():
if any(x in user for x in ["Details", "Header"]):
continue
alias = mt.addEntity("maltego.Alias", user)
alias.setValue(user)
alias.addAdditionalFields("ip", "IP Address", True, ip)
elif "routing information" in header:
ipprefix = ".".join(ip.split(".")[0:2])
for k,v in res.items():
if any(x in k for x in ["Details", "Header","Destination"]):
continue
for ipr in v.split():
if re.search(ipprefix,ipr) and ipr != ip:
iprout = mt.addEntity("msploitego.RoutingIP", ipr)
iprout.setValue(ipr)
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "network services" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header","Index"]):
continue
nservice = mt.addEntity("msploitego.NetworkService", v)
nservice.setValue(v)
nservice.addAdditionalFields("ip", "IP Address", True, ip)
elif "processes" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header"]):
continue
if "running" in v.lower():
process = mt.addEntity("msploitego.Process", v.split()[-1])
process.setValue(v.split()[-1])
process.addAdditionalFields("ip", "IP Address", True, ip)
process.addAdditionalFields("pid","Process ID", True, k)
elif "device information" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header", "Id"]):
continue
if any(x in v for x in ["unknown","running"]):
device = mt.addEntity("maltego.Device", " ".join(v.split()[2::]))
device.setValue(" ".join(v.split()[2::]))
device.addAdditionalFields("ip", "IP Address", True, ip)
elif "software components" in header:
for k,v in res.items():
if any(x in k for x in ["Details","Index","Header"]):
continue
iprout = mt.addEntity("msploitego.SotwareComponents", v)
iprout.setValue(v)
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "share" in header:
path = res.get("Path").lstrip(":")
name = res.get("Name").lstrip(":")
networkshare = mt.addEntity("msploitego.NetworkShare", path)
networkshare.setValue(path)
networkshare.addAdditionalFields("ip", "IP Address", True, ip)
networkshare.addAdditionalFields("name", "Share Name", True, name)
mt.returnOutput()
mt.addUIMessage("completed!")
