def new_transform(arg):
m = MaltegoTransform()
m.parseArguments(arg)
ip = m.getVar('ipv4-address')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.AS', i['asn'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
lat = float(TRX.getVar("latitude"))
lng = float(TRX.getVar("longitude"))
address = TRX.getVar("longaddress")
logging.debug(lat)
logging.debug(address)
try:
f = open("wigle_creds.txt", "r")
user, passw, email,proxy = f.readline().strip().split(":")
except Exception, e:
print "ERROR: Unable to read Wigle user & pass, email (and optional proxy) from wigle_creds.txt"
print e
exit(-1)
username = config.get('credentials', 'username')
password = config.get('credentials', 'password')
auth = config.get('splunk','auth')
searchhead = config.get('splunk','searchhead')
timeframe = config.get('splunk', 'timeframe')
status = config.get('splunk', 'status')
management = config.get('splunk', 'management')
proxy = config.get('splunk', 'proxy')
proxy_ip = config.get('splunk','proxy_ip')
proxy_port = config.get('splunk', 'proxy_port')
# Setting up Maltego entities and getting initial variables.
me = MaltegoTransform()
me.parseArguments(sys.argv)
sourcetype = sys.argv[1]
hostip = me.getVar("host")
# Determine which REST call to make based on authentication setting.
if auth == "1":
if proxy == "1":
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
if proxy == "1":
output = subprocess.check_output('curl -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Written by JC (https://twitter.com/jc_socal)
# Copyright 2015
######################################################################
import sys
from MaltegoTransform import *
import fa_parser as fa
value = sys.argv[1]
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
from hashlib import sha512
import datetime
import random
logging.basicConfig(level=logging.DEBUG,filename='/tmp/maltego_logs_bv.txt',format='%(asctime)s %(levelname)s: %(message)s',datefmt='%Y-%m-%d %H:%M:%S')
bv_User = "******"
bv_Pass = "******"
bv_URL = "https://yourBroadViewAPI"
makeHuman = False
humanSalt = "saltIsGoodOnBurgers"
def randIP():
ip = "x.x." + ".".join(map(str, (random.randint(0, 255)
for _ in range(2))))
return ip
ignoreAccounts = [] #Any BroadView/MVS accounts to ignore
api_service = "http://172.16.29.195:5000/api/v1/query" #Point to AyePeeEye.py service
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
logging.debug(sys.argv)
client = bvapi.Client(url=bv_URL, user=bv_User, password=bv_Pass)
status = client.status()
if 'status' not in status or status['status'] != 'success':
logging.error("Bad Status: '%s'" % str(status))
exit(-1)
#!/usr/bin/python
#################
# NMAP VULN TOOL#
#################
import os, sys
from MaltegoTransform import *
m_ent = MaltegoTransform()
m_ent.parseArguments(sys.argv)
banner_grab = m_ent.getVar("banner")
open_grab = m_ent.getVar("opening")
if open_grab == "open":
me_add = m_ent.addEntity("Banner", banner_grab)
me_add.setType("jf.SuperFunTransforms")
m_ent.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
# ssid = TRX.getVar("ssid")
logging.debug(ssid)
logging.debug(type(ssid))
user = TRX.getVar("wigleUser")
passw = TRX.getVar("wiglePass")
email = TRX.getVar("wigleEmail")
proxy = TRX.getVar("wigleProxy")
if not user or not passw or not email:
print "ERROR: Please supply Wigle credentials in the 'Property View' on the right --->"
exit(-1)
wig = Wigle(user, passw, email, proxy)
if not wig.login():
print "ERROR: Unable to login to Wigle with supplied wigle creds. Please check them."
exit(-1)
locations = wig.lookupSSID(ssid)
if "error" in locations:
print "ERROR: Unable to query Wigle. Perhaps your IP/user is shunned. Error was '%s'" % locations
exit(-1)
for address in locations:
if len(locations) > 20:
break
# ssid = b64decode(ssid)
# ssid=escape(ssid)
# ssid = illegal_xml_re.sub('', ssid)
logging.debug(type(address))
street_view_url1 = (
"http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s"
% (str(address["lat"]), str(address["long"]))
)
street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (
str(address["lat"]),
str(address["long"]),
)
map_url = "http://maps.google.com/maps?t=h&q=%s,%s" % (str(address["lat"]), str(address["long"]))
flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address["code"]).upper()
# NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
NewEnt = TRX.addEntity("snoopy.ssidLocation", address["shortaddress"].encode("utf-8"))
NewEnt.addAdditionalFields("city", "city", "strict", address["city"].encode("utf-8"))
NewEnt.addAdditionalFields("countrycode", "countrycode", "strict", address["code"].encode("utf-8"))
NewEnt.addAdditionalFields("country", "country", "strict", address["country"].encode("utf-8"))
NewEnt.addAdditionalFields("lat", "lat", "strict", str(address["lat"]))
NewEnt.addAdditionalFields("long", "long", "strict", str(address["long"]))
NewEnt.addAdditionalFields("longaddress", "longaddress", "strict", address["longaddress"].encode("utf-8"))
NewEnt.addAdditionalFields("location.areacode", "Area Code", "strict", address["postcode"])
NewEnt.addAdditionalFields("road", "Road", "strict", address["road"].encode("utf-8"))
NewEnt.addAdditionalFields("streetaddress", "streetaddress", "strict", address["shortaddress"].encode("utf-8"))
NewEnt.addAdditionalFields("ssid", "SSID", "strict", address["ssid"])
NewEnt.addAdditionalFields("state", "State", "strict", address["state"].encode("utf-8"))
NewEnt.addAdditionalFields("area", "Area", "strict", address["suburb"].encode("utf-8"))
NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)
# NewEnt.setIconURL(flag_img)
logging.debug(street_view_url1)
NewEnt.setIconURL(street_view_url1)
NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")
TRX.returnOutput()
#!/usr/bin/python
from MaltegoTransform import *
import sys
import urllib2
import re
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
domain = mt.getValue()
url = "http://safeweb.norton.com/heartbleed?url=www."
getrequrl = url + domain
try:
response = urllib2.urlopen(getrequrl)
ser = re.search(r'is vulnerable', response.read())
if ser:
print "a"
mt.addEntity("maltego.Phrase", "HeartBleed Vulnerable")
except:
print ""
mt.returnOutput()
import sys
from MaltegoTransform import *
import fa_parser as fa
value = sys.argv[1]
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Remote IP') ## Edit Here
####################
## Submit Results ##
#!/usr/bin/python
# -*- coding: utf-8 -*-
from MaltegoTransform import *
from ttp import ttp
import sys
# Description: Locally extract hashtags from Tweets
# Installation: http://dev.paterva.com/developer/getting_started/building_your_own_local_transform.php
# Author: Michael Henriksen (@michenriksen)
transform = MaltegoTransform()
transform.parseArguments(sys.argv)
tweet = transform.getVar("content").decode('utf-8')
parser = ttp.Parser()
parsed_tweet = parser.parse(tweet)
for hashtag in parsed_tweet.tags:
hashtag = "#" + hashtag
transform.addEntity("maltego.hashtag", hashtag)
transform.returnOutput()
#!/usr/bin/python
#######################################################
# Maltego NMAP integration script #
# #
# #
# Andrew MacPherson [ andrew <<at>> Paterva.com ] #
# #
#######################################################
import os,sys,time
from MaltegoTransform import *
me = MaltegoTransform();
me.parseArguments(sys.argv);
ports = me.getVar("ports");
target = me.getValue();
fn = target + "-version";
if (ports == None):
me.addUIMessage("No ports found, please do a portscan first!");
me.returnOutput();
exit();
nmapCMD = "nmap --version-light -oG " + fn + " -sV -PN -p" + ports + " " + target + ">"+fn+".stdout"
me.debug("running " + nmapCMD);
os.system(nmapCMD);
try:
if (os.path.exists(fn) == False):
me.debug("File not found, please make sure another scan is not currently running. (windows limitation)");
me.returnOutput();
exit();
f = open(fn)
exit(-1)
f = open("/etc/transforms/db_path.conf")
dbms = f.readline().strip()
try:
db = create_engine(dbms)
#db.echo = True
metadata = MetaData(db)
metadata.reflect()
except Exception, e:
print "ERROR: Unable to communicate with DB specified in /etc/transforms/db_path.txt ('%s'). Error was '%s'" % (
dbms, str(e))
exit(-1)
TRX = MaltegoTransform()
TRX.parseArguments(sys.argv)
start_time = "2000-01-01 00:00:00.0"
end_time = "2037-01-01 00:00:00.0"
drone, location, mac, ssid, domain, observation = (None, ) * 6
filters = []
mtk = metadata.tables['mtk']
users = metadata.tables['users']
sess = metadata.tables['sessions']
#Hack to know if we're local or TDS
#Option One, TDS (this should be made into the new TRX):
if len(sys.argv) < 2:
from Maltego import *
