def get_host_attribute_trackers(trx, context):
"""Get tracker data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_trackers(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(response)
for item in results:
entity_name = "pt.tracker%s" % item.get('attributeType')
ent = trx.addEntity(entity_name,
safe_symbols(item.get('attributeValue')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_TRACKER_TYPE, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('attributeType')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME,
'loose', safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_host_attribute_components(trx, context):
"""Get component data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_components(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(response)
for item in results:
entity_value = "%s (%s)" % (item.get('label'), item.get('category'))
ent = trx.addEntity(MALTEGO_PT_COMPONENT, safe_symbols(entity_value))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('category')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME,
'loose', safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_host_attribute_components(trx, context):
"""Get component data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_components(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
entity_value = "%s (%s)" % (item.get('label'), item.get('category'))
ent = trx.addEntity(MALTEGO_PT_COMPONENT, safe_symbols(entity_value))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('category')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME, 'loose',
safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_host_attribute_trackers(trx, context):
"""Get tracker data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_trackers(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
entity_name = "pt.tracker%s" % item.get('attributeType')
ent = trx.addEntity(entity_name,
safe_symbols(item.get('attributeValue')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_TRACKER_TYPE, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('attributeType')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME, 'loose',
safe_symbols(item.get('hostname')))
return maltego_response(trx)
def run_whois_search(trx, context, field):
"""Abstract runner to search whois data."""
query_value = context.Value
client = load_client(context)
response = client.search_whois_by_field(query=query_value, field=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('domain')))
return maltego_response(trx)
def run_ssl_certificate_search(trx, context, field):
"""Abstract runner to search certificate data."""
query_value = context.Value
client = load_client(context)
response = client.search_ssl_certificate_by_field(query=query_value,
field=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
trx.addEntity(MALTEGO_PT_SSL_CERT, safe_symbols(item.get('sha1')))
return maltego_response(trx)
def run_tracker_search(trx, context, field):
"""Abstract runner to search tracker data."""
query_value = context.Value
client = load_client(context)
response = client.search_trackers(query=query_value, type=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('hostname')))
ent.addProperty(LABEL_BLACKLISTED, LABEL_BLACKLISTED,
'loose', safe_symbols(item.get('everBlacklisted',)))
return maltego_response(trx)
def run_ssl_certificate_search(trx, context, field):
"""Abstract runner to search certificate data."""
query_value = context.Value
client = load_client(context)
response = client.search_ssl_certificate_by_field(
query=query_value,
field=field
)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
trx.addEntity(MALTEGO_PT_SSL_CERT, safe_symbols(item.get('sha1')))
return maltego_response(trx)
def run_tracker_search(trx, context, field):
"""Abstract runner to search tracker data."""
query_value = context.Value
client = load_client(context)
response = client.search_trackers(query=query_value, type=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('hostname')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
return maltego_response(trx)
def get_host_attribute_child_pairs(trx, context):
"""Get pair data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_pairs(query=query_value,
direction="children")
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('child')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('cause')))
ent.setLinkLabel(safe_symbols(item.get('cause')))
return maltego_response(trx)
def get_host_attribute_child_pairs(trx, context):
"""Get pair data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_pairs(query=query_value,
direction="children")
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('child')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('cause')))
ent.setLinkLabel(safe_symbols(item.get('cause')))
return maltego_response(trx)