def new_transform(arg):
m = MaltegoTransform()
m.parseArguments(arg)
ip = m.getVar('ipv4-address')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.AS', i['asn'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def expandPropertiesFromI3visioEntity(argv):
'''
Method that expands the properties from a given i3visio entity. It is useful to create new Entities based on the contents of the properties.
:param argv: the serialized entity.
:return: Nothing is returned but the code of the entities is created.
'''
me = MaltegoTransform()
me.parseArguments(argv)
# Trying to recover all the possible i3visio entities
found_fields = {}
for entity in constants.I3VISIO_ENTITIES:
found_fields[entity] = me.getVar(entity)
# All the possible fields must be written down here...
# iterating through the possible i3visio entities
for field in found_fields.keys():
if found_fields[field] != None:
newEnt = me.addEntity(field, str(found_fields[field]))
#newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat] + "</p>");
#newEnt.addAdditionalFields("i3visio.platform","Platform name",True,plat)
try:
# Adding new entities observing the attributes tab:
attributes = me.getVar("attributes")
#print attributes
attJson = json.loads(attributes)
#print attJson
for att in attJson:
#print att
newEnt = me.addEntity(str(att["type"]), str(att["value"]))
#newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat] + "</p>");
newEnt.addAdditionalFields("attributes", "attributes", True,
str(att["attributes"]))
except:
pass
# Getting the output text
#maltegoText = me.getOutput()
# Returning the output text...
me.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
lat = float(TRX.getVar("latitude"))
lng = float(TRX.getVar("longitude"))
address = TRX.getVar("longaddress")
logging.debug(lat)
logging.debug(address)
try:
f = open("wigle_creds.txt", "r")
user, passw, email,proxy = f.readline().strip().split(":")
except Exception, e:
print "ERROR: Unable to read Wigle user & pass, email (and optional proxy) from wigle_creds.txt"
print e
exit(-1)
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
lat = float(TRX.getVar("latitude"))
lng = float(TRX.getVar("longitude"))
address = TRX.getVar("longaddress")
logging.debug(lat)
logging.debug(address)
try:
f = open("wigle_creds.txt", "r")
user, passw, email, proxy = f.readline().strip().split(":")
except Exception, e:
print "ERROR: Unable to read Wigle user & pass, email (and optional proxy) from wigle_creds.txt"
print e
exit(-1)
TRX.throwExceptions()
exit(0)
#loging.error(len(r))
# The dirtiest hack of dirty hacks.
if not shadowKey:
shadowKey = "derpderpderp"
if shadowKey and str(m.Type) == "snoopy.Snoopy":
filters.append( mtk.c.mtkey == shadowKey )
filters.append( mtk.c.user == users.c.user )
filters.append( sess.c.drone == users.c.drone )
#Option Two, Local:
else:
drone = TRX.getVar("properties.drone")
if TRX.getVar("drone"):
drone = TRX.getVar("drone")
location = TRX.getVar("properties.dronelocation")
if TRX.getVar("location"):
location = TRX.getVar("location")
start_time = TRX.getVar("properties.start_time", "2000-01-01 00:00:00.0")
if TRX.getVar("start_time"):
start_time = TRX.getVar("start_time", "2000-01-01 00:00:00.0")
end_time = TRX.getVar("properties.end_time", "2037-01-01 00:00:00.0")
if TRX.getVar("end_time"):
end_time = TRX.getVar("end_time", "2037-01-01 00:00:00.0")
import sys
import io
import json
import httplib2
import apiclient.discovery
from MaltegoTransform import *
GOOGLEPLUS_API_KEY = "AIzaSyCQUjsJBAKSLNqM187Yro9z8lFO8KUXyVE"
me = MaltegoTransform()
me.parseArguments(sys.argv)
Q = me.getVar('UID')
try:
#initialize G+
service = apiclient.discovery.build('plus',
'v1',
http=httplib2.Http(),
developerKey=GOOGLEPLUS_API_KEY)
#get query result
organizations = service.people().get(userId=Q,
fields='organizations').execute()
for o in organizations['organizations']:
fullname = ""
if 'department' in o:
fullname += o['department'] + "@"
fullname += o['name']
org = me.addEntity("maltego.Organization", fullname)
org.setType("maltego.Organization")
from TeethLib import *
from MaltegoTransform import *
##########MAIN
m = MaltegoTransform()
m.parseArguments(sys.argv)
target = sys.argv[1]
origin = m.getVar('origin') + "/"
if origin is None:
logger.info("Origin on [%s] not found" % target)
logger.info("Checking indexability of [%s]" % origin)
output = get_url_with_BS(origin, 20)
if output.lower().find('index of') >= 0 or output.lower().find(
'directory listing of') >= 0:
logger.info("[%s] found to be indexable" % origin)
IndEnt = m.addEntity("maltego.Phrase", "Indexable:" + origin)
IndEnt.setDisplayInformation('Click <a href="' + origin +
'">here</a> to view')
else:
logger.debug("[%s] not indexable" % origin)
m.returnOutput()
#!/usr/bin/env python
"""Expand the entities related to an RF Event."""
import sys
from MaltegoTransform import *
from APIUtil import APIUtil
from rf_maltego_conv import *
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
eid = mt.getVar("eid")
rfapi = APIUtil()
reference_query = {"reference": {"cluster_id": eid, "limit": 100}}
sys.stderr.write("RF querying...\n")
ents = []
seen_ids = set()
seen_ids.add(eid)
for ceid, ent in rfapi.query(reference_query).get("entities", {}).items():
if ceid not in seen_ids:
ent["id"] = ceid
ents.append(ent)
seen_ids.add(ceid)
rf2maltego(mt, ents)
sys.stderr.write("RF Transform Done.\n")
mt.returnOutput()
from TeethLib import *
from MaltegoTransform import *
from urlparse import *
m = MaltegoTransform()
m.parseArguments(sys.argv)
target = sys.argv[1]
level = m.getVar('level')
origin = m.getVar('origin')
TTM = read_config_file('MirrorGeneral', 'time_to_mirror')
if level is None and origin is None:
logger.info("Running mirror directory mine on website [%s]" % target)
level = 1
track = ''
else:
if level is not None and origin is not None:
track = target.replace('/', '')
target = urlparse(origin).netloc
level = str(int(level) + 1)
logger.info("Running mirror deeper mine on w[%s] l[%s] t[%s]" %
(target, level, track))
else:
logger.info(
"[%s] Can only run subdirectory mirror mining on directories which are a result of a mirror"
% target)
m.returnOutput()
quit()
pathname = os.path.join(pathname, '..', 'local', 'munk.conf')
return os.path.normpath(pathname)
configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk', 'auth')
searchhead = config.get('splunk', 'searchhead')
timeframe = config.get('splunk', 'timeframe')
splunkweb_port = config.get('splunk', 'splunkweb_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
index = me.getVar("properties.index")
# Opens default webbrowser with a Splunk Search set to the hostname of the host entity selected.
webbrowser.open('http://' + searchhead + ':' + splunkweb_port +
'/en-US/app/search/search?q=search%20index%3D' + str(index) +
'&earliest=' + timeframe)
# Return Maltego Output
me.returnOutput()
#!/usr/bin/python
# Pull all the egress destinations attached to an egress rule
from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
m.parseArguments(sys.argv)
egress_dst = m.getVar("GroupID")
try:
conn = boto.ec2.connect_to_region(REGION,
aws_access_key_id=creds[0],
aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
if str(group_id) == str(egress_dst):
egress_rules = conn.get_all_security_groups(
group_ids=group_id)[0].rules_egress
number_of_egress = len(egress_rules)
for g in range(number_of_egress):
#!/usr/bin/python
# Get all the instances in our Region
from MaltegoTransform import *
import sys
import boto3
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')
try:
client = boto3.resource('ec2', region_name=REGION)
instances = client.instances.all()
mt.addUIMessage("Getting instances in " + REGION)
for instance in instances:
ent = mt.addEntity('matterasmus.AmazonEC2Instance', instance.tags[0].get("Value"))
ent.addAdditionalFields("InstanceId", "Instance ID", "strict", str(instance.id))
ent.addAdditionalFields("InstanceType", "Instance Type", "strict", instance.instance_type)
ent.addAdditionalFields("KeyName", "Key Name", "strict", instance.key_name)
ent.addAdditionalFields("PrivateIp", "Private Ip", "strict", instance.private_ip_address)
ent.addAdditionalFields("RegionName", "Region Name", "strict", REGION)
ent.addAdditionalFields("InstanceState", "Instance State", True, str(instance.state['Name']))
ent.addAdditionalFields("LaunchDate", "Launch Date", True, str(instance.launch_time))
else:
mt.addUIMessage("Completed.")
except Exception as e:
mt.addUIMessage(str(e))
mt.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
# ssid = TRX.getVar("ssid")
logging.debug(ssid)
logging.debug(type(ssid))
user = TRX.getVar("wigleUser")
passw = TRX.getVar("wiglePass")
email = TRX.getVar("wigleEmail")
proxy = TRX.getVar("wigleProxy")
if not user or not passw or not email:
print "ERROR: Please supply Wigle credentials in the 'Property View' on the right --->"
exit(-1)
wig = Wigle(user, passw, email, proxy)
if not wig.login():
print "ERROR: Unable to login to Wigle with supplied wigle creds. Please check them."
exit(-1)
locations = wig.lookupSSID(ssid)
if "error" in locations:
print "ERROR: Unable to query Wigle. Perhaps your IP/user is shunned. Error was '%s'" % locations
exit(-1)
for address in locations:
if len(locations) > 20:
break
# ssid = b64decode(ssid)
# ssid=escape(ssid)
# ssid = illegal_xml_re.sub('', ssid)
logging.debug(type(address))
street_view_url1 = (
"http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s"
% (str(address["lat"]), str(address["long"]))
)
street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (
str(address["lat"]),
str(address["long"]),
)
map_url = "http://maps.google.com/maps?t=h&q=%s,%s" % (str(address["lat"]), str(address["long"]))
flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address["code"]).upper()
# NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
NewEnt = TRX.addEntity("snoopy.ssidLocation", address["shortaddress"].encode("utf-8"))
NewEnt.addAdditionalFields("city", "city", "strict", address["city"].encode("utf-8"))
NewEnt.addAdditionalFields("countrycode", "countrycode", "strict", address["code"].encode("utf-8"))
NewEnt.addAdditionalFields("country", "country", "strict", address["country"].encode("utf-8"))
NewEnt.addAdditionalFields("lat", "lat", "strict", str(address["lat"]))
NewEnt.addAdditionalFields("long", "long", "strict", str(address["long"]))
NewEnt.addAdditionalFields("longaddress", "longaddress", "strict", address["longaddress"].encode("utf-8"))
NewEnt.addAdditionalFields("location.areacode", "Area Code", "strict", address["postcode"])
NewEnt.addAdditionalFields("road", "Road", "strict", address["road"].encode("utf-8"))
NewEnt.addAdditionalFields("streetaddress", "streetaddress", "strict", address["shortaddress"].encode("utf-8"))
NewEnt.addAdditionalFields("ssid", "SSID", "strict", address["ssid"])
NewEnt.addAdditionalFields("state", "State", "strict", address["state"].encode("utf-8"))
NewEnt.addAdditionalFields("area", "Area", "strict", address["suburb"].encode("utf-8"))
NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)
# NewEnt.setIconURL(flag_img)
logging.debug(street_view_url1)
NewEnt.setIconURL(street_view_url1)
NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")
TRX.returnOutput()
import threading
import time
from TeethLib import *
from MaltegoTransform import *
me = MaltegoTransform()
me.parseArguments(sys.argv)
if (len(sys.argv[1]) <= 0):
logger.debug("Not mining in the root..again! :)")
me.returnOutput()
quit()
origin = me.getVar("origin")
if origin is None:
target = "http://" + sys.argv[1]
else:
target = origin
urls_received = 0
stack = []
tcount = 0
def compare_url(dir, nothere, timeout_T):
global tcount
tcount += 1
compare = get_url_with_BS(target + dir, timeout_T).replace(dir, '').lower()
if (len(compare) > 0):
from MaltegoTransform import *
from mcrits_utils import *
crits = mcrits()
me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar("id")
crits_type = me.getVar("crits_type")
for result in crits.get_related(crits_type, id_, "Event"):
# For each related object, get the details.
obj = crits.get_single_obj("Event", result[1])
ent = me.addEntity(result[0], obj["title"])
ent.addAdditionalFields(fieldName="id", displayName="id", value=result[1])
me.returnOutput()
#!/usr/bin/env python
"""Expand the entities related to an RF Event."""
import sys
from MaltegoTransform import *
from APIUtil import APIUtil
from rf_maltego_conv import *
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
eid = mt.getVar("eid")
rfapi = APIUtil()
reference_query = {
"reference": {
"cluster_id":eid,
"limit": 100
}
}
sys.stderr.write("RF querying...\n")
ents = []
seen_ids = set()
seen_ids.add(eid)
for ceid, ent in rfapi.query(reference_query).get("entities", {}).items():
if ceid not in seen_ids:
ent["id"] = ceid
ents.append(ent)
seen_ids.add(ceid)
#!/usr/bin/python
# Get Instance Information
from MaltegoTransform import *
import sys
import boto3
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')
instance_id = mt.getVar('InstanceId')
mt.addUIMessage("Region: " + REGION)
mt.addUIMessage("Instance: " + instance_id)
# Get Instance Info
try:
client = boto3.resource('ec2', region_name=REGION)
instance_info = client.Instance(id=instance_id)
ent = mt.addEntity('matterasmus.AmazonEC2InstanceType', str(instance_info.instance_type))
ent.addAdditionalFields("InstanceType", "Instance Type", True, str(instance_info.instance_type))
ent = mt.addEntity('matterasmus.AmazonEC2Key', str(instance_info.key_name))
ent.addAdditionalFields("InstanceAccessKey", "Access Key", True, str(instance_info.key_name))
ent = mt.addEntity('matterasmus.AmazonEC2Subnet', str(instance_info.subnet_id))
ent.addAdditionalFields("variable", "Subnet ID", True, str(instance_info.subnet_id))
# Get VPC Information
vpc_info = client.Vpc(id=instance_info.vpc_id)
ent = mt.addEntity('matterasmus.AmazonEC2VPC', str(vpc_info.cidr_block))
ent.addAdditionalFields("VpcId", "VPC ID", True, str(instance_info.vpc_id))
ent.addAdditionalFields("IPv4Address", "CIDR Block", True, str(vpc_info.cidr_block))
ent = mt.addEntity('maltego.IPv4Address', str(instance_info.private_ip_address))
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Description: Locally extract aliases/usernames from Tweets
# Installation: http://dev.paterva.com/developer/getting_started/building_your_own_local_transform.php
# Author: Michael Henriksen (@michenriksen)
from MaltegoTransform import *
from ttp import ttp
import sys
transform = MaltegoTransform()
transform.parseArguments(sys.argv)
tweet = transform.getVar("content").decode('utf-8')
parser = ttp.Parser()
parsed_tweet = parser.parse(tweet)
for alias in parsed_tweet.users:
transform.addEntity("maltego.Alias", alias)
transform.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
#ssid = TRX.getVar("ssid")
logging.debug(ssid)
logging.debug(type(ssid))
user = TRX.getVar("wigleUser")
passw = TRX.getVar("wiglePass")
email = TRX.getVar("wigleEmail")
proxy = TRX.getVar("wigleProxy")
if not user or not passw or not email:
print "ERROR: Please supply Wigle credentials in the 'Property View' on the right --->"
exit(-1)
wig=Wigle(user, passw, email, proxy)
if not wig.login():
print "ERROR: Unable to login to Wigle with supplied wigle creds. Please check them."
exit(-1)
locations = wig.lookupSSID(ssid)
if 'error' in locations:
print "ERROR: Unable to query Wigle. Perhaps your IP/user is shunned. Error was '%s'" % locations
exit(-1)
for address in locations:
if len(locations) > 20:
break
#ssid = b64decode(ssid)
#ssid=escape(ssid)
#ssid = illegal_xml_re.sub('', ssid)
logging.debug(type(address))
street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address['lat']),str(address['long']))
street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long']))
map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long']))
flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper()
#NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8'))
NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8'))
NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8'))
NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat']))
NewEnt.addAdditionalFields("long","long", "strict", str(address['long']))
NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode'])
NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8'))
NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid'])
NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8'))
NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8'))
NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)
#NewEnt.setIconURL(flag_img)
logging.debug(street_view_url1)
NewEnt.setIconURL(street_view_url1)
NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")
TRX.returnOutput()
#Maltego Transfrom - VirusTotal submitter information @arieljt
from MaltegoTransform import *
import requests
import json
apiurl = "https://www.virustotal.com/api/v3/"
apikey = "API_KEY"
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
file_hash = mt.getVar('properties.hash')
try:
headers = {'x-apikey': apikey}
response = requests.get(apiurl + 'files/' + file_hash + '/submissions', headers=headers)
response_json = response.json()
if 'attributes' in response_json['data'][0]:
for item in response_json['data']:
me = mt.addEntity("maltego.VTSubmitter", '%s' % item['attributes']['source_key'].encode("ascii"))
if 'country' in item['attributes']:
me.addAdditionalFields("VTSubmitter.Country","Submitter Country",True,'%s' % item['attributes']['country'].encode("ascii"))
if 'interface' in item['attributes']:
me.addAdditionalFields("VTSubmitter.Interface","Submitter Interface",True,'%s' % item['attributes']['interface'].encode("ascii"))
me.setLinkLabel("VT Submitter")
except:
mt.addUIMessage("Exception Occurred")
config = ConfigParser.SafeConfigParser()
config.read(configFile)
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
ds = sys.argv[1]
dsport = me.getVar("dsport")
# Determine which REST call to make based on authentication setting.
if auth == "1":
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
if auth == "0":
output = subprocess.check_output('curl -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
# XML Parsing with ElementTree
root = ET.fromstring(output)
entry = root.find('{http://www.w3.org/2005/Atom}entry')
content = entry.find('{http://www.w3.org/2005/Atom}content')
dic = content.find('{http://dev.splunk.com/ns/rest}dict')
apps = dic.find(".//{http://dev.splunk.com/ns/rest}key[@name='applications']")
pathname = os.path.join(pathname, '..','local', 'mcrits.conf')
return os.path.normpath(pathname)
configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)
username = config.get('info', 'username')
url = config.get('info', 'url')
api_key = config.get('info', 'api_key')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
ioctype = me.getVar("ioctype")
campaignname = me.getVar("campaign")
# Setting up requests variables from mcrits.conf
url = url + '/api/v1/indicators/'
params = {
'api_key': api_key,
'username': username,
}
elems = ['_id','bucket_list','created','modified','sectors','status']
r = requests.get(url, params=params, verify=False)
j = json.loads(r.text)
for ioc in j['objects']:
from MaltegoTransform import *
m = MaltegoTransform()
m.parseArguments(sys.argv)
ports = m.getVar('service.ports') # string
ports = ports.split('|') # array
for port in ports:
port, name = port.split('::')
svc = m.addEntity('maltego.Service', port)
svc.addAdditionalFields("port.number", "Port", "strict", port)
svc.addAdditionalFields("banner.text", "Service Banner", "strict", name)
m.returnOutput()
#!/usr/bin/python
# Pull all the egress destinations attached to an egress rule
from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
m.parseArguments(sys.argv)
egress_dst = m.getVar("GroupID")
try:
conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
if str(group_id) == str(egress_dst):
egress_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules_egress
number_of_egress = len(egress_rules)
for g in range(number_of_egress):
ent = m.addEntity('matterasmus.AmazonEC2IngressSource', str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
ent.addAdditionalFields("Source", "Source", "strict", str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
from MaltegoTransform import *
m = MaltegoTransform()
m.parseArguments(sys.argv)
ports = m.getVar('service.ports') # string
ports = ports.split('|') # array
for port in ports:
port, name = port.split('::')
svc = m.addEntity('maltego.Service', port)
svc.addAdditionalFields("port.number", "Port", "strict", port)
svc.addAdditionalFields("banner.text", "Service Banner", "strict", name)
m.returnOutput()
from selenium import webdriver
from fake_useragent import UserAgent
import requests
# Set path to your chosen webdriver, e.g. CHROME_PATH = './chromedriver.exe'
PHANTOMJS_PATH = './phantomjs.exe'
# Instantitate a user-agent object
ua = UserAgent()
# Instantiate a Maltego transform object
m = MaltegoTransform()
# Parse arguements passed from Maltego entities with a field named 'url'
m.parseArguments(sys.argv)
IMAGE_URL = m.getVar('url').decode('utf8')
MATCHING_URL = None
SIMILAR_URL = None
API_ENDPOINT = 'http://st.so.com/stu'
# POST request payload
data = {
'imgurl': IMAGE_URL,
'submittype': 'imgurl',
'src': 'image',
'srcsp': 'st_search'
}
# Call the images.so.com reverse search API, returns html
try:
return m
logger.info("Done. Could not find Joomla credentials for:"+target)
return m
##########MAIN
m = MaltegoTransform()
m.parseArguments(sys.argv);
target=sys.argv[1]
if m.getVar('type') is None or m.getVar('entry') is None:
logger.info("You need a entry point (entry) and a type (type) - you have one or both missing")
m.returnOutput()
quit()
# load tlds, ignore comments and empty lines:
with open("effective_tld_names.dat.txt") as tldFile:
tlds = [line.strip() for line in tldFile if line[0] not in "/\n"]
domain_parts = get_domain_parts("http://"+m.getVar('entry'),tlds)
interestingbit=domain_parts.domain
logger.debug("Adding [%s] to the password list"%interestingbit)
if (interestingbit is None):
logger.info("Could not parse domain. This is not great, but we'll continue..")
#!/usr/bin/python
#######################################################
# Maltego NMAP integration script #
# #
# #
# Andrew MacPherson [ andrew <<at>> Paterva.com ] #
# #
#######################################################
import os, sys, time
from MaltegoTransform import *
me = MaltegoTransform()
me.parseArguments(sys.argv)
portValue = me.getVar("banner")
me.addEntity("Banner", portValue)
me.returnOutput()
(front, back) = email.split('@')
if back not in domains:
domains.append(back)
choice = eg.choicebox('Pick a domain', 'Target selection', domains)
return choice
######### MAIN
m = MaltegoTransform()
m.parseArguments(sys.argv)
target = sys.argv[1]
logger.debug("Starting OWA Brute module")
type = m.getVar('type')
entry = m.getVar('entry')
if type is None:
logger.debug("Missing type on [%s]" % target)
m.returOutput()
quit()
location = m.getVar('entry')
if (location is None):
logger.info("location on [%s] is empty, cannot proceed" % target)
m.returnOutput()
quit()
emails = slurp_file("OWABrute", "StorageFile")
if len(emails) <= 0:
TRX.throwExceptions()
exit(0)
#loging.error(len(r))
# The dirtiest hack of dirty hacks.
if not shadowKey:
shadowKey = "derpderpderp"
if shadowKey and str(m.Type) == "snoopy.Snoopy":
filters.append(mtk.c.mtkey == shadowKey)
filters.append(mtk.c.user == users.c.user)
filters.append(sess.c.drone == users.c.drone)
#Option Two, Local:
else:
drone = TRX.getVar("properties.drone")
if TRX.getVar("drone"):
drone = TRX.getVar("drone")
location = TRX.getVar("properties.dronelocation")
if TRX.getVar("location"):
location = TRX.getVar("location")
start_time = TRX.getVar("properties.start_time", "2000-01-01 00:00:00.0")
if TRX.getVar("start_time"):
start_time = TRX.getVar("start_time", "2000-01-01 00:00:00.0")
end_time = TRX.getVar("properties.end_time", "2037-01-01 00:00:00.0")
if TRX.getVar("end_time"):
end_time = TRX.getVar("end_time", "2037-01-01 00:00:00.0")
#!/usr/bin/env python
"""Resolve a company or an organization by name using the Recorded Future API."""
import sys
from MaltegoTransform import *
from APIUtil import APIUtil
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
name = mt.getVar("properties.companyname")
sys.stderr.write("Resolving company...")
rfapi = APIUtil()
entity_query = {
"entity":{"name":name, "type":["Company", "Organization"], "limit":1}
}
query_response = rfapi.query(entity_query)
eid = None
for q_eid, q_ent in query_response.get('entity_details', {}).items():
sys.stderr.write("Found eid: {0}".format(q_eid))
name = q_ent['name']
eid = q_eid
etype = q_ent['type']
ent = q_ent
if not eid:
#!/usr/bin/python
#######################################################
# Maltego NMAP integration script #
# #
# #
# Andrew MacPherson [ andrew <<at>> Paterva.com ] #
# #
#######################################################
import os, sys, time
from MaltegoTransform import *
me = MaltegoTransform()
me.parseArguments(sys.argv)
portValue = me.getVar("port")
me.addEntity("Port", portValue)
me.returnOutput()
#!/usr/bin/python
# Pull all the egress rules for a Security Group
from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
m.parseArguments(sys.argv)
sec_group = m.getVar("GroupID")
try:
conn = boto.ec2.connect_to_region(REGION,
aws_access_key_id=creds[0],
aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
sg_name = conn.get_all_security_groups(group_ids=group_id)[0]
if str(group_id) == str(sec_group):
egress_rules = conn.get_all_security_groups(
group_ids=group_id)[0].rules_egress
number_of_egress = len(egress_rules)
#!/usr/bin/python
# -*- encoding: utf-8 -*-
# Extract list price from smzdm.com item listing
import sys
import codecs
from MaltegoTransform import *
# Initialize Maltego library
m = MaltegoTransform()
# Extract the listed price from the Maltego smzdm item entity
m.parseArguments(sys.argv)
price = m.getVar('item-price').decode('utf8')
# Add entity to the Maltego chart
myEntity = m.addEntity('smzdm.itemprice', price.encode('utf8',
errors='ignore'))
# Return entity to Maltego
m.returnOutput()
from MaltegoTransform import *
from mcrits_utils import *
crits = mcrits()
me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar('id')
crits_type = me.getVar('crits_type')
for result in crits.get_related(crits_type, id_, 'Actor'):
# For each related object, get the details.
obj = crits.get_single_obj('Actor', result[1])
# For each identifer, get the name.
identifiers = []
for id_dict in obj['identifiers']:
id_obj = crits.get_single_obj('ActorIdentifier',
id_dict['identifier_id'])
identifiers.append(id_obj['name'])
ent = me.addEntity(result[0], obj['name'])
ent.addAdditionalFields(fieldName='id',
displayName='id',
value=result[1])
ent.addAdditionalFields(fieldName='aliases',
displayName='Aliases',
value=obj['aliases'])
ent.addAdditionalFields(fieldName='identifiers',
displayName='Identifiers',
value=identifiers)
me.returnOutput()
#!/usr/bin/python
# Pull all the ingress sources attached to an ingress rule
from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
m.parseArguments(sys.argv)
ingress_src = m.getVar("GroupID")
try:
conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
if str(group_id) == str(ingress_src):
sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
rule_nums = len(sec_rules)
for g in range(rule_nums):
ent = m.addEntity('matterasmus.AmazonEC2IngressSource', str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
ent.addAdditionalFields("Source", "Source", "strict", str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk', 'auth')
searchhead = config.get('splunk', 'searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk', 'proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
application = sys.argv[1]
ds = me.getVar("ds")
dsport = me.getVar("dsport")
# Determine which REST call to make based on authentication setting.
if auth == "1":
if proxy == "1":
output = subprocess.check_output(
'curl -u ' + username + ':' + password + ' --socks5 ' + proxy_ip +
':' + proxy_port + ' -s -k https://' + ds + ':' + dsport +
'/services/deployment/server/clients',
shell=True)
else:
output = subprocess.check_output(
'curl -u ' + username + ':' + password + ' -s -k https://' + ds +
':' + dsport + '/services/deployment/server/clients',
#!/usr/bin/python
# -*- coding: utf-8 -*-
from MaltegoTransform import *
from nltk.corpus import stopwords
from nltk.stem.snowball import SnowballStemmer
import sys, string
# Description: Locally extract words from Tweets
# Installation: http://dev.paterva.com/developer/getting_started/building_your_own_local_transform.php
# Author: Michael Henriksen (@michenriksen)
transform = MaltegoTransform()
transform.parseArguments(sys.argv)
tweet = transform.getVar("content")
stemmer = SnowballStemmer("english")
stop_words = stopwords.words("english")
with open("top100Kenglishwords.txt") as f:
common_words = [x.strip().strip().lower().decode("unicode_escape").encode("ascii", "ignore") for x in f.readlines()]
words = []
for word in tweet.split():
if word.startswith('#') or word.startswith('@') or word.startswith('\\'):
continue
# Normalize word and strip out silliness
word = word.strip().lower().decode("unicode_escape").encode("ascii", "ignore")
word = ''.join(ch for ch in word if ch not in string.punctuation)
if word == '' or word == 'rt' or word.startswith('http'):
continue
#!/usr/bin/env python
# Maltego transform for getting the robots.txt file from websites
from MaltegoTransform import *
import requests
m = MaltegoTransform()
m.parseArguments(sys.argv)
website = m.getVar('fqdn')
port = m.getVar('ports')
port = port.split(',')
ssl = m.getVar('website.ssl-enabled')
robots = []
try:
for c in port:
if ssl == 'true':
url = 'https://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
else:
url = 'http://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
from MaltegoTransform import *
from mcrits_utils import *
crits = mcrits()
me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar('id')
crits_type = me.getVar('crits_type')
for result in crits.get_related(crits_type, id_, 'IP'):
# For each related object, get the details.
obj = crits.get_single_obj('IP', result[1])
ent = me.addEntity(result[0], result[1])
ent.addAdditionalFields(fieldName='ip', displayName='IP', value=obj['ip'])
ent.addAdditionalFields(fieldName='type',
displayName='Type',
value=obj['type'])
me.returnOutput()
def getLocalConfPath():
pathname = os.path.dirname(sys.argv[0])
pathname = os.path.abspath(pathname)
pathname = os.path.join(pathname, '..','local', 'munk.conf')
return os.path.normpath(pathname)
configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
splunkweb_port = config.get('splunk','splunkweb_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
host = me.getVar("properties.host")
# Opens default webbrowser with a Splunk Search set to the hostname of the host entity selected.
webbrowser.open('http://' + searchhead + ':' + splunkweb_port + '/en-US/app/search/search?q=search%20index%3D*%20host%3D' + str(host) + '&earliest=' + timeframe)
# Return Maltego Output
me.returnOutput()
#!/usr/bin/python
# Pull all the ingress rules for a Security Group
from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
m.parseArguments(sys.argv)
sec_group = m.getVar("GroupID")
try:
conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
if str(group_id) == str(sec_group):
sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
rule_nums = len(sec_rules)
for g in range(rule_nums):
ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupPP', str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g]))
ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
#!/usr/bin/python
import sys
import csv
import os,sys,time,random
from MaltegoTransform import *
import EasyDialogs
me = MaltegoTransform();
me.parseArguments(sys.argv);
csv_file = me.getVar("file");
if (csv_file is None):
defaultFile = "c:\stafflist.csv"
csv_file = EasyDialogs.AskString("Which file do you want to use?",defaultFile);
if (csv_file is None):
me.returnOutput();
exit();
csv_reader = csv.reader(open(csv_file), delimiter = ',');
Emails = []
for row in csv_reader:
Emails.append(row[0]);
EmailsUnique = dict(map(lambda i: (i,1),Emails)).keys()
for s in Emails:
myentity = me.addEntity("EmailAddress",s);
myentity.addAdditionalFields("file","CSV File",None,csv_file);
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk','proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
application = sys.argv[1]
ds = me.getVar("ds")
dsport = me.getVar("dsport")
# Determine which REST call to make based on authentication setting.
if auth == "1":
if proxy == "1":
output = subprocess.check_output('curl -u ' + username + ':' + password + ' --socks5 ' + proxy_ip + ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
else:
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
else:
if proxy == "1":
output = subprocess.check_output('curl --socks5 ' + proxy_ip + ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
else:
output = subprocess.check_output('curl -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
#!/usr/bin/python
#################
# NMAP VULN TOOL#
#################
import os, sys
from MaltegoTransform import *
m_ent = MaltegoTransform()
m_ent.parseArguments(sys.argv)
banner_grab = m_ent.getVar("banner")
open_grab = m_ent.getVar("opening")
if open_grab == "open":
me_add = m_ent.addEntity("Banner", banner_grab)
me_add.setType("jf.SuperFunTransforms")
m_ent.returnOutput()
def getLocalConfPath():
pathname = os.path.dirname(sys.argv[0])
pathname = os.path.abspath(pathname)
pathname = os.path.join(pathname, '..','local', 'munk.conf')
return os.path.normpath(pathname)
configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
splunkweb_port = config.get('splunk','splunkweb_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv);
sourcetype = me.getVar("properties.sourcetype")
# Opens default webbrowser with a Splunk Search set to the hostname of the host entity selected.
webbrowser.open('http://' + searchhead + ':' + splunkweb_port + '/en-US/app/search/search?q=search%20index%3D*%20sourcetype%3D' + str(sourcetype) + '&earliest=' + timeframe)
# Return Maltego Output
me.returnOutput()
#!/usr/bin/env python
# Maltego transform for getting the robots.txt file from websites
from MaltegoTransform import *
import requests
m = MaltegoTransform()
m.parseArguments(sys.argv)
website = m.getVar('fqdn')
port = m.getVar('ports')
port = port.split(',')
ssl = m.getVar('website.ssl-enabled')
robots = []
try:
for c in port:
if ssl == 'true':
url = 'https://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url", "Original URL", True, url)
else:
m.addUIMessage("No Robots.txt found..")
else:
url = 'http://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
management = config.get('splunk', 'management')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk','proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
sourcetype = sys.argv[1]
hostip = me.getVar("host")
# Determine which REST call to make based on authentication setting.
if auth == "1":
if proxy == "1":
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
if proxy == "1":
output = subprocess.check_output('curl -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
output = subprocess.check_output('curl -s -k --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
config = ConfigParser.SafeConfigParser()
config.read(configFile)
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk', 'auth')
searchhead = config.get('splunk', 'searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
ds = sys.argv[1]
dsport = me.getVar("dsport")
# Determine which REST call to make based on authentication setting.
if auth == "1":
output = subprocess.check_output('curl -u ' + username + ':' + password +
' -s -k https://' + ds + ':' + dsport +
'/services/deployment/server/clients',
shell=True)
if auth == "0":
output = subprocess.check_output('curl -s -k https://' + ds + ':' +
dsport +
'/services/deployment/server/clients',
shell=True)
# XML Parsing with ElementTree
