def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
body = mt.getVar("body")
url = mt.getValue()
details = None
if body:
details = body
else:
bashlog = bashrunner("wget -qO- {}".format(url))
if bashlog:
details = "".join(bashlog)
if details:
webfile = mt.addEntity("msploitego.WebFile", url)
webfile.setValue(url)
f = tempfile.NamedTemporaryFile(delete=False)
f.file.write(details)
f.file.close()
webfile.addAdditionalFields("localfile","Local File",False, f.name)
webfile.addAdditionalFields("url", "Site URL", False, url)
webfile.addAdditionalFields("ip", "IP Address", False, ip)
webfile.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner(
"wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format(
ip, port))
# regp = re.compile("^\[i]\s", re.I)
results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog)
for res in results:
if res.get("Header"):
header = sanitizefield(res.get("Header"))
wpent = mt.addEntity("msploitego.WordpressInfo", header)
wpent.setValue(header)
for k, v in res.items():
if not k or not k.strip() or k == "Header":
continue
k = sanitizefield(k)
v = sanitizefield(v)
if v and v.strip() and k and k.strip():
wpent.addAdditionalFields(k, k.capitalize(), False, v)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
body = mt.getVar("body")
url = mt.getValue()
details = None
if body:
details = body
else:
bashlog = bashrunner("wget -qO- {}".format(url))
if bashlog:
details = "".join(bashlog)
if details:
webfile = mt.addEntity("msploitego.WebFile", url)
webfile.setValue(url)
webfile.addAdditionalFields("details", "Details", False, details)
webfile.addAdditionalFields("url", "Site URL", False, url)
webfile.addAdditionalFields("ip", "IP Address", False, ip)
webfile.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|low")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if msreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule",
msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False,
msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
for cve in cvereg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
fn = mt.getValue()
path = mt.getVar("path")
bashlog = bashrunner("cat {}".format(path))
details = "".join(bashlog)
if details:
fileent = mt.addEntity("msploitego.LootFile", fn)
fileent.setValue(fn)
fileent.addAdditionalFields("details", "Details", False, details)
fileent.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
fn = mt.getValue()
path = mt.getVar("path")
bashlog = bashrunner("cat {}".format(path))
details = "".join(bashlog)
if details:
fileent = mt.addEntity("msploitego.LootFile", fn)
fileent.setValue(fn)
fileent.addAdditionalFields("details", "Details", False, details)
fileent.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
url = mt.getValue()
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
# gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
bashlog = bashrunner("gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}".format(url))
for line in bashlog:
webdir = mt.addEntity("maltego.WebDir", line.split()[0])
webdir.setValue(line.split()[0])
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
webdir.addAdditionalFields("url", "URL", False, url)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}", re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
mpost = MsploitPostgres(user, password, db)
for ms in msreg.findall(vuln):
# bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
ms = ms.replace("-", "_").lower()
mods = mpost.queryModules()
# for line in bashlog:
# if rankreg.search(line):
# rank = rankreg.search(line).group(0)
# msfmod = re.split(" {2,}", line.lstrip())
# msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
# msfentity.setValue(msfmod[0])
# msfentity.addAdditionalFields("rank", "Rank", False, rank)
# msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
for cve in cvereg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule",
msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False,
msfmod[-1])
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
url = mt.getValue()
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
# gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
bashlog = bashrunner(
"gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}"
.format(url))
for line in bashlog:
webdir = mt.addEntity("maltego.WebDir", line.split()[0])
webdir.setValue(line.split()[0])
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
webdir.addAdditionalFields("url", "URL", False, url)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner("snmp-check -w {}".format(ip))
regex = re.compile("^\[\*\]")
results = bucketparser(regex, bashlog, sep=" ")
for res in results:
origheader = res.get("Header")
header = res.get("Header").lower()
if "write access permitted" in header:
phrase = mt.addEntity("msploitego.RelevantInformation",
"{}:{}".format(origheader, hostid))
phrase.setValue("{}:{}".format(origheader, hostid))
elif "system information" in header:
if res.get("Domain"):
dname = res.get("Domain").lstrip(":")
domain = mt.addEntity("maltego.Domain", dname)
domain.setValue(dname)
domain.addAdditionalFields("ip", "IP Address", True, ip)
domain.addAdditionalFields("port", "Port", True, port)
if res.get("Hostname"):
hname = res.get("Hostname").lstrip(":")
hostname = mt.addEntity("msploitego.Hostname", hname)
hostname.setValue(hname)
hostname.addAdditionalFields("ip", "IP Address", True, ip)
hostname.addAdditionalFields("port", "Port", True, port)
elif "user accounts" in header:
for user in res.keys():
if any(x in user for x in ["Details", "Header"]):
continue
alias = mt.addEntity("maltego.Alias", user)
alias.setValue(user)
alias.addAdditionalFields("ip", "IP Address", True, ip)
elif "routing information" in header:
ipprefix = ".".join(ip.split(".")[0:2])
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Destination"]):
continue
for ipr in v.split():
if re.search(ipprefix, ipr) and ipr != ip:
iprout = mt.addEntity("msploitego.RoutingIP", ipr)
iprout.setValue(ipr)
iprout.addAdditionalFields("ip", "IP Address", True,
ip)
elif "network services" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Index"]):
continue
nservice = mt.addEntity("msploitego.NetworkService",
"{}:{}".format(v, hostid))
nservice.setValue("{}:{}".format(v, hostid))
nservice.addAdditionalFields("ip", "IP Address", True, ip)
elif "processes" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header"]):
continue
if "running" in v.lower():
process = mt.addEntity(
"msploitego.Process",
"{}:{}".format(v.split()[-1], hostid))
process.setValue("{}:{}".format(v.split()[-1], hostid))
process.addAdditionalFields("ip", "IP Address", True, ip)
process.addAdditionalFields("pid", "Process ID", True, k)
elif "device information" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Id"]):
continue
if any(x in v for x in ["unknown", "running"]):
device = mt.addEntity(
"maltego.Device",
"{}:{}".format(" ".join(v.split()[2::]), hostid))
device.setValue("{}:{}".format(" ".join(v.split()[2::]),
hostid))
device.addAdditionalFields("ip", "IP Address", True, ip)
elif "software components" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Index", "Header"]):
continue
iprout = mt.addEntity("msploitego.SotwareComponents",
"{}:{}".format(v, hostid))
iprout.setValue("{}:{}".format(v, hostid))
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "share" in header:
path = res.get("Path").lstrip(":")
name = res.get("Name").lstrip(":")
networkshare = mt.addEntity("msploitego.NetworkShare", path)
networkshare.setValue(path)
networkshare.addAdditionalFields("ip", "IP Address", True, ip)
networkshare.addAdditionalFields("name", "Share Name", True, name)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
contents = bashrunner("")
regex = re.compile("^\|\s+")
ignore = re.compile(
"={3,}|Looking\s|padding\d|unknown_\d|logon_hrs|\[V\]\sAttempting\sto\sget|\*unknown\*|\[V\]\sassuming\sthat\suser|\[V\]\sprocessing\ssid\s|\[E\]",
re.I)
headsignore = re.compile("target\sinformation|getting\sprinter", re.I)
results = bucketparser(regex, contents, ignoreg=ignore)
for res in results:
header = res.get("Header")
if headsignore.search(header):
continue
if re.search("enumerating\sworkgroup", header, re.I):
for k, v in res.items():
if re.search("got\sdomain", k, re.I):
doment = mt.addEntity("maltego.Domain", v)
doment.setValue(v)
doment.addAdditionalFields("ip", "IP Address", True, ip)
doment.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("nbtstat\sinformation", header, re.I):
h = header.replace("|", "").lstrip().rstrip()
nbstat = mt.addEntity("msploitego.nbstatinformation", h)
nbstat.setValue(h)
nbstat.addAdditionalFields("data", "Data", False,
"\n".join(res.get("Details")))
nbstat.addAdditionalFields("ip", "IP Address", True, ip)
nbstat.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("session\scheck\son", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
sessioncheck = mt.addEntity("msploitego.nbstatinformation", h)
sessioncheck.setValue(h)
sessioncheck.addAdditionalFields("data", "Data", False,
"\n".join(data))
sessioncheck.addAdditionalFields("ip", "IP Address", True, ip)
sessioncheck.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("getting\sdomain\ssid", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
domainsid = mt.addEntity("msploitego.RelevantInformation", h)
domainsid.setValue(h)
domainsid.addAdditionalFields("data", "Data", False,
"\n".join(data))
domainsid.addAdditionalFields("ip", "IP Address", True, ip)
domainsid.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("os\sinformation\son", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
osinfo = mt.addEntity("msploitego.SambaOSInformation", h)
osinfo.setValue(h)
osinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
osinfo.addAdditionalFields("ip", "IP Address", True, ip)
osinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\svia\srid\scyling", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
ridinfo = mt.addEntity("msploitego.SambaAccountInformation", h)
ridinfo.setValue(h)
ridinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
ridinfo.addAdditionalFields("ip", "IP Address", True, ip)
ridinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\susers\son\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
userinfo = mt.addEntity("msploitego.SambaAccountInformation",
h)
userinfo.setValue(h)
userinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
userinfo.addAdditionalFields("ip", "IP Address", True, ip)
userinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\smacine\senumeration\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
machineinfo = mt.addEntity(
"msploitego.SambaMachineEnumeration", h)
machineinfo.setValue(h)
machineinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
machineinfo.addAdditionalFields("ip", "IP Address", True, ip)
machineinfo.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("\sshare\senumeration\son\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
shareinfo = mt.addEntity("msploitego.SambaShareInformation", h)
shareinfo.setValue(h)
shareinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
shareinfo.addAdditionalFields("ip", "IP Address", True, ip)
shareinfo.addAdditionalFields("hostid", "Host Id", True,
hostid)
elif re.search("\spassword\spolicy\sinformation\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
passinfo = mt.addEntity("msploitego.SambaPasswordPolicyInfo",
h)
passinfo.setValue(h)
passinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
passinfo.addAdditionalFields("ip", "IP Address", True, ip)
passinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
elif re.search("\sgroups\son\s", header, re.I):
data = packandroll(res)
if data:
h = header.replace("|", "").lstrip().rstrip()
passinfo = mt.addEntity("msploitego.SambaGroupInformation", h)
passinfo.setValue(h)
passinfo.addAdditionalFields("data", "Data", False,
"\n".join(data))
passinfo.addAdditionalFields("ip", "IP Address", True, ip)
passinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner("snmp-check -w {}".format(ip))
regex = re.compile("^\[\*\]")
results = bucketparser(regex, bashlog, sep=" ")
for res in results:
origheader = res.get("Header")
header = res.get("Header").lower()
if "write access permitted" in header:
phrase = mt.addEntity("maltego.Pharse", origheader)
phrase.setValue(origheader)
elif "system information" in header:
if res.get("Domain"):
dname = res.get("Domain").lstrip(":")
domain = mt.addEntity("maltego.Domain", dname)
domain.setValue(dname)
domain.addAdditionalFields("ip", "IP Address", True, ip)
domain.addAdditionalFields("port", "Port", True, port)
if res.get("Hostname"):
hname = res.get("Hostname").lstrip(":")
hostname = mt.addEntity("msploitego.Hostname", hname)
hostname.setValue(hname)
hostname.addAdditionalFields("ip", "IP Address", True, ip)
hostname.addAdditionalFields("port", "Port", True, port)
elif "user accounts" in header:
for user in res.keys():
if any(x in user for x in ["Details", "Header"]):
continue
alias = mt.addEntity("maltego.Alias", user)
alias.setValue(user)
alias.addAdditionalFields("ip", "IP Address", True, ip)
elif "routing information" in header:
ipprefix = ".".join(ip.split(".")[0:2])
for k,v in res.items():
if any(x in k for x in ["Details", "Header","Destination"]):
continue
for ipr in v.split():
if re.search(ipprefix,ipr) and ipr != ip:
iprout = mt.addEntity("msploitego.RoutingIP", ipr)
iprout.setValue(ipr)
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "network services" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header","Index"]):
continue
nservice = mt.addEntity("msploitego.NetworkService", v)
nservice.setValue(v)
nservice.addAdditionalFields("ip", "IP Address", True, ip)
elif "processes" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header"]):
continue
if "running" in v.lower():
process = mt.addEntity("msploitego.Process", v.split()[-1])
process.setValue(v.split()[-1])
process.addAdditionalFields("ip", "IP Address", True, ip)
process.addAdditionalFields("pid","Process ID", True, k)
elif "device information" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header", "Id"]):
continue
if any(x in v for x in ["unknown","running"]):
device = mt.addEntity("maltego.Device", " ".join(v.split()[2::]))
device.setValue(" ".join(v.split()[2::]))
device.addAdditionalFields("ip", "IP Address", True, ip)
elif "software components" in header:
for k,v in res.items():
if any(x in k for x in ["Details","Index","Header"]):
continue
iprout = mt.addEntity("msploitego.SotwareComponents", v)
iprout.setValue(v)
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "share" in header:
path = res.get("Path").lstrip(":")
name = res.get("Name").lstrip(":")
networkshare = mt.addEntity("msploitego.NetworkShare", path)
networkshare.setValue(path)
networkshare.addAdditionalFields("ip", "IP Address", True, ip)
networkshare.addAdditionalFields("name", "Share Name", True, name)
mt.returnOutput()
mt.addUIMessage("completed!")
