MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre e.addAdditionalFields("CSV File",filepath,True,filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'IP') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.ip", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Filename (Parent)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.FilenameParent", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'SHA-256 (Parent)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.SHA-256Parent", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'SHA-256 (Detection)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPSHA256Detection", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'MD5 (Parent)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.MD5Parent", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Hostname') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.Hostname", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Filepath') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPFilepath",entry); ## Edit HEre e.addAdditionalFields("CSV File",filepath,True,filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Detection Name') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.DetectionName", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Time') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.Time", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
import sys from MaltegoTransform import * import fa_parser as fa column = sys.argv[1] filepath = sys.argv[2] MT = MaltegoTransform() data = fa.parseCSV(filepath) ########################################################################## if column == 'MD5 (Detection)': result = fa.ItemsCounts(data, column) for entry in result: e = MT.addEntity("jc.MD5Detection", entry) e.addAdditionalFields("CSV File", filepath, True, filepath) ########################################################################## elif column == 'Filename (Parent)': result = fa.ItemsCounts(data, column) for entry in result: e = MT.addEntity("jc.FilenameParent", entry) e.addAdditionalFields("CSV File", filepath, True, filepath) ########################################################################## elif column == 'Filepath': result = fa.ItemsCounts(data, column) for entry in result: e = MT.addEntity("jc.Filepath", entry) e.addAdditionalFields("CSV File", filepath, True, filepath) ########################################################################## elif column == 'Remote IP': result = fa.ItemsCounts(data, column)
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Remote IP') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPRemoteIP",entry); ## Edit HEre e.addAdditionalFields("CSV File",filepath,True,filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Event Type') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.EventType", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Port') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.Port", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'File Name') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPFilename", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()