コード例 #1
0
def new_transform(arg):
    m = MaltegoTransform()
    m.parseArguments(arg)
    ip = m.getVar('ipv4-address')
    wrkspc = m.getVar('workspace')
    url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
    try:
        r = requests.get(url)
        j = r.json()
        for i in j['items']:
            ent = m.addEntity('maltego.AS', i['asn'])
            ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
    except Exception as e:
        m.addUIMessage(str(e))
    m.returnOutput()
コード例 #2
0
def expandPropertiesFromI3visioEntity(argv):
    ''' 
		Method that expands the properties from a given i3visio entity. It is useful to create new Entities based on the contents of the properties.
		:param argv:	the serialized entity.

		:return:	Nothing is returned but the code of the entities is created.
	'''
    me = MaltegoTransform()
    me.parseArguments(argv)

    # Trying to recover all the possible i3visio entities
    found_fields = {}

    for entity in constants.I3VISIO_ENTITIES:
        found_fields[entity] = me.getVar(entity)
    # All the possible fields must be written down here...

    # iterating through the possible i3visio entities
    for field in found_fields.keys():
        if found_fields[field] != None:
            newEnt = me.addEntity(field, str(found_fields[field]))
        #newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat]  + "</p>");
        #newEnt.addAdditionalFields("i3visio.platform","Platform name",True,plat)

    try:
        # Adding new entities observing the attributes tab:
        attributes = me.getVar("attributes")
        #print attributes
        attJson = json.loads(attributes)
        #print attJson
        for att in attJson:
            #print att
            newEnt = me.addEntity(str(att["type"]), str(att["value"]))
            #newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat]  + "</p>");
            newEnt.addAdditionalFields("attributes", "attributes", True,
                                       str(att["attributes"]))
    except:
        pass
    # Getting the output text
    #maltegoText = me.getOutput()
    # Returning the output text...
    me.returnOutput()
コード例 #3
0
ファイル: getEmails.py プロジェクト: catalyst256/MaltegoMagic
def new_transform(arg):
    emails = []
    m = MaltegoTransform()
    m.parseArguments(arg)
    domain = m.getVar('fqdn')
    ip = m.getVar('ipaddr')
    wrkspc = m.getVar('workspace')
    url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
    try:
        r = requests.get(url)
        j = r.json()
        for i in j['items']:
            if domain in i['domain']:
                for x in i['data']['emails']:
                    if x not in emails:
                        emails.append(x)
        for t in emails:
            ent = m.addEntity('maltego.EmailAddress', t)
            ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
    except Exception as e:
        m.addUIMessage(str(e))
    m.returnOutput()
コード例 #4
0
def new_transform(arg):
    emails = []
    m = MaltegoTransform()
    m.parseArguments(arg)
    domain = m.getVar('fqdn')
    ip = m.getVar('ipaddr')
    wrkspc = m.getVar('workspace')
    url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
    try:
        r = requests.get(url)
        j = r.json()
        for i in j['items']:
            if domain in i['domain']:
                for x in i['data']['emails']:
                    if x not in emails:
                        emails.append(x)
        for t in emails:
            ent = m.addEntity('maltego.EmailAddress', t)
            ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
    except Exception as e:
        m.addUIMessage(str(e))
    m.returnOutput()
コード例 #5
0
ファイル: fetchNearbySSIDs.py プロジェクト: 4sp1r3/snoopy-ng
def main():
#    print "Content-type: xml\n\n";
#    MaltegoXML_in = sys.stdin.read()
#    logging.debug(MaltegoXML_in)
#    if MaltegoXML_in <> '':
#     m = MaltegoMsg(MaltegoXML_in)

    TRX = MaltegoTransform()
    TRX.parseArguments(sys.argv)
    lat = float(TRX.getVar("latitude"))
    lng = float(TRX.getVar("longitude"))
    address = TRX.getVar("longaddress")

    logging.debug(lat)
    logging.debug(address)

    try:
        f = open("wigle_creds.txt", "r")
        user, passw, email,proxy = f.readline().strip().split(":")
    except Exception, e:
        print "ERROR: Unable to read Wigle user & pass, email (and optional proxy) from wigle_creds.txt"
        print e
        exit(-1)
コード例 #6
0
def main():
    #    print "Content-type: xml\n\n";
    #    MaltegoXML_in = sys.stdin.read()
    #    logging.debug(MaltegoXML_in)
    #    if MaltegoXML_in <> '':
    #     m = MaltegoMsg(MaltegoXML_in)

    TRX = MaltegoTransform()
    TRX.parseArguments(sys.argv)
    lat = float(TRX.getVar("latitude"))
    lng = float(TRX.getVar("longitude"))
    address = TRX.getVar("longaddress")

    logging.debug(lat)
    logging.debug(address)

    try:
        f = open("wigle_creds.txt", "r")
        user, passw, email, proxy = f.readline().strip().split(":")
    except Exception, e:
        print "ERROR: Unable to read Wigle user & pass, email (and optional proxy) from wigle_creds.txt"
        print e
        exit(-1)
コード例 #7
0
            TRX.throwExceptions()
            exit(0)
        #loging.error(len(r))

        # The dirtiest hack of dirty hacks.
        if not shadowKey:
            shadowKey = "derpderpderp"
        if shadowKey and str(m.Type) == "snoopy.Snoopy":
            filters.append( mtk.c.mtkey == shadowKey )
            filters.append( mtk.c.user == users.c.user )
            filters.append( sess.c.drone == users.c.drone )

#Option Two, Local:
else:

    drone = TRX.getVar("properties.drone")
    if TRX.getVar("drone"):
        drone = TRX.getVar("drone")
    
    location = TRX.getVar("properties.dronelocation")
    if TRX.getVar("location"):
        location = TRX.getVar("location")
    
    start_time = TRX.getVar("properties.start_time", "2000-01-01 00:00:00.0")
    if TRX.getVar("start_time"):
        start_time = TRX.getVar("start_time", "2000-01-01 00:00:00.0")
    
    end_time = TRX.getVar("properties.end_time", "2037-01-01 00:00:00.0")
    if TRX.getVar("end_time"):
        end_time = TRX.getVar("end_time", "2037-01-01 00:00:00.0")
    
import sys
import io
import json

import httplib2
import apiclient.discovery
from MaltegoTransform import *

GOOGLEPLUS_API_KEY = "AIzaSyCQUjsJBAKSLNqM187Yro9z8lFO8KUXyVE"

me = MaltegoTransform()
me.parseArguments(sys.argv)
Q = me.getVar('UID')

try:
    #initialize G+
    service = apiclient.discovery.build('plus',
                                        'v1',
                                        http=httplib2.Http(),
                                        developerKey=GOOGLEPLUS_API_KEY)

    #get query result
    organizations = service.people().get(userId=Q,
                                         fields='organizations').execute()
    for o in organizations['organizations']:
        fullname = ""
        if 'department' in o:
            fullname += o['department'] + "@"
        fullname += o['name']
        org = me.addEntity("maltego.Organization", fullname)
        org.setType("maltego.Organization")
コード例 #9
0
from TeethLib import *
from MaltegoTransform import *

##########MAIN
m = MaltegoTransform()
m.parseArguments(sys.argv)
target = sys.argv[1]

origin = m.getVar('origin') + "/"

if origin is None:
    logger.info("Origin on [%s] not found" % target)

logger.info("Checking indexability of [%s]" % origin)

output = get_url_with_BS(origin, 20)
if output.lower().find('index of') >= 0 or output.lower().find(
        'directory listing of') >= 0:
    logger.info("[%s] found to be indexable" % origin)

    IndEnt = m.addEntity("maltego.Phrase", "Indexable:" + origin)
    IndEnt.setDisplayInformation('Click <a href="' + origin +
                                 '">here</a> to view')
else:
    logger.debug("[%s] not indexable" % origin)

m.returnOutput()
コード例 #10
0
#!/usr/bin/env python
"""Expand the entities related to an RF Event."""

import sys
from MaltegoTransform import *
from APIUtil import APIUtil
from rf_maltego_conv import *
mt = MaltegoTransform()

mt.parseArguments(sys.argv)
eid = mt.getVar("eid")

rfapi = APIUtil()

reference_query = {"reference": {"cluster_id": eid, "limit": 100}}

sys.stderr.write("RF querying...\n")
ents = []
seen_ids = set()
seen_ids.add(eid)
for ceid, ent in rfapi.query(reference_query).get("entities", {}).items():
    if ceid not in seen_ids:
        ent["id"] = ceid
        ents.append(ent)
        seen_ids.add(ceid)

rf2maltego(mt, ents)

sys.stderr.write("RF Transform Done.\n")

mt.returnOutput()
コード例 #11
0
from TeethLib import *
from MaltegoTransform import *
from urlparse import *

m = MaltegoTransform()
m.parseArguments(sys.argv)

target = sys.argv[1]
level = m.getVar('level')
origin = m.getVar('origin')

TTM = read_config_file('MirrorGeneral', 'time_to_mirror')

if level is None and origin is None:
    logger.info("Running mirror directory mine on website [%s]" % target)
    level = 1
    track = ''
else:
    if level is not None and origin is not None:
        track = target.replace('/', '')
        target = urlparse(origin).netloc
        level = str(int(level) + 1)
        logger.info("Running mirror deeper mine on w[%s] l[%s] t[%s]" %
                    (target, level, track))
    else:
        logger.info(
            "[%s] Can only run subdirectory mirror mining on directories which are a result of a mirror"
            % target)
        m.returnOutput()
        quit()
コード例 #12
0
    pathname = os.path.join(pathname, '..', 'local', 'munk.conf')
    return os.path.normpath(pathname)


configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)

username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk', 'auth')
searchhead = config.get('splunk', 'searchhead')
timeframe = config.get('splunk', 'timeframe')
splunkweb_port = config.get('splunk', 'splunkweb_port')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
index = me.getVar("properties.index")

# Opens default webbrowser with a Splunk Search set to the hostname of the host entity selected.

webbrowser.open('http://' + searchhead + ':' + splunkweb_port +
                '/en-US/app/search/search?q=search%20index%3D' + str(index) +
                '&earliest=' + timeframe)

# Return Maltego Output

me.returnOutput()
コード例 #13
0
#!/usr/bin/python
# Pull all the egress destinations attached to an egress rule

from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials

creds = load_credentials()
REGION = creds[2]

m = MaltegoTransform()
m.parseArguments(sys.argv)
egress_dst = m.getVar("GroupID")

try:
    conn = boto.ec2.connect_to_region(REGION,
                                      aws_access_key_id=creds[0],
                                      aws_secret_access_key=creds[1])

    reservations = conn.get_all_instances()

    for i in reservations:
        group_nums = len(i.instances[0].groups)
        for z in range(group_nums):
            group_id = i.instances[0].groups[z].id
            if str(group_id) == str(egress_dst):
                egress_rules = conn.get_all_security_groups(
                    group_ids=group_id)[0].rules_egress
                number_of_egress = len(egress_rules)
                for g in range(number_of_egress):
コード例 #14
0
#!/usr/bin/python
# Get all the instances in our Region

from MaltegoTransform import *
import sys
import boto3

mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')

try:
    client = boto3.resource('ec2', region_name=REGION)
    instances = client.instances.all()

    mt.addUIMessage("Getting instances in " + REGION)
    for instance in instances:
        ent = mt.addEntity('matterasmus.AmazonEC2Instance', instance.tags[0].get("Value"))
        ent.addAdditionalFields("InstanceId", "Instance ID", "strict", str(instance.id))
        ent.addAdditionalFields("InstanceType", "Instance Type", "strict", instance.instance_type)
        ent.addAdditionalFields("KeyName", "Key Name", "strict", instance.key_name)
        ent.addAdditionalFields("PrivateIp", "Private Ip", "strict", instance.private_ip_address)
        ent.addAdditionalFields("RegionName", "Region Name", "strict", REGION)
        ent.addAdditionalFields("InstanceState", "Instance State", True, str(instance.state['Name']))
        ent.addAdditionalFields("LaunchDate", "Launch Date", True, str(instance.launch_time))
    else:
        mt.addUIMessage("Completed.")
except Exception as e:
    mt.addUIMessage(str(e))

mt.returnOutput()
コード例 #15
0
def main():
    #    print "Content-type: xml\n\n";
    #    MaltegoXML_in = sys.stdin.read()
    #    logging.debug(MaltegoXML_in)
    #    if MaltegoXML_in <> '':
    #     m = MaltegoMsg(MaltegoXML_in)

    TRX = MaltegoTransform()
    TRX.parseArguments(sys.argv)
    # ssid = TRX.getVar("ssid")
    logging.debug(ssid)
    logging.debug(type(ssid))

    user = TRX.getVar("wigleUser")
    passw = TRX.getVar("wiglePass")
    email = TRX.getVar("wigleEmail")
    proxy = TRX.getVar("wigleProxy")

    if not user or not passw or not email:
        print "ERROR: Please supply Wigle credentials in the 'Property View' on the right --->"
        exit(-1)

    wig = Wigle(user, passw, email, proxy)
    if not wig.login():
        print "ERROR: Unable to login to Wigle with supplied wigle creds. Please check them."
        exit(-1)
    locations = wig.lookupSSID(ssid)
    if "error" in locations:
        print "ERROR: Unable to query Wigle. Perhaps your IP/user is shunned. Error was '%s'" % locations
        exit(-1)

    for address in locations:
        if len(locations) > 20:
            break
        # ssid = b64decode(ssid)
        # ssid=escape(ssid)
        # ssid = illegal_xml_re.sub('', ssid)
        logging.debug(type(address))

        street_view_url1 = (
            "http://maps.googleapis.com/maps/api/streetview?size=800x800&amp;sensor=false&amp;location=%s,%s"
            % (str(address["lat"]), str(address["long"]))
        )
        street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (
            str(address["lat"]),
            str(address["long"]),
        )
        map_url = "http://maps.google.com/maps?t=h&q=%s,%s" % (str(address["lat"]), str(address["long"]))
        flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address["code"]).upper()

        # NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
        NewEnt = TRX.addEntity("snoopy.ssidLocation", address["shortaddress"].encode("utf-8"))
        NewEnt.addAdditionalFields("city", "city", "strict", address["city"].encode("utf-8"))
        NewEnt.addAdditionalFields("countrycode", "countrycode", "strict", address["code"].encode("utf-8"))
        NewEnt.addAdditionalFields("country", "country", "strict", address["country"].encode("utf-8"))
        NewEnt.addAdditionalFields("lat", "lat", "strict", str(address["lat"]))
        NewEnt.addAdditionalFields("long", "long", "strict", str(address["long"]))
        NewEnt.addAdditionalFields("longaddress", "longaddress", "strict", address["longaddress"].encode("utf-8"))
        NewEnt.addAdditionalFields("location.areacode", "Area Code", "strict", address["postcode"])
        NewEnt.addAdditionalFields("road", "Road", "strict", address["road"].encode("utf-8"))
        NewEnt.addAdditionalFields("streetaddress", "streetaddress", "strict", address["shortaddress"].encode("utf-8"))
        NewEnt.addAdditionalFields("ssid", "SSID", "strict", address["ssid"])
        NewEnt.addAdditionalFields("state", "State", "strict", address["state"].encode("utf-8"))
        NewEnt.addAdditionalFields("area", "Area", "strict", address["suburb"].encode("utf-8"))

        NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
        NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)

        # NewEnt.setIconURL(flag_img)
        logging.debug(street_view_url1)
        NewEnt.setIconURL(street_view_url1)

        NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")

    TRX.returnOutput()
コード例 #16
0
import threading
import time
from TeethLib import *
from MaltegoTransform import *

me = MaltegoTransform()
me.parseArguments(sys.argv)

if (len(sys.argv[1]) <= 0):
    logger.debug("Not mining in the root..again! :)")
    me.returnOutput()
    quit()

origin = me.getVar("origin")
if origin is None:
    target = "http://" + sys.argv[1]
else:
    target = origin

urls_received = 0
stack = []
tcount = 0


def compare_url(dir, nothere, timeout_T):
    global tcount
    tcount += 1

    compare = get_url_with_BS(target + dir, timeout_T).replace(dir, '').lower()
    if (len(compare) > 0):
コード例 #17
0
ファイル: relatedevents.py プロジェクト: kaoigan/mcrits
from MaltegoTransform import *
from mcrits_utils import *

crits = mcrits()

me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar("id")
crits_type = me.getVar("crits_type")

for result in crits.get_related(crits_type, id_, "Event"):
    # For each related object, get the details.
    obj = crits.get_single_obj("Event", result[1])
    ent = me.addEntity(result[0], obj["title"])
    ent.addAdditionalFields(fieldName="id", displayName="id", value=result[1])

me.returnOutput()
#!/usr/bin/env python

"""Expand the entities related to an RF Event."""

import sys
from MaltegoTransform import *
from APIUtil import APIUtil
from rf_maltego_conv import *
mt = MaltegoTransform()

mt.parseArguments(sys.argv)
eid = mt.getVar("eid")

rfapi = APIUtil()

reference_query = {
    "reference": {
        "cluster_id":eid,
        "limit": 100
    }
}

sys.stderr.write("RF querying...\n")
ents = []
seen_ids = set()
seen_ids.add(eid)
for ceid, ent in rfapi.query(reference_query).get("entities", {}).items():
    if ceid not in seen_ids:
        ent["id"] = ceid
        ents.append(ent)
        seen_ids.add(ceid)
コード例 #19
0
#!/usr/bin/python
# Get Instance Information

from MaltegoTransform import *
import sys
import boto3

mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')
instance_id = mt.getVar('InstanceId')
mt.addUIMessage("Region: " + REGION)
mt.addUIMessage("Instance: " + instance_id)


# Get Instance Info
try:
    client = boto3.resource('ec2', region_name=REGION)
    instance_info = client.Instance(id=instance_id)
    ent = mt.addEntity('matterasmus.AmazonEC2InstanceType', str(instance_info.instance_type))
    ent.addAdditionalFields("InstanceType", "Instance Type", True, str(instance_info.instance_type))
    ent = mt.addEntity('matterasmus.AmazonEC2Key', str(instance_info.key_name))
    ent.addAdditionalFields("InstanceAccessKey", "Access Key", True, str(instance_info.key_name))
    ent = mt.addEntity('matterasmus.AmazonEC2Subnet', str(instance_info.subnet_id))
    ent.addAdditionalFields("variable", "Subnet ID", True, str(instance_info.subnet_id))
    # Get VPC Information
    vpc_info = client.Vpc(id=instance_info.vpc_id)
    ent = mt.addEntity('matterasmus.AmazonEC2VPC', str(vpc_info.cidr_block))
    ent.addAdditionalFields("VpcId", "VPC ID", True, str(instance_info.vpc_id))
    ent.addAdditionalFields("IPv4Address", "CIDR Block", True, str(vpc_info.cidr_block))
    ent = mt.addEntity('maltego.IPv4Address', str(instance_info.private_ip_address))
コード例 #20
0
#!/usr/bin/python
# -*- coding: utf-8 -*-

# Description:  Locally extract aliases/usernames from Tweets
# Installation: http://dev.paterva.com/developer/getting_started/building_your_own_local_transform.php
# Author:       Michael Henriksen (@michenriksen)

from MaltegoTransform import *
from ttp import ttp
import sys

transform = MaltegoTransform()
transform.parseArguments(sys.argv)

tweet = transform.getVar("content").decode('utf-8')
parser = ttp.Parser()
parsed_tweet = parser.parse(tweet)

for alias in parsed_tweet.users:
    transform.addEntity("maltego.Alias", alias)

transform.returnOutput()
コード例 #21
0
def main():
#    print "Content-type: xml\n\n";
#    MaltegoXML_in = sys.stdin.read()
#    logging.debug(MaltegoXML_in)
#    if MaltegoXML_in <> '':
#     m = MaltegoMsg(MaltegoXML_in)

    TRX = MaltegoTransform()
    TRX.parseArguments(sys.argv)
    #ssid = TRX.getVar("ssid")
    logging.debug(ssid)
    logging.debug(type(ssid))

    user = TRX.getVar("wigleUser")
    passw = TRX.getVar("wiglePass")
    email = TRX.getVar("wigleEmail")
    proxy = TRX.getVar("wigleProxy")

    if not user or not passw or not email:
        print "ERROR: Please supply Wigle credentials in the 'Property View' on the right --->"
        exit(-1)

    wig=Wigle(user, passw, email, proxy)
    if not wig.login():
        print "ERROR: Unable to login to Wigle with supplied wigle creds. Please check them."
        exit(-1)
    locations = wig.lookupSSID(ssid)
    if 'error' in locations:
        print "ERROR: Unable to query Wigle. Perhaps your IP/user is shunned. Error was '%s'" % locations
        exit(-1)

    for address in locations:
        if len(locations) > 20:
            break
        #ssid = b64decode(ssid)
        #ssid=escape(ssid)
        #ssid = illegal_xml_re.sub('', ssid)
        logging.debug(type(address))

        street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&amp;sensor=false&amp;location=%s,%s" % (str(address['lat']),str(address['long']))
        street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long']))
        map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long']))
        flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper()

        #NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
        NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8'))
        NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8'))
        NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8'))
        NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8'))
        NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat']))
        NewEnt.addAdditionalFields("long","long", "strict", str(address['long']))
        NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8'))
        NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode'])
        NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8'))
        NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8'))
        NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid'])
        NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8'))
        NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8'))

        NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
        NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)

        #NewEnt.setIconURL(flag_img)
        logging.debug(street_view_url1)
        NewEnt.setIconURL(street_view_url1)

        NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")

    TRX.returnOutput()
コード例 #22
0
#Maltego Transfrom - VirusTotal submitter information @arieljt

from MaltegoTransform import *
import requests
import json

apiurl = "https://www.virustotal.com/api/v3/"
apikey = "API_KEY"


mt = MaltegoTransform()
mt.parseArguments(sys.argv)
file_hash = mt.getVar('properties.hash')


try:
    headers = {'x-apikey': apikey}
    response = requests.get(apiurl + 'files/' + file_hash + '/submissions', headers=headers) 
    response_json = response.json()

    if 'attributes' in response_json['data'][0]:
        for item in response_json['data']:
            me = mt.addEntity("maltego.VTSubmitter", '%s' % item['attributes']['source_key'].encode("ascii"))
            if 'country' in item['attributes']:
            	me.addAdditionalFields("VTSubmitter.Country","Submitter Country",True,'%s' % item['attributes']['country'].encode("ascii"))
            if 'interface' in item['attributes']:
            	me.addAdditionalFields("VTSubmitter.Interface","Submitter Interface",True,'%s' % item['attributes']['interface'].encode("ascii"))
            me.setLinkLabel("VT Submitter")

except:
    mt.addUIMessage("Exception Occurred")
コード例 #23
0
ファイル: listdeploymentapps.py プロジェクト: cmlh/munk-1
config = ConfigParser.SafeConfigParser()
config.read(configFile)

username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
ds = sys.argv[1]
dsport = me.getVar("dsport")

# Determine which REST call to make based on authentication setting.

if auth == "1":
	output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
if auth == "0":		
	output = subprocess.check_output('curl -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)

# XML Parsing with ElementTree

root = ET.fromstring(output)
entry = root.find('{http://www.w3.org/2005/Atom}entry')
content = entry.find('{http://www.w3.org/2005/Atom}content')
dic = content.find('{http://dev.splunk.com/ns/rest}dict')
apps = dic.find(".//{http://dev.splunk.com/ns/rest}key[@name='applications']")
コード例 #24
0
ファイル: listindicators.py プロジェクト: cmlh/mcrits
	pathname = os.path.join(pathname, '..','local', 'mcrits.conf')
	return os.path.normpath(pathname)

configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)

username = config.get('info', 'username')
url = config.get('info', 'url')
api_key = config.get('info', 'api_key')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
ioctype = me.getVar("ioctype")
campaignname = me.getVar("campaign")

# Setting up requests variables from mcrits.conf

url = url + '/api/v1/indicators/'
params = {
'api_key': api_key,
'username': username,
}

elems = ['_id','bucket_list','created','modified','sectors','status']

r = requests.get(url, params=params, verify=False)
j = json.loads(r.text)
for ioc in j['objects']:
コード例 #25
0
from MaltegoTransform import *

m = MaltegoTransform()
m.parseArguments(sys.argv)

ports = m.getVar('service.ports') # string
ports = ports.split('|')  # array

for port in ports:
  port, name = port.split('::')

  svc = m.addEntity('maltego.Service', port)
  svc.addAdditionalFields("port.number", "Port", "strict", port)
  svc.addAdditionalFields("banner.text", "Service Banner", "strict", name)

m.returnOutput()
コード例 #26
0
#!/usr/bin/python
# Pull all the egress destinations attached to an egress rule

from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials

creds = load_credentials()
REGION = creds[2]

m = MaltegoTransform()
m.parseArguments(sys.argv)
egress_dst = m.getVar("GroupID")

try:
    conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])

    reservations = conn.get_all_instances()

    for i in reservations:
        group_nums = len(i.instances[0].groups)
        for z in range(group_nums):
            group_id = i.instances[0].groups[z].id
            if str(group_id) == str(egress_dst):
                egress_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules_egress
                number_of_egress = len(egress_rules)
                for g in range(number_of_egress):
                    ent = m.addEntity('matterasmus.AmazonEC2IngressSource', str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
                    ent.addAdditionalFields("Source", "Source", "strict", str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
                    ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
コード例 #27
0
from MaltegoTransform import *

m = MaltegoTransform()
m.parseArguments(sys.argv)

ports = m.getVar('service.ports')  # string
ports = ports.split('|')  # array

for port in ports:
    port, name = port.split('::')

    svc = m.addEntity('maltego.Service', port)
    svc.addAdditionalFields("port.number", "Port", "strict", port)
    svc.addAdditionalFields("banner.text", "Service Banner", "strict", name)

m.returnOutput()
コード例 #28
0
from selenium import webdriver
from fake_useragent import UserAgent
import requests

# Set path to your chosen webdriver, e.g. CHROME_PATH = './chromedriver.exe'
PHANTOMJS_PATH = './phantomjs.exe'

# Instantitate a user-agent object
ua = UserAgent()

# Instantiate a Maltego transform object
m = MaltegoTransform()

# Parse arguements passed from Maltego entities with a field named 'url'
m.parseArguments(sys.argv)
IMAGE_URL = m.getVar('url').decode('utf8')

MATCHING_URL = None
SIMILAR_URL = None
API_ENDPOINT = 'http://st.so.com/stu'

# POST request payload
data = {
    'imgurl': IMAGE_URL,
    'submittype': 'imgurl',
    'src': 'image',
    'srcsp': 'st_search'
}

# Call the images.so.com reverse search API, returns html
try:
コード例 #29
0
   return m
    
 logger.info("Done. Could not find Joomla credentials for:"+target)
 return m                                                                                                         






##########MAIN
m = MaltegoTransform()
m.parseArguments(sys.argv);
target=sys.argv[1]

if m.getVar('type') is None or m.getVar('entry') is None:
 logger.info("You need a entry point (entry) and a type (type) - you have one or both missing")
 m.returnOutput()
 quit()
 
# load tlds, ignore comments and empty lines:
with open("effective_tld_names.dat.txt") as tldFile:
    tlds = [line.strip() for line in tldFile if line[0] not in "/\n"]
    
domain_parts = get_domain_parts("http://"+m.getVar('entry'),tlds)
interestingbit=domain_parts.domain
logger.debug("Adding [%s] to the password list"%interestingbit)

if (interestingbit is None):
 logger.info("Could not parse domain. This is not great, but we'll continue..")
 
コード例 #30
0
#!/usr/bin/python
#######################################################
# Maltego NMAP integration script                     #
#                                                     #
#                                                     #
#  Andrew MacPherson [ andrew <<at>> Paterva.com ]    #
#                                                     #
#######################################################
import os, sys, time
from MaltegoTransform import *

me = MaltegoTransform()
me.parseArguments(sys.argv)
portValue = me.getVar("banner")
me.addEntity("Banner", portValue)
me.returnOutput()
コード例 #31
0
            (front, back) = email.split('@')
            if back not in domains:
                domains.append(back)

    choice = eg.choicebox('Pick a domain', 'Target selection', domains)
    return choice


######### MAIN
m = MaltegoTransform()
m.parseArguments(sys.argv)
target = sys.argv[1]

logger.debug("Starting OWA Brute module")

type = m.getVar('type')
entry = m.getVar('entry')

if type is None:
    logger.debug("Missing type on [%s]" % target)
    m.returOutput()
    quit()

location = m.getVar('entry')
if (location is None):
    logger.info("location on [%s] is empty, cannot proceed" % target)
    m.returnOutput()
    quit()

emails = slurp_file("OWABrute", "StorageFile")
if len(emails) <= 0:
コード例 #32
0
            TRX.throwExceptions()
            exit(0)
        #loging.error(len(r))

        # The dirtiest hack of dirty hacks.
        if not shadowKey:
            shadowKey = "derpderpderp"
        if shadowKey and str(m.Type) == "snoopy.Snoopy":
            filters.append(mtk.c.mtkey == shadowKey)
            filters.append(mtk.c.user == users.c.user)
            filters.append(sess.c.drone == users.c.drone)

#Option Two, Local:
else:

    drone = TRX.getVar("properties.drone")
    if TRX.getVar("drone"):
        drone = TRX.getVar("drone")

    location = TRX.getVar("properties.dronelocation")
    if TRX.getVar("location"):
        location = TRX.getVar("location")

    start_time = TRX.getVar("properties.start_time", "2000-01-01 00:00:00.0")
    if TRX.getVar("start_time"):
        start_time = TRX.getVar("start_time", "2000-01-01 00:00:00.0")

    end_time = TRX.getVar("properties.end_time", "2037-01-01 00:00:00.0")
    if TRX.getVar("end_time"):
        end_time = TRX.getVar("end_time", "2037-01-01 00:00:00.0")
コード例 #33
0
#!/usr/bin/env python

"""Resolve a company or an organization by name using the Recorded Future API."""

import sys
from MaltegoTransform import *
from APIUtil import APIUtil

mt = MaltegoTransform()

mt.parseArguments(sys.argv)
name = mt.getVar("properties.companyname")

sys.stderr.write("Resolving company...")

rfapi = APIUtil()

entity_query = {
        "entity":{"name":name, "type":["Company", "Organization"], "limit":1}
}

query_response = rfapi.query(entity_query)
eid = None
for q_eid, q_ent in query_response.get('entity_details', {}).items():
    sys.stderr.write("Found eid: {0}".format(q_eid))
    name = q_ent['name']
    eid = q_eid
    etype = q_ent['type']
    ent = q_ent

if not eid:
コード例 #34
0
#!/usr/bin/python
#######################################################
# Maltego NMAP integration script                     #
#                                                     #
#                                                     #
#  Andrew MacPherson [ andrew <<at>> Paterva.com ]    #
#                                                     #
#######################################################
import os, sys, time
from MaltegoTransform import *

me = MaltegoTransform()
me.parseArguments(sys.argv)
portValue = me.getVar("port")
me.addEntity("Port", portValue)
me.returnOutput()
コード例 #35
0
#!/usr/bin/python
# Pull all the egress rules for a Security Group

from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials

creds = load_credentials()
REGION = creds[2]

m = MaltegoTransform()
m.parseArguments(sys.argv)
sec_group = m.getVar("GroupID")

try:
    conn = boto.ec2.connect_to_region(REGION,
                                      aws_access_key_id=creds[0],
                                      aws_secret_access_key=creds[1])

    reservations = conn.get_all_instances()

    for i in reservations:
        group_nums = len(i.instances[0].groups)
        for z in range(group_nums):
            group_id = i.instances[0].groups[z].id
            sg_name = conn.get_all_security_groups(group_ids=group_id)[0]
            if str(group_id) == str(sec_group):
                egress_rules = conn.get_all_security_groups(
                    group_ids=group_id)[0].rules_egress
                number_of_egress = len(egress_rules)
コード例 #36
0
#!/usr/bin/python
# -*- encoding: utf-8 -*-
# Extract list price from smzdm.com item listing
import sys
import codecs
from MaltegoTransform import *

# Initialize Maltego library
m = MaltegoTransform()

# Extract the listed price from the Maltego smzdm item entity
m.parseArguments(sys.argv)
price = m.getVar('item-price').decode('utf8')

# Add entity to the Maltego chart
myEntity = m.addEntity('smzdm.itemprice', price.encode('utf8',
                                                       errors='ignore'))

# Return entity to Maltego
m.returnOutput()
コード例 #37
0
from MaltegoTransform import *
from mcrits_utils import *

crits = mcrits()

me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar('id')
crits_type = me.getVar('crits_type')

for result in crits.get_related(crits_type, id_, 'Actor'):
    # For each related object, get the details.
    obj = crits.get_single_obj('Actor', result[1])
    # For each identifer, get the name.
    identifiers = []
    for id_dict in obj['identifiers']:
        id_obj = crits.get_single_obj('ActorIdentifier',
                                      id_dict['identifier_id'])
        identifiers.append(id_obj['name'])
    ent = me.addEntity(result[0], obj['name'])
    ent.addAdditionalFields(fieldName='id',
                            displayName='id',
                            value=result[1])
    ent.addAdditionalFields(fieldName='aliases',
                            displayName='Aliases',
                            value=obj['aliases'])
    ent.addAdditionalFields(fieldName='identifiers',
                            displayName='Identifiers',
                            value=identifiers)

me.returnOutput()
コード例 #38
0
#!/usr/bin/python
# Pull all the ingress sources attached to an ingress rule

from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials

creds = load_credentials()
REGION = creds[2]

m = MaltegoTransform()
m.parseArguments(sys.argv)
ingress_src = m.getVar("GroupID")

try:
    conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])

    reservations = conn.get_all_instances()

    for i in reservations:
        group_nums = len(i.instances[0].groups)
        for z in range(group_nums):
            group_id = i.instances[0].groups[z].id
            if str(group_id) == str(ingress_src):
                sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
                rule_nums = len(sec_rules)
                for g in range(rule_nums):
                    ent = m.addEntity('matterasmus.AmazonEC2IngressSource', str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
                    ent.addAdditionalFields("Source", "Source", "strict", str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g].grants))
                    ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
コード例 #39
0
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk', 'auth')
searchhead = config.get('splunk', 'searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk', 'proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
application = sys.argv[1]
ds = me.getVar("ds")
dsport = me.getVar("dsport")

# Determine which REST call to make based on authentication setting.

if auth == "1":
    if proxy == "1":
        output = subprocess.check_output(
            'curl -u ' + username + ':' + password + ' --socks5 ' + proxy_ip +
            ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport +
            '/services/deployment/server/clients',
            shell=True)
    else:
        output = subprocess.check_output(
            'curl -u ' + username + ':' + password + ' -s -k https://' + ds +
            ':' + dsport + '/services/deployment/server/clients',
コード例 #40
0
#!/usr/bin/python
# -*- coding: utf-8 -*-
from MaltegoTransform import *
from nltk.corpus import stopwords
from nltk.stem.snowball import SnowballStemmer
import sys, string

# Description:  Locally extract words from Tweets
# Installation: http://dev.paterva.com/developer/getting_started/building_your_own_local_transform.php
# Author:       Michael Henriksen (@michenriksen)

transform = MaltegoTransform()
transform.parseArguments(sys.argv)

tweet      = transform.getVar("content")
stemmer    = SnowballStemmer("english")
stop_words = stopwords.words("english")
with open("top100Kenglishwords.txt") as f:
    common_words = [x.strip().strip().lower().decode("unicode_escape").encode("ascii", "ignore") for x in f.readlines()]
words      = []

for word in tweet.split():
    if word.startswith('#') or word.startswith('@') or word.startswith('\\'):
	continue

    # Normalize word and strip out silliness
    word = word.strip().lower().decode("unicode_escape").encode("ascii", "ignore")
    word = ''.join(ch for ch in word if ch not in string.punctuation)

    if word == '' or word == 'rt' or word.startswith('http'):
        continue
コード例 #41
0
#!/usr/bin/env python

# Maltego transform for getting the robots.txt file from websites

from MaltegoTransform import *
import requests

m = MaltegoTransform()
m.parseArguments(sys.argv)

website = m.getVar('fqdn')
port = m.getVar('ports')
port = port.split(',')
ssl = m.getVar('website.ssl-enabled')
robots = []

try:
  for c in port:
    if ssl == 'true':
      url = 'https://' + website + ':' + str(c) + '/robots.txt'
      r = requests.get(url)
      if r.status_code == 200:
        robots = str(r.text).split('\n')
        for i in robots:
          ent = m.addEntity('maltego.Phrase', i)
          ent.addAdditionalFields("url","Original URL",True,url)
      else:
        m.addUIMessage("No Robots.txt found..")
    else:
      url = 'http://' + website + ':' + str(c) + '/robots.txt'
      r = requests.get(url)
コード例 #42
0
from MaltegoTransform import *
from mcrits_utils import *

crits = mcrits()

me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar('id')
crits_type = me.getVar('crits_type')

for result in crits.get_related(crits_type, id_, 'IP'):
    # For each related object, get the details.
    obj = crits.get_single_obj('IP', result[1])
    ent = me.addEntity(result[0], result[1])
    ent.addAdditionalFields(fieldName='ip', displayName='IP', value=obj['ip'])
    ent.addAdditionalFields(fieldName='type',
                            displayName='Type',
                            value=obj['type'])

me.returnOutput()
コード例 #43
0
def getLocalConfPath():
	pathname = os.path.dirname(sys.argv[0])
	pathname = os.path.abspath(pathname)
	pathname = os.path.join(pathname, '..','local', 'munk.conf')
	return os.path.normpath(pathname)

configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)

username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
splunkweb_port = config.get('splunk','splunkweb_port')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
host = me.getVar("properties.host")

# Opens default webbrowser with a Splunk Search set to the hostname of the host entity selected.

webbrowser.open('http://' + searchhead + ':' + splunkweb_port + '/en-US/app/search/search?q=search%20index%3D*%20host%3D' + str(host) + '&earliest=' + timeframe)

# Return Maltego Output

me.returnOutput()
コード例 #44
0
#!/usr/bin/python
# Pull all the ingress rules for a Security Group

from MaltegoTransform import *
import boto.ec2
import sys
from init import load_credentials

creds = load_credentials()
REGION = creds[2]

m = MaltegoTransform()
m.parseArguments(sys.argv)
sec_group = m.getVar("GroupID")

try:
    conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])

    reservations = conn.get_all_instances()

    for i in reservations:
        group_nums = len(i.instances[0].groups)
        for z in range(group_nums):
            group_id = i.instances[0].groups[z].id
            if str(group_id) == str(sec_group):
                sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
                rule_nums = len(sec_rules)
                for g in range(rule_nums):
                    ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupPP', str(conn.get_all_security_groups(group_ids=group_id)[0].rules[g]))
                    ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
コード例 #45
0
#!/usr/bin/python 
import sys
import csv
import os,sys,time,random
from MaltegoTransform import *
import EasyDialogs

me = MaltegoTransform();
me.parseArguments(sys.argv);
csv_file = me.getVar("file");
if (csv_file is None):
	defaultFile = "c:\stafflist.csv"
	csv_file = EasyDialogs.AskString("Which file do you want to use?",defaultFile);

if (csv_file is None):
	me.returnOutput();
	exit();
	


csv_reader = csv.reader(open(csv_file), delimiter = ',');
Emails = []
for row in csv_reader:
	Emails.append(row[0]);

EmailsUnique = dict(map(lambda i: (i,1),Emails)).keys()
for s in Emails:
	myentity = me.addEntity("EmailAddress",s);
	myentity.addAdditionalFields("file","CSV File",None,csv_file);
	
コード例 #46
0
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk','proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
application = sys.argv[1]
ds = me.getVar("ds")
dsport = me.getVar("dsport")

# Determine which REST call to make based on authentication setting.

if auth == "1":
	if proxy == "1":
		output = subprocess.check_output('curl -u ' + username + ':' + password + ' --socks5 ' + proxy_ip + ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
	else:	
		output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
else:
	if proxy == "1":
		output = subprocess.check_output('curl --socks5 ' + proxy_ip + ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
	else:	
		output = subprocess.check_output('curl -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
コード例 #47
0
#!/usr/bin/python

#################
# NMAP VULN TOOL#
#################

import os, sys
from MaltegoTransform import *

m_ent = MaltegoTransform()
m_ent.parseArguments(sys.argv)

banner_grab = m_ent.getVar("banner")
open_grab = m_ent.getVar("opening")

if open_grab == "open":
    me_add = m_ent.addEntity("Banner", banner_grab)
    me_add.setType("jf.SuperFunTransforms")

m_ent.returnOutput()
コード例 #48
0
def getLocalConfPath():
	pathname = os.path.dirname(sys.argv[0])
	pathname = os.path.abspath(pathname)
	pathname = os.path.join(pathname, '..','local', 'munk.conf')
	return os.path.normpath(pathname)

configFile = getLocalConfPath()
config = ConfigParser.SafeConfigParser()
config.read(configFile)

username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
splunkweb_port = config.get('splunk','splunkweb_port')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv);
sourcetype = me.getVar("properties.sourcetype")

# Opens default webbrowser with a Splunk Search set to the hostname of the host entity selected.

webbrowser.open('http://' +  searchhead + ':' + splunkweb_port + '/en-US/app/search/search?q=search%20index%3D*%20sourcetype%3D' + str(sourcetype) + '&earliest=' + timeframe)

# Return Maltego Output

me.returnOutput()
コード例 #49
0
#!/usr/bin/env python

# Maltego transform for getting the robots.txt file from websites

from MaltegoTransform import *
import requests

m = MaltegoTransform()
m.parseArguments(sys.argv)

website = m.getVar('fqdn')
port = m.getVar('ports')
port = port.split(',')
ssl = m.getVar('website.ssl-enabled')
robots = []

try:
    for c in port:
        if ssl == 'true':
            url = 'https://' + website + ':' + str(c) + '/robots.txt'
            r = requests.get(url)
            if r.status_code == 200:
                robots = str(r.text).split('\n')
                for i in robots:
                    ent = m.addEntity('maltego.Phrase', i)
                    ent.addAdditionalFields("url", "Original URL", True, url)
            else:
                m.addUIMessage("No Robots.txt found..")
        else:
            url = 'http://' + website + ':' + str(c) + '/robots.txt'
            r = requests.get(url)
コード例 #50
0
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
management = config.get('splunk', 'management')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk','proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
sourcetype = sys.argv[1]
hostip = me.getVar("host")

# Determine which REST call to make based on authentication setting.

if auth == "1":
	if proxy == "1":
		output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' +  sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
	else:
		output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' +  sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)

else:
	if proxy == "1":
		output = subprocess.check_output('curl -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' +  sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
	else:
		output = subprocess.check_output('curl -s -k --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' +  sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
コード例 #51
0
ファイル: listdeploymentapps.py プロジェクト: cmlh/munk-1
config = ConfigParser.SafeConfigParser()
config.read(configFile)

username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk', 'auth')
searchhead = config.get('splunk', 'searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')

# Setting up Maltego entities and getting initial variables.

me = MaltegoTransform()
me.parseArguments(sys.argv)
ds = sys.argv[1]
dsport = me.getVar("dsport")

# Determine which REST call to make based on authentication setting.

if auth == "1":
    output = subprocess.check_output('curl -u ' + username + ':' + password +
                                     ' -s -k https://' + ds + ':' + dsport +
                                     '/services/deployment/server/clients',
                                     shell=True)
if auth == "0":
    output = subprocess.check_output('curl -s -k https://' + ds + ':' +
                                     dsport +
                                     '/services/deployment/server/clients',
                                     shell=True)

# XML Parsing with ElementTree