Python Labelの例、canari.maltego.message.Label Pythonの例

コード例 #1

0

ファイルを表示

ファイル: tofullname.py プロジェクト: shizzz477/recon-ng-maltego

def dotransform(request, response, config):

    if 'workspace' in request.fields:
        workspace = request.fields['workspace']
    else:
        workspace = request.value

    dbcon = db_connect(workspace)
    contact_list = get_contacts(dbcon)

    for fullname in contact_list:
        if fullname[0] is None or fullname[1] is None:
            pass
        else:
            e = Person(fullname[0] + ' ' + fullname[1])
            e += Field("workspace", workspace, displayname='Workspace')
            e += Field("fname", fullname[0], displayname='First Name')
            e += Field("lname", fullname[1], displayname='Last Name')
            e += Field("title", fullname[3], displayname='Title')
            e += Field("location",
                       str(fullname[4]) + ', ' + str(fullname[5]),
                       displayname='Location')
            e += Label("Title", fullname[3])
            e += Label("Location", str(fullname[4]) + ', ' + str(fullname[5]))
            response += e

    return response

コード例 #2

0

ファイルを表示

ファイル: toTransactionAddresses.py プロジェクト: r3sult/bitcoin-explorer

def dotransform(request, response, config):
    
    try:
        
        btc_add = bitcoin_address(request.fields['address'])
    
        for trans in btc_add['transactions']:
            if request.value == trans['transaction_hash']:
                for address in trans['addresses']:
                    e = BitcoinAddress(address)
                    e += Field("date", trans['date'], displayname='Date')
                    e += Field("trans_uri", trans['transaction_uri'], displayname='Transaction URI')
                    e += Field("recieved_address", request.fields['address'], displayname='Recieved Address')
                    e += Label("Bitcoin Address", address)
                    e += Label("Bitcoin Recieved Address", request.fields['address'])
                    e += Label("Transaction Type", trans['transaction_type'])
                    e += Label("Transaction Hash", trans['transaction_hash'])
                    e += Label("Transaction Date", trans['date'])
                    
                    response += e

            else:
                pass

        return response

    except Exception as e:
        raise MaltegoException('An error occured: %s' % e)

コード例 #3

0

ファイルを表示

ファイル: toGSEResults.py プロジェクト: r3sult/bitcoin-explorer

def dotransform(request, response, config):

    try:
        query = '%s -site:blockchain.info -site:blockexplorer.com' % request.value
        jsondata = json.loads(
            csequery(config['gcse/gapi'], config['gcse/gcseid'], query))
    except Exception as e:
        raise MaltegoException('An error occured: %s' % e)

    # parses the GCSE results

    if 'items' in jsondata:
        try:
            for item in jsondata['items']:
                e = URL(item['link'], url=item['link'])

                e += Label("Title", item['title'].encode('ascii', 'ignore'))
                e += Label("Snippet",
                           item['snippet'].encode('ascii', 'ignore'))
                e += Label("Google Query",
                           jsondata['queries']['request'][0]['searchTerms'])

                response += e

        # TODO: Check to see if there are more than one page of results up to 100 results can be returned by the GCSE API
        # if 'nextPage' in jsondata['queries']
            return response

        except Exception as e:
            raise MaltegoException('An error occured: %s' % e)
    else:
        pass

コード例 #4

0

ファイルを表示

def dotransform(request, response, config):
    try:
        btc_add = bitcoin_address(request.value)

        for trans in btc_add['transactions']:

            if 'Received' in trans['transaction_type']:
                e = BitcoinTransaction(trans['transaction_hash'],
                                       trans_type=trans['transaction_type'],
                                       amount=trans['transaction_amount'],
                                       trans_uri=trans['transaction_uri'],
                                       address=request.value)
                e += Field("date", trans['date'], displayname='Date')
                e += Label("Bitcoin Address", request.value)
                e += Label("Total Amount of Transaction",
                           trans['transaction_amount'])
                e += Label("Transaction Type", trans['transaction_type'])
                e += Label("Transaction Date", trans['date'])
                e.linklabel = 'Received'

                response += e

            else:
                pass

        return response

    except Exception as e:
        raise MaltegoException('An error occured: %s' % e)

コード例 #5

0

ファイルを表示

ファイル: sitetovulns.py プロジェクト: 5l1v3r1/Nextego

def dotransform(request, response):
    checkdir(config['nexpose/reportdir'])
    # Nexpose API session login
    session = nexlogin()
    # Nexpose Adhoc report generation and save to file
    siteid = request.fields['siteid']
    report = '%s.xml' % siteid
    reportstatus = reportChecker(session, siteid, report)
    if reportstatus == True:
        f = open(os.path.join(config['nexpose/reportdir'], report))
        reporto = f.read()
        f.close
    else:
        raise MaltegoException('Something went wrong with the report checks')

    for dic in nexposeVulns(reporto):
        for key, val in dic.iteritems():
            e = NexposeVulnerability(val[0],
                                     siteid=siteid,
                                     scanid=request.fields['scanid'],
                                     vulnid=key)

            e += Label('cvss Score', val[2])
            e += Label('Severity', val[1])
            response += e

    return response
    nexlogout(session)

コード例 #6

0

ファイルを表示

def dotransform(request, response):
    checkdir(config['nexpose/reportdir'])
    # Nexpose API session login
    session = nexlogin()
    # Nexpose Adhoc report generation and save to file
    siteid = request.fields['siteid']
    report = '%s.xml' % siteid
    reportstatus = reportChecker(session, siteid, report)
    if reportstatus == True:
        f = open(os.path.join(config['nexpose/reportdir'], report))
        reporto = f.read()
        f.close
    else:
        raise MaltegoException('Something went wrong with the report checks')

    for dic in nexposeExploits(reporto):
        for key, val in dic.iteritems():
            if key == request.fields['vulnid'] and val[1] == 'exploitdb':
                e = NexposeEDBExploit(val[0],
                                      exploittype=val[1],
                                      siteid=siteid,
                                      scanid=request.fields['scanid'],
                                      vulnid=key)

                e += Label('Exploit DB URL', val[2])
                e += Label('Skill Level', val[3])
                response += e

    return response
    nexlogout(session)

コード例 #7

0

ファイルを表示

def dotransform(request, response, config):

    try:
        url = request.fields['url']
    except KeyError:
        url = request.value

    try:
        indicators = search_indicator(url)
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')
    else:
        try:
            for indicator in indicators:
                if indicator.get('tcScore'):
                    weight = int(indicator.get('tcScore'))
                else:
                    weight = 1
                indicator = indicator.get('resource')
                e = Indicator(encode_to_utf8(indicator.get('title')),
                              weight=weight)
                e.title = encode_to_utf8(indicator.get('title'))
                # e.resourceId = indicator.get('resourceId')
                e.resourceId = indicator.get('resourceId')

                if indicator.get('severity'):
                    e += Label(
                        'Severity',
                        indicator.get('severity', dict()).get('displayName'))
                    e.severity = indicator.get('severity',
                                               dict()).get('displayName')
                if indicator.get('confidence'):
                    e += Label(
                        'Confidence',
                        indicator.get('confidence', dict()).get('displayName'))
                    e.confidence = indicator.get('confidence',
                                                 dict()).get('displayName')
                if indicator.get('indicatorType'):
                    e += Label(
                        'Indicator Type',
                        indicator.get('indicatorType',
                                      dict()).get('displayName'))
                    e.indicatorType = indicator.get('indicatorType',
                                                    dict()).get('displayName')
                if indicator.get('description'):
                    e += Label(
                        'Description', '<br/>'.join(
                            encode_to_utf8(
                                indicator.get('description')).split('\n')))

                response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response

コード例 #8

0

ファイルを表示

ファイル: amap.py プロジェクト: wanghao233/sploitego

def dotransform(request, response):
    s = AmapScanner()
    f = NamedTemporaryFile(suffix='.gnmap', mode='wb')
    f.write(NmapReportParser(file(request.entity.file).read()).greppable)
    f.flush()
    r = s.scan(['-bqi', f.name], AmapReportParser)
    f.close()
    for b in r.banners:
        e = BuiltWithTechnology(b[1])
        e += Label('Destination', b[0])
        e += Label('Extra Information', b[2])
        response += e
    return response

コード例 #9

0

ファイルを表示

ファイル: dnscachesnoop.py プロジェクト: wanghao233/sploitego

def dotransform(request, response):
    nameserver = request.value

    if nslookup_raw('www.google.ca', resolver=nameserver).answer:
        for site in config['dnscachesnoop/wordlist']:
            debug('Resolving %s' % site)

            msg = nslookup_raw(site, resolver=nameserver, recursive=False)
            if not msg.answer:
                msg = nslookup_raw('www.%s' % site,
                                   resolver=nameserver,
                                   recursive=False)
            if msg.answer:
                e = DNSName(site)
                t = Table(['Name', 'Query Class', 'Query Type', 'Data', 'TTL'],
                          'Cached Answers')
                for rrset in msg.answer:
                    for rr in rrset:
                        t.addrow([
                            rrset.name.to_text(),
                            dns.rdataclass.to_text(rr.rdclass),
                            dns.rdatatype.to_text(rr.rdtype),
                            rr.to_text(), rrset.ttl
                        ])
                e += Label('Cached Answers from %s' % nameserver,
                           t,
                           type='text/html')
                response += e
    else:
        response += UIMessage(
            'DNS server did not respond to initial DNS request.')
    return response

コード例 #10

0

ファイルを表示

ファイル: nmap.py プロジェクト: josephrexme/sploitego

def addsystems(report, response):
    for addr in report.addresses:
        for osm in report.os(addr)['osmatch']:
            e = OS(osm['name'])
            e.name = osm['name']
            e += Label('Accuracy', osm['accuracy'])
            response += e

コード例 #11

0

ファイルを表示

ファイル: dnscachesnoop.py プロジェクト: josephrexme/sploitego

def dotransform(request, response):
    ip = request.value
    ans = nslookup("www.google.ca", nameserver=ip)
    if ans is not None:
        for site in config['dnscachesnoop/wordlist']:
            debug('Resolving %s' % site)
            ans = nslookup(site, nameserver=ip, rd=0)
            if not ans[DNS].ancount:
                ans = nslookup('www.%s' % site, nameserver=ip, rd=0)
            if ans[DNS].ancount:
                e = DNSName(site)
                t = Table(['Name', 'Query Class', 'Query Type', 'Data', 'TTL'],
                          'Cached Answers')
                for i in range(0, ans[DNS].ancount):
                    rr = ans[DNS].an[i]
                    t.addrow([
                        rr.rrname.rstrip('.'),
                        rr.sprintf('%rclass%'),
                        rr.sprintf('%type%'),
                        rr.rdata.rstrip('.'),
                        rr.sprintf('%ttl%')
                    ])
                e += Label('Cached Answers', t, type='text/html')
                response += e
    else:
        response += UIMessage(
            'DNS server did not respond to initial DNS request.')
    return response

コード例 #12

0

ファイルを表示

def dotransform(request, response):
    r = geoip(request.value)
    if r is not None:
        if 'error' in r:
            response += UIMessage(r['error'])
            return response
        locname = ''
        cityf = None
        countryf = None
        if 'city' in r:
            locname += r['city']
            cityf = r['city']
        if 'countryName' in r:
            locname += ', %s' % r['countryName']
            countryf = r['countryName']
        e = Location(locname)
        if 'longitude' in r and 'latitude' in r:
            e.longitude = r['longitude']
            e.latitude = r['latitude']
            link = maplink(r)
            e += Label('Map It', A(link, link), type='text/html')
        if 'region' in r:
            e.area = r['region']
        if cityf is not None:
            e.city = cityf
        if countryf is not None:
            e.country = countryf
            e.iconurl = flag(countryf)
        if 'countryCode' in r:
            e.countrycode =  r['countryCode']
            if e.iconurl is None:
                e.iconurl = flag(r['countryCode'])
        response += e
    return response

コード例 #13

0

ファイルを表示

def to_clients(response, output):
    cat = None
    for line in output.split('\n'):
        if not line:
            continue
        elif line.startswith('      '):
            e = None
            if cat in range(Category.AlternativeTargetInterfaces,
                            Category.OtherAssociations):
                for ip in ip_matcher.findall(line):
                    e = IPv4Address(ip)
                    e += Field('category',
                               Category.name(cat),
                               displayname='Category')
                    response += e
            elif cat == Category.OtherAssociations:
                ip, desc = line.strip().split(' ', 1)
                e = IPv4Address(ip)
                e += Label('Additional Info', desc)
                e += Field('category',
                           Category.name(cat),
                           displayname='Category')
                response += e
        elif line.startswith('  '):
            for id in range(Category.AlternativeTargetInterfaces,
                            Category.OtherAssociations + 1):
                if Category.name(id) in line:
                    cat = id
                    break

コード例 #14

0

ファイルを表示

ファイル: nmap.py プロジェクト: josephrexme/sploitego

def addports(report, response):

    for addr in report.addresses:
        for port in report.ports(addr):
            e = Port(port['portid'])
            e.protocol = port['protocol'].upper()
            e.status = port['state'].title()
            e.destination = addr
            e.response = port['reason']
            e += Label('Service Name', port.get('name', 'unknown'))
            if 'servicefp' in port:
                e += Label('Service Fingerprint', port['servicefp'])
            if 'extrainfo' in port:
                e += Label('Extra Information', port['extrainfo'])
            if 'method' in port:
                e += Label('Method', port['method'])
            response += e

コード例 #15

0

ファイルを表示

ファイル: toTransactionAmount.py プロジェクト: r3sult/bitcoin-explorer

def dotransform(request, response, config):

    try:
        e = BitcoinAmount(request.fields['amount'])
        e += Field("date", request.fields['date'], displayname='Date')
        e += Field("trans_type",
                   request.fields['trans_type'],
                   displayname='Transaction Type')
        e += Field("trans_hash", request.value, displayname="Transaction Hash")
        e += Label("Transaction Type", request.fields['trans_type'])
        e += Label("Transaction Date", request.fields['date'])
        response += e

        return response

    except Exception as e:
        raise MaltegoException('An error occured: %s' % e)

コード例 #16

0

ファイルを表示

ファイル: CoAToThreatCentral.py プロジェクト: mshelton/blackberries

def dotransform(request, response, config):

    try:
        results = search(request.value, size=10, pages=1)
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')

    else:
        try:
            for result in results:
                rtype = lower(result.get('type'))
                if result.get('tcScore'):
                    weight = int(result.get('tcScore'))
                else:
                    weight = 1
                # Title ID Description
                if rtype == 'actor':
                    # Check Title, if no title get resource > name
                    # Actor entity can have an empty title field
                    if result.get('title'):
                        e = Actor(encode_to_utf8(result.get('title')), weight=weight)
                    else:
                        e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight)
                        e.name = encode_to_utf8(result.get('resource', dict()).get('name'))
                        e.actor = encode_to_utf8(result.get('resource', dict()).get('name'))
                elif rtype == 'case':
                    e = Case(encode_to_utf8(result.get('title')), weight=weight)
                elif rtype == 'coursesofactions':
                    e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight)
                elif rtype == 'indicator':
                    e = Indicator(encode_to_utf8(result.get('title')), weight=weight)
                elif rtype == 'incident':
                    e = Incident(encode_to_utf8(result.get('title')), weight=weight)
                # elif rtype == 'tacticstechniquesandprocedures':
                elif rtype == 'ttp':
                    e = TTP(encode_to_utf8(result.get('title')), weight=weight)
                else:
                    # To be safe
                    e = Phrase(encode_to_utf8(result.get('title')), weight=weight)
                    debug(rtype)

                e.title = encode_to_utf8(result.get('title'))
                e.resourceId = result.get('id')

                if result.get('description'):
                    e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description',
                                                                                     '')).split('\n')))

                response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response

コード例 #17

0

ファイルを表示

ファイル: IndicatorToURI.py プロジェクト: mshelton/blackberries

def dotransform(request, response, config):
    if 'ThreatCentral.resourceId' in request.fields:
        try:
            indicator = get_indicator(request.fields['ThreatCentral.resourceId'])
        except ThreatCentralError as err:
            indicator = None
            response += UIMessage(err.value, type='PartialError')

        if indicator:
            try:
                # Update Indicator entity ?
                e = Indicator(request.value)
                e.title = encode_to_utf8(indicator.get('title'))
                e.resourceId = indicator.get('resourceId')
                e.severity = indicator.get('severity', dict()).get('displayName')
                e.confidence = indicator.get('confidence', dict()).get('displayName')
                e.indicatorType = indicator.get('indicatorType', dict()).get('displayName')

                e += Label('Severity', indicator.get('severity', dict()).get('displayName'))
                e += Label('Confidence', indicator.get('confidence', dict()).get('displayName'))
                e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName'))

                if indicator.get('description'):
                    e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description')
                                                                          ).split('\n')))

                response += e

                if len(indicator.get('observables', list())) is not 0:
                    for observable in indicator.get('observables'):
                        if upper(observable.get('type', dict()).get('value')) == 'URI':
                            e = URL(observable.get('value'))
                            e.url = observable.get('value')
                            e += Label('URI', observable.get('value'))

                            response += e

            except AttributeError as err:
                response += UIMessage('Error: {}'.format(err), type='PartialError')
            except ThreatCentralError as err:
                response += UIMessage(err.value, type='PartialError')
            except TypeError:
                return response

    return response

コード例 #18

0

ファイルを表示

ファイル: contacts_recon.py プロジェクト: shizzz477/recon-ng-maltego

def dotransform(request, response, config):
    workspace = request.value
    contacts_gather(workspace)
    contacts_enum(workspace)
    msg = "Contact Mangle to Create Email addresses enter <fn>.<ln>, etc"
    title = "Mangle Contacts to Emails"
    fieldNames = ["Pattern"]
    fieldValues = []
    fieldValues = multenterbox(msg, title, fieldNames)

    while 1:
        if fieldValues is None:
            break
        errmsg = ""
        for i in range(len(fieldNames)):
            if fieldValues[i].strip() == "":
                errmsg += ('"%s" is a required field.\n\n' % fieldNames[i])
        if errmsg == "":
            break  # no problems found
        fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues)

    contacts_mangle(workspace, fieldValues[0])

    dbcon = db_connect(workspace)
    contact_list = get_contacts(dbcon)

    for fullname in contact_list:
        if fullname[0] is None or fullname[1] is None:
            pass
        else:
            e = Person(fullname[0] + ' ' + fullname[1])
            e += Field("workspace", workspace, displayname='Workspace')
            e += Field("fname", fullname[0], displayname='First Name')
            e += Field("lname", fullname[1], displayname='Last Name')
            e += Field("title", fullname[3], displayname='Title')
            e += Field("location", str(fullname[4]) + ', ' + str(fullname[5]), displayname='Location')
            e += Label("Title", fullname[3])
            e += Label("Location", str(fullname[4]) + ', ' + str(fullname[5]))
            response += e

    return response

コード例 #19

0

ファイルを表示

def dotransform(request, response, config):

    if 'workspace' in request.fields:
        workspace = request.fields['workspace']
    else:
        workspace = request.value

    dbcon = db_connect(workspace)
    pushpin_list = get_pushpin(dbcon)

    for puser in pushpin_list:
        if 'Picasa' == puser[0]:
            e = Image(puser[6],
                      url=puser[4])
            e += Field("workspace", workspace, displayname='Workspace')
            e += Label('Picasa Profile User', puser[2])
            e += Label('Picasa Profile URL', puser[3])
            e += Label('Published Date', puser[9])
            response += e

    return response

コード例 #20

0

ファイルを表示

def dotransform(request, response, config):

    if 'ThreatCentral.resourceId' in request.fields:
        try:
            coa = get_incident(request.fields['ThreatCentral.resourceId'])
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        else:
            try:
                # Show linked Courses Of Actions
                if len(coa.get('coursesOfAction', list())) is not 0:
                    for coa in coa.get('coursesOfAction'):
                        if coa.get('tcScore'):
                            weight = int(coa.get('tcScore'))
                        else:
                            weight = 1

                        e = CoursesOfAction(encode_to_utf8(coa.get('title')),
                                            weight=weight)
                        e.title = encode_to_utf8(coa.get('title'))
                        e += Label('Title', encode_to_utf8(coa.get('title')))
                        e.resourceId = coa.get('resourceId')

                        if coa.get('description'):
                            e += Label(
                                'Description', '<br/>'.join(
                                    encode_to_utf8(
                                        coa.get('description')).split('\n')))

                        response += e

            except AttributeError as err:
                response += UIMessage('Error: {}'.format(err),
                                      type='PartialError')
            except ThreatCentralError as err:
                response += UIMessage(err.value, type='PartialError')
            except TypeError:
                return response

    return response

コード例 #21

0

ファイルを表示

ファイル: IndicatorFromThreatCentral.py プロジェクト: mshelton/blackberries

def dotransform(request, response, config):
    if 'ThreatCentral.resourceId' in request.fields:
        try:
            indicator = get_indicator(
                request.fields['ThreatCentral.resourceId'])
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        else:
            try:
                # Update Indicator entity
                e = Indicator(request.value)
                e.title = encode_to_utf8(indicator.get('title'))
                e.resourceId = indicator.get('resourceId')

                e += Label(
                    'Severity',
                    indicator.get('severity', dict()).get('displayName'))
                e += Label(
                    'Confidence',
                    indicator.get('confidence', dict()).get('displayName'))
                e += Label(
                    'Indicator Type',
                    indicator.get('indicatorType', dict()).get('displayName'))

                if indicator.get('description'):
                    e += Label(
                        'Description', '<br/>'.join(
                            encode_to_utf8(
                                indicator.get('description')).split('\n')))

                response += e
            except AttributeError as err:
                response += UIMessage('Error: {}'.format(err),
                                      type='PartialError')
            except ThreatCentralError as err:
                response += UIMessage(err.value, type='PartialError')
            except TypeError:
                return response

    return response

コード例 #22

0

ファイルを表示

def dotransform(request, response):
    s = getscanner()
    args = [
        '-n', '-sV', '-p', request.value, request.fields['ip.destination']
    ] + request.params
    if request.fields['protocol'] == 'UDP':
        args.insert(0, '-sU')
    r = s.scan(args, NmapReportParser)
    if r is not None:
        for host in r.addresses:
            for port in r.ports(host):
                e = BuiltWithTechnology(r.tobanner(port))
                if 'servicefp' in port:
                    e += Label('Service Fingerprint', port['servicefp'])
                if 'extrainfo' in port:
                    e += Label('Extra Information', port['extrainfo'])
                if 'method' in port:
                    e += Label('Method', port['method'])
                response += e
    else:
        response += UIMessage(s.error)
    return response

コード例 #23

0

ファイルを表示

def dotransform(request, response):
    s = getscanner()
    args = ['-n', '-Pn', '-sV', '-p', request.value] + request.params
    if not request.entity.protocol:
        request.entity.protocol = 'TCP'
    elif request.entity.protocol.upper() == 'UDP':
        args.insert(0, '-sU')
    r = s.scan(request.entity.destination, *args)
    if r is not None:
        for host in r.addresses:
            for port in r.ports(host):
                e = BuiltWithTechnology(r.tobanner(port))
                if 'servicefp' in port:
                    e += Label('Service Fingerprint', port['servicefp'])
                if 'extrainfo' in port:
                    e += Label('Extra Information', port['extrainfo'])
                if 'method' in port:
                    e += Label('Method', port['method'])
                response += e
    else:
        response += UIMessage(s.error)
    return response

コード例 #24

0

ファイルを表示

def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
    # prepare some attributes to a better form
    a['data'] = None  # empty the file content as we really don't need this here
    if a['type'] == 'malware-sample':
        a['type'] = 'filename|md5'
    if a['type'] == 'regkey|value':  # LATER regkey|value => needs to be a special non-combined object
        a['type'] = 'regkey'

    combined_tags = event_tags
    if 'Galaxy' in a and not only_self:
        for g in a['Galaxy']:
            for c in g['GalaxyCluster']:
                yield galaxycluster_to_entity(c)

    # complement the event tags with the attribute tags.
    if 'Tag' in a and not only_self:
            for t in a['Tag']:
                combined_tags.append(t['name'])
                # ignore all misp-galaxies
                if t['name'].startswith('misp-galaxy'):
                    continue
                # ignore all those we add as notes
                if tag_matches_note_prefix(t['name']):
                    continue
                yield Hashtag(t['name'], bookmark=Bookmark.Green)

    notes = convert_tags_to_note(combined_tags)

    # special cases
    if a['type'] in ('url', 'uri'):
        yield(URL(url=a['value'], short_title=a['value'], link_label=link_label, notes=notes, bookmark=Bookmark.Green))
        return

    # attribute is from an object, and a relation gives better understanding of the type of attribute
    if a.get('object_relation') and mapping_misp_to_maltego.get(a['object_relation']):
        entity_obj = mapping_misp_to_maltego[a['object_relation']][0]
        yield entity_obj(a['value'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green)

    # combined attributes
    elif '|' in a['type']:
        t_1, t_2 = a['type'].split('|')
        v_1, v_2 = a['value'].split('|')
        if t_1 in mapping_misp_to_maltego:
            entity_obj = mapping_misp_to_maltego[t_1][0]
            labels = [Label('comment', a.get('comment'))]
            if entity_obj == File:
                labels.append(Label('hash', v_2))
            yield entity_obj_to_entity(entity_obj, v_1, t_1, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green)  # LATER change the comment to include the second part of the regkey
        if t_2 in mapping_misp_to_maltego:
            entity_obj = mapping_misp_to_maltego[t_2][0]
            labels = [Label('comment', a.get('comment'))]
            if entity_obj == Hash:
                labels.append(Label('filename', v_1))
            yield entity_obj_to_entity(entity_obj, v_2, t_2, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green)  # LATER change the comment to include the first part of the regkey

    # normal attributes
    elif a['type'] in mapping_misp_to_maltego:
        entity_obj = mapping_misp_to_maltego[a['type']][0]
        yield entity_obj_to_entity(entity_obj, a['value'], a['type'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green)

コード例 #25

0

ファイルを表示

ファイル: pushpin2shodan.py プロジェクト: shizzz477/recon-ng-maltego

def dotransform(request, response, config):

    if 'workspace' in request.fields:
        workspace = request.fields['workspace']
    else:
        workspace = request.value

    dbcon = db_connect(workspace)
    pushpin_list = get_pushpin(dbcon)

    for shost in pushpin_list:
        if 'Shodan' == shost[0]:
            ipsplit = shost[1].split(":")
            e = IPv4Address(ipsplit[0])
            e += Field("workspace", workspace, displayname='Workspace')
            e += Field("port", ipsplit[1], displayname='Port')
            e += Field("hostname", shost[6], displayname='Hostname')
            e += Label('Shodan Query', shost[4])
            e += Label('Hostname', shost[6])
            e += Label('Published Date', shost[9])
            response += e

    return response

コード例 #26

0

ファイルを表示

ファイル: toAddressAmountRecieved.py プロジェクト: r3sult/bitcoin-explorer

def dotransform(request, response, config):

    try:
        btc_add = bitcoin_address(request.value)
        e = BitcoinAmount(btc_add['received_bitcoin_total'],
                          address=request.value)
        e += Label("Bitcoin Address", request.value)
        e.linklabel = 'Received'
        response += e

        return response

    except Exception as e:
        raise MaltegoException('An error occured: %s' % e)

コード例 #27

0

ファイルを表示

ファイル: isc_asreport.py プロジェクト: threatinteltest/Malformity

def dotransform(request, response):
	#Build Request
	page = buildas(request.value)

	try:		
		tables = page.find('table').findNext('table')
		for entry in tables.findAll('a'):
			ip = entry.text
			rpts = entry.findNext('td')
			trgts = rpts.findNext('td')
			first = trgts.findNext('td')
			last = first.findNext('td')
			
			temp = IPv4Address(ip)
			temp += Label('Reports', rpts.text)
			temp += Label('Targets', trgts.text)
			temp.linklabel = first.text + ' - ' + last.text

		
			response += temp
	except:
		return response
		
	return response

コード例 #28

0

ファイルを表示

ファイル: PhraseToIncidents.py プロジェクト: mshelton/blackberries

def dotransform(request, response, config):

    try:
        incidents = search_incident(request.value)
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')
        return response
    else:
        try:
            for incident in incidents:
                if incident.get('tcScore'):
                    weight = int(incident.get('tcScore'))
                else:
                    weight = 1
                incident = incident.get('resource')
                if incident:
                    e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
                    e.title = encode_to_utf8(incident.get('title'))
                    e.resourceId = incident.get('resourceId')
                    # e.resourceId = incident.get('id')
                    e.reportedOn = incident.get('reportedOn')
                    e += Label('Reported On', incident.get('reportedOn'))

                    if len(incident.get('incidentCategory', list())) is not 0:
                        e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                     for _ in incident.get('incidentCategory',
                                                                                           list())]))

                    if len(incident.get('affectedAsset', list())) is not 0:
                        e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                  for _ in incident.get('affectedAsset', list())]))

                    if len(incident.get('incidentEffect', list())) is not 0:
                        e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                   for _ in incident.get('incidentEffect', list())]))

                    if len(incident.get('discoveryMethod', list())) is not 0:
                        e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                    for _ in incident.get('discoveryMethod', list())]))

                    if incident.get('description'):
                        e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
                                                                              ).split('\n')))

                    response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response

コード例 #29

0

ファイルを表示

def dotransform(request, response, config):

    try:
        btc_add = bitcoin_address(request.value)
        e = BitcoinAddress(request.value)
        e += Label("Short URL", btc_add['short_link'])
        e += Label("Date First Seen", btc_add['first_seen_date'])
        e += Label("First Seen in Block", btc_add['first_seen_block'])
        e += Label("Total Transactions Received",
                   btc_add['received_transactions'])
        e += Label("Total Bitcoins Received",
                   btc_add['received_bitcoin_total'])
        e += Label("Total Sent Transactions", btc_add['sent_transactions'])
        e += Label("Total Bitcoins Sent", btc_add['sent_bitcoins'])
        e += Label("Hash", btc_add['hash160'])
        e += Label("PublicKey", btc_add['public_key'])

        response += e

        return response

    except Exception as e:
        raise MaltegoException('An error occured: %s' % e)

コード例 #30

0

ファイルを表示

ファイル: pipltorelationships.py プロジェクト: wanghao233/sploitego

def dotransform(request, response):
    p = JSONDecoder().decode(
        pipljsonsearch(first_name=request.entity.firstnames or '',
                       last_name=request.entity.lastname or ''))

    if 'error' in p:
        response += UIMessage(p['error'])

    for r in p['results']['records']:
        if 'relationships' in r:
            for rel in r['relationships']:
                e = Person(rel['name']['display'])
                e += Label('Source',
                           '<a href="%s">%s</a>' %
                           (r['source']['url'], r['source']['@ds_name']),
                           type='text/html')
                response += e

    return response