def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
mac = mt.getVar("mac")
machinename = mt.getVar("name")
os_family = mt.getVar("os_family")
os_name = mt.getVar("os_name")
os_sp = mt.getVar("os_sp")
hostid = mt.getVar("id")
if not hostid:
hostid = mt.getVar("hostid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
# workspace = mt.getVar("workspace")
mpost = MsploitPostgres(user, password, db)
for service in mpost.getServices(hostid):
entityname = getserviceentity(service)
servicename = service.get("servicename")
if not servicename:
servicename = "unknown"
hostservice = mt.addEntity(
entityname, "{}/{}:{}".format(servicename, service.get("port"),
hostid))
hostservice.setValue("{}/{}:{}".format(servicename,
service.get("port"), hostid))
hostservice.addAdditionalFields("ip", "IP Address", True, ip)
hostservice.addAdditionalFields(
"service.name", "Description", True,
"{}/{}:{}".format(servicename, service.get("port"), hostid))
if machinename:
hostservice.addAdditionalFields("machinename", "Machine Name",
True, machinename)
if service.get("info"):
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, service.get("info"))
else:
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, "")
if servicename in [
"http", "https", "possible_wls", "www", "ncacn_http",
"ccproxy-http", "ssl/http", "http-proxy"
]:
hostservice.addAdditionalFields("niktofile", "Nikto File", True,
'')
elif any(x in servicename for x in [
"samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns",
"netbios-dgm"
]):
hostservice.addAdditionalFields("enum4linux", "enum4linux File",
True, '')
for k, v in service.items():
if isinstance(v, datetime):
hostservice.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostservice.addAdditionalFields(k, k.capitalize(), False,
str(v))
hostservice.addAdditionalFields("user", "User", False, user)
hostservice.addAdditionalFields("password", "Password", False,
password)
hostservice.addAdditionalFields("db", "db", False, db)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
# if machinename and re.match("^[a-zA-z]+", machinename):
if machinename:
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
osentityname, osdescription = getosentity(os_family, os_name)
if os_sp:
osdescription += " {}".format(os_sp)
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
mac = mt.getVar("mac")
machinename = mt.getVar("name")
os_family = mt.getVar("os_family")
os_name = mt.getVar("os_name")
os_sp = mt.getVar("os_sp")
hostid = mt.getVar("id")
if not hostid:
hostid = mt.getVar("hostid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for service in mpost.getforHost(ip, "services"):
entityname = getserviceentity(service)
servicename = service.get("name")
if not servicename:
servicename = "unknown"
hostservice = mt.addEntity(
entityname, "{}/{}:{}".format(servicename, service.get("port"),
hostid))
hostservice.setValue("{}/{}:{}".format(servicename,
service.get("port"), hostid))
hostservice.addAdditionalFields("ip", "IP Address", True, ip)
if service.get("info"):
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, service.get("info"))
else:
hostservice.addAdditionalFields("banner.text", "Service Banner",
True, "")
hostservice.addAdditionalFields(
"service.name", "Description", True,
"{}/{}".format(service.get("port"), servicename))
for k, v in service.items():
if isinstance(v, datetime):
hostservice.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostservice.addAdditionalFields(k, k.capitalize(), False,
str(v))
hostservice.addAdditionalFields("user", "User", False, user)
hostservice.addAdditionalFields("password", "Password", False,
password)
hostservice.addAdditionalFields("db", "db", False, db)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
if machinename and re.match("^[a-zA-z]+", machinename):
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
osentityname, osdescription = getosentity(os_family, os_name)
if os_sp:
osdescription += " {}".format(os_sp)
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = ["hostid", "info", "name", "port", "proto", "state"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
mac = mt.getVar("mac")
osname = mt.getVar("osname")
osfamily = mt.getVar("osfamily")
machinename = mt.getVar("name")
servicecount = int(mt.getVar("servicecount"))
mdb = MetasploitXML(fn)
if servicecount > 0:
host = mdb.gethost(ip)
for service in host.services:
try:
servicename = service.name
except AttributeError:
servicename = "NoName"
try:
serviceinfo = service.info
except AttributeError:
serviceinfo = None
if service.state.lower() in ["filtered", "closed"]:
entityname = "msploitego.ClosedPort"
else:
entityname = getserviceentity(service)
hostservice = mt.addEntity(
entityname, "{}/{}:{}".format(servicename, service.port,
service.hostid))
hostservice.setValue = "{}/{}:{}".format(servicename, service.port,
service.hostid)
hostservice.addAdditionalFields("ip", "IP Address", True, ip)
if servicename and servicename.lower() in [
"http", "https", "possible_wls", "www", "ncacn_http",
"ccproxy-http", "ssl/http", "http-proxy"
]:
hostservice.addAdditionalFields("niktofile", "Nikto File",
True, '')
hostservice.addAdditionalFields("fromfile", "Source File", True,
fn)
hostservice.addAdditionalFields("service.name", "Service Name",
True, servicename)
if service.containsTag("info"):
hostservice.addAdditionalFields("banner", "Banner", True,
service.info)
if servicename in [
"samba", "netbios-ssn", "smb", "microsoft-ds"
]:
if "workgroup" in service.info.lower():
groupname = service.info.lower().split(
"workgroup:", 1)[-1].lstrip()
workgroup = mt.addEntity("maltego.Domain", groupname)
workgroup.setValue(groupname)
workgroup.addAdditionalFields("ip", "IP Address", True,
ip)
else:
hostservice.addAdditionalFields(
"banner", "Banner", True, "{}-No info".format(servicename))
for etag in entitytags:
if etag in service.getTags():
val = service.getVal(etag)
hostservice.addAdditionalFields(etag, etag, True, val)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
if machinename and re.match("^[a-zA-z]+", machinename):
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
""" OS determination """
osentityname, osdescription = getosentity(osfamily, osname)
# osentityname = "msploitego.OperatingSystem"
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()