def CedulaToPuestoDeVotacion(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value #cedula='1026585665' website = 'wsp.registraduria.gov.co/estadodocs/resultadobusqueda.php?cedula=' #port = m.getVar('ports') #port = port.split(',') #ssl = m.getVar('website.ssl-enabled') try: url = 'https://' + website + cedula html = requests.get(url).text soup = BeautifulSoup(html, 'html.parser') #print r.text.encode('utf-8') res = soup.findAll("table", {"class": "tabla_solicitud"}) lista = [] for i in res: lista = i.find_all('b') direccion = str(lista[1]) departamento = str(lista[2]) direccion = direccion.replace("<b>", "").replace("</b>", "") departamento = departamento.replace("<b>", "").replace("</b>", "") ent = TRX.addEntity('eci.LugarExpedicion', direccion) ent.addAdditionalFields("properity.eci.departamento", "Departamento", True, departamento) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip == ip) s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() #logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for res in results: logging.debug(res) url, cookies = res #logging.debug(cookies) NewEnt = TRX.addEntity("maltego.URL", url) NewEnt.addAdditionalFields("url", "URL", "strict", url) TRX.returnOutput()
def bitcoinAddressToBlockchainDetails(bitcoinAddress=None): ''' Method that checks if the given bitcoinAddress is stored in the HIBP website. :param bitcoinAddress: bitcoinAddress to verify. ''' jsonData = blockchain.getBitcoinAddressDetails(address=bitcoinAddress) me = MaltegoTransform() # Adding the data to the current Bitcoin address newEnt = me.addEntity("i3visio.bitcoin.address", bitcoinAddress) newEnt.setDisplayInformation(json.dumps(jsonData, sort_keys=True, indent=2)) newEnt.addAdditionalFields("Final balance (nanobitcoins)", "Final balance (nanobitcoins)", True, str(jsonData["final_balance"])) newEnt.addAdditionalFields("Total sent (nanobitcoins)", "Total sent (nanobitcoins)", True, str(jsonData["total_sent"])) newEnt.addAdditionalFields("Total received (nanobitcoins)", "Total received (nanobitcoins)", True, str(jsonData["total_received"])) newEnt.addAdditionalFields("Number of transactions", "Number of transactions", True, str(jsonData["n_tx"])) # In this case, no new entity is added... # newEnt = me.addEntity(<name_of_i3visio_entity>,<value_of_the_entity>) # Returning the output text... me.returnOutput()
def CedulaToNombrei88y_d8rr(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("i88y-d8rr", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cedula'] == cedula): nombres = r[i]['nombre'] apellidos = r[i]['apellidos'] full = nombres + " " + apellidos break ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombres) ent.addAdditionalFields("person.lastname", "Surname", True, apellidos) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. # s = select([proxs.c.drone], and_(*filters)).distinct() s = select([sess.c.drone], and_(*filters)).distinct() logging.debug(filters) logging.debug(s) r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() for drone in results: logging.debug(drone) NewEnt = TRX.addEntity("snoopy.Drone", drone) NewEnt.addAdditionalFields("properties.drone", "drone", "strict", drone) NewEnt.addAdditionalFields("start_time", "start_time", "strict", start_time) NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time) #NewEnt.addAdditionalFields("drone", "drone", "strict", drone) #NewEnt.addAdditionalFields("location", "location", "strict", location) TRX.returnOutput()
def getCompany(me, query=None, trans=None): me = MaltegoTransform() #country = me.getVar("nemi.countrytoo") #print countr countryFrom = trans.loc[(trans.drzavaStranke == country.upper())] if any(countryFrom['drzavaPrejemnika'].str.contains(query.upper())): countryTo = countryFrom.loc[(trans.drzavaPrejemnika == query.upper())] companyPrint = countryTo.prejemnik allSums = getSum(companyPrint, countryTo) for i in companyPrint: sumCountry = countryTo[countryTo['prejemnik'] == i]['znesek'].sum() address = countryFrom[countryTo['prejemnik'] == i]['sedezPrejemnika'] addressPrint = np.unique(address, return_index=False) getReason = countryTo[countryTo['prejemnik'] == i]['namenNakazila'] comma = intWithCommas(sumCountry) test = me.addEntity("Maltego.Phrase", i) #test.addProperty('value','Sum transfer: ','strict', sumCountry) #test.setLinkColor('0xFF0000') test.addAdditionalFields("value", "Sum transfer EUR:", True, str(comma)) for j in addressPrint: test.addAdditionalFields("Address", "Address:", True, j) #test.addAdditionalFields("value", "Reason: ", True, getReason) else: me.addUIMessage("Country not in the list") return me
def PersonToTelefonoDireccionCorreo_6kcx_kbuk(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6kcx-kbuk", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == nombre): cc = r[i]['doc_identidad'] partido = r[i]['partido_politico'] celular = r[i]['celular'] correo = r[i]['correo_electronico'] break ent = TRX.addEntity('maltego.EmailAddress', correo) ent1 = TRX.addEntity('maltego.PhoneNumber', celular) ent1.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido) ent3 = TRX.addEntity('eci.Cedula', cc) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() # reading samples table ... c.execute("SELECT * FROM samples") found = c.fetchall() if found is not None: for i in range(0, len(found)): # adding Sample entity name = found[i][2] me.addEntity("ran2.Sample", name) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") me.returnOutput() conn.commit() c.close()
def hashToMD5crackDotCom(hash=None): ''' Method that checks if the given email is stored in the md5crack.com. :param email: email to verify. ''' me = MaltegoTransform() jsonData = md5crack.checkIfCrackedInMD5crack(hash=hash) # This returns a dictionary like: """ { "phrase": "4d186321c1a7f0f354b297e8914ab240", "code": 6, "parsed": "hola", "response": "The MD5 hash was cracked." }""" #print json.dumps(entities, indent=2) if not jsonData["parsed"] == "": newEnt = me.addEntity("i3visio.text", jsonData["parsed"]) newEnt.setDisplayInformation( "<h3>" + jsonData["parsed"] + "</h3><p>" + json.dumps(jsonData, sort_keys=True, indent=2) + "</p>") for field in jsonData.keys(): if field != "parsed": pass # [TO-DO] Appending all the information from the json: #newEnt.addAdditionalFields(field,field,True,breach[field]) # Returning the output text... me.returnOutput()
def parsereport(page): xform = MaltegoTransform() try: try: single = page.find(text='To mark the presence in the system, the following Mutex object was created:').findNext('ul').li.text except: single = None try: multiple = page.find(text='To mark the presence in the system, the following Mutex objects were created:').findNext('ul') except: multiple = None if single is not None: entity = xform.addEntity("maltego.IPv4Address", single) if multiple is not None: for mutex in multiple.findAll('li'): entity = xform.addEntity("maltego.Phrase", mutex.text) elif multiple is not None: for mutex in multiple.findAll('li'): entity = xform.addEntity("maltego.Phrase", mutex.text) else: sys.exit("No Mutexes Reported") except: sys.exit("Error finding Mutexes.") xform.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend( (cookies.c.client_mac == mac, cookies.c.baseDomain == domain)) s = select([cookies.c.name, cookies.c.value], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for cookie in results: logging.debug(cookie) name, value = cookie NewEnt = TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value", "Value", "strict", value) NewEnt.addAdditionalFields("fqdn", "Domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters.append(ssids.c.mac==mac) s = select([ssids.c.ssid], and_(*filters)) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for ssid in results: #ssid = b64decode(ssid) ssid=escape(ssid) ssid = illegal_xml_re.sub('', ssid) if not ssid.isspace() and ssid: NewEnt=TRX.addEntity("snoopy.SSID", ssid) NewEnt.addAdditionalFields("properties.ssid","ssid", "strict",ssid) TRX.returnOutput()
def NombreToCargo(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("2gvv-khi3", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['nombre'] == nombre.upper()) : cargo=r[i]['cargo'] direccion = r[i]['direccion'] email=r[i]['email'] telefono=r[i]['telefono'] break ent=TRX.addEntity('eci.Cargo', cargo) ent.addAdditionalFields("properity.direccion", "Direccion", True, direccion) ent.addAdditionalFields("properity.email", "Email", True, email) ent.addAdditionalFields("properity.telefono", "Telefono", True, telefono) except Exception as e: TRX.addUIMessage("Nombre no encontrado en la base de datos") TRX.returnOutput()
def PersonToDireccion(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("3ard-sj8g", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre_prestador'] == nombre): dir = r[i]['nombre_concejal'] barrio = r[i]['barrio'] l = r[i]['localizacion']['coordinates'] break ent = TRX.addEntity('maltego.Location', dir) ent.addAdditionalFields("country", "Country", True, "Colombia") ent.addAdditionalFields("location.area", "Area", True, barrio) ent.addAdditionalFields("streetaddress", "Street Address", True, dir) ent.addAdditionalFields("longitude", "Longitude", True, l[0]) ent.addAdditionalFields("latitude", "Latituded", True, l[1]) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(argv): if (argv[1] == "caseyso"): namesList = ["bobbyo", "jjc", "alf", "courtp"] elif (argv[1] == "jjc"): namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"] elif (argv[1] == "alf"): namesList = ["mrclean", "jjc", "alf", "courtp", "joe"] elif (argv[1] == "bobbyo"): namesList = ["jjc", "caseyso", "brat322"] else: users = twitterSearch.getFollowers(argv[1]) if (DEBUG): print users searchString = '' for i in range(len(users['users'])): searchString += str(users['users'][i]['id']) + ',' if (DEBUG): print searchString[:-1] names = twitterSearch.idToUsername(searchString[:-1]) namesList = [] for name in names: namesList.append(name['screen_name']) if (DEBUG): print namesList mt = MaltegoTransform() for user_name in namesList: if (DEBUG): print user_name mt.addEntity("maltego.Twit", user_name) mt.returnOutput()
def emailToBreachedAccounts(email=None): ''' Method that checks if the given email is stored in the HIBP website. :param email: email to verify. ''' me = MaltegoTransform() jsonData = HIBP.checkIfHackedInHIBP(email=email) # This returns a dictionary like: # [{"Title":"Adobe","Name":"Adobe","Domain":"adobe.com","BreachDate":"2013-10-4","AddedDate":"2013-12-04T00:12Z","PwnCount":152445165,"Description":"The big one. In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href=\"http://stricture-group.com/files/adobe-top100.txt\" target=\"_blank\">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href=\"http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html\" target=\"_blank\">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.","DataClasses":["Email addresses","Password hints","Passwords","Usernames"]}] #print json.dumps(entities, indent=2) for breach in jsonData: newEnt = me.addEntity("i3visio.breach",breach["Title"]) newEnt.setDisplayInformation("<h3>" + breach["Title"] +"</h3><p>" + json.dumps(breach, sort_keys=True, indent=2) + "!</p>"); for field in breach.keys(): if field != "Title": pass # [TO-DO] Appending all the information from the json: #newEnt.addAdditionalFields(field,field,True,breach[field]) # Returning the output text... me.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(cookies.c.client_mac == mac) #s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL. s = select([cookies.c.host], and_(*filters)) logging.debug(s) logging.debug(mac) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for domain in results: domain = illegal_xml_re.sub('', domain) NewEnt = TRX.addEntity("maltego.Domain", domain) NewEnt.addAdditionalFields("fqdn", "Domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac) TRX.returnOutput()
def PersonToTelefonoCorreo_u5cm_hpr6(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #person=sys.argv[1] person = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == person): celular = r[i]['celular'] email = r[i]['correo_electr_nico'] break ent = TRX.addEntity('maltego.PhoneNumber', celular) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('maltego.EmailAddress', email) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip == ip) s = select([weblogs.c.useragent], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for ua in results: logging.debug(ua) if str(ua).find('None') < 1: NewEnt = TRX.addEntity("snoopy.useragent", str(ua)) NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] mac2 = "" for x in xrange(0, 11, 2): mac2 += mac[x] + mac[x + 1] if x < 10: mac2 += ":" filters.append(leases.c.mac == mac2) s = select([leases.c.ip], and_(*filters)) logging.debug(s) logging.debug(mac2) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for ip in results: NewEnt = TRX.addEntity("maltego.IPv4Address", ip) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac) NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip) TRX.returnOutput()
def EmailToTelefonoDirection_6hgq_bdxw(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #email=sys.argv[1] email = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6hgq-bdxw", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): correos = r[i]['correo_electronico'] correos = correos.split(";") if (email in correos): telefono = r[i]['telefonos'] dir = r[i]['direccion'] break ent = TRX.addEntity('maltego.PhoneNumber', telefono) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('maltego.Location', dir) ent2.addAdditionalFields("country", "Country", True, "Colombia") ent2.addAdditionalFields("streetaddress", "Street Address", True, dir) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToConsejal(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) cedula = m.Value #cedula=sys.argv[1] #cedula = '91457340' try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cc'] == cedula): genero = r[i]['genero'] partido = r[i]['partido_politico'] municipio = r[i]['municipio'] nombre_concejal = r[i]['nombre_concejal'] break ent = TRX.addEntity('eci.Consejal', nombre_concejal) ent.addAdditionalFields("properity.genero", "Genero", True, genero) ent.addAdditionalFields("properity.partido", "Partido", True, partido) ent.addAdditionalFields("properity.municipio", "Municipio", True, municipio) ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") return TRX.returnOutput()
def main(argv): myURLs = LinkedIn(sys.argv[1]) mt = MaltegoTransform(); for urls in myURLs: mt.addEntity("maltego.Alias", urls) mt.returnOutput()
def selectEvent(eventID): s = shelve.open(eventDB) s['id'] = eventID s['age'] = datetime.today() s.close() mt = MaltegoTransform() mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID) mt.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) global TRX ip = TRX.getVar("properties.client_ip") if TRX.getVar("client_ip"): ip = TRX.getVar("client_ip") domain = TRX.getVar("domain") filters = [] if ip: filters.append(sslstrip.c.client == ip) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.key, sslstrip.c.value], and_(*filters)).distinct() results = db.execute(s).fetchall() for res in results: key, value = res NewEnt = TRX.addEntity("snoopy.sslstripResult", key) NewEnt.addAdditionalFields("key", "key", "strict", value) NewEnt.addAdditionalFields("value", "Value", "strict", value) TRX.returnOutput() #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip)) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters)) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for res in results: domain, client_mac, client_ip = res NewEnt = TRX.addEntity("snoopy.Site", domain) NewEnt.addAdditionalFields("domain", "domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac) NewEnt.addAdditionalFields("client_ip", "Client IP", "strict", client_ip) TRX.returnOutput()
def main(): filters.append(wigle.c.ssid == ssid) filters.append(wigle.c.overflow == 0) s = select([wigle], and_(*filters)).distinct().limit(limit) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for address in results: if len(results) > 20: break #ssid = b64decode(ssid) #ssid=escape(ssid) #ssid = illegal_xml_re.sub('', ssid) logging.debug(type(address)) street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address['lat']),str(address['long'])) street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long'])) map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long'])) flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper() #NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8')) NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8')) NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8')) NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8')) NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8')) NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat'])) NewEnt.addAdditionalFields("long","long", "strict", str(address['long'])) NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8')) NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode']) NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8')) NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8')) NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid']) NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8')) NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8')) NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url) NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2) #NewEnt.setIconURL(flag_img) logging.debug(street_view_url1) NewEnt.setIconURL(street_view_url1) NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view") NewEnt.addDisplayInformation("one","two") #try: TRX.returnOutput()
def extractAllEntitiesFromI3visioText(argv): ''' Method that obtains all the entities in a given i3visio.Object that contains an i3visio.text property. :param argv: the serialized entity. :return: Nothing is returned but the code of the entities is created. ''' me = MaltegoTransform() #me.parseArguments(argv); #data = sys.argv[1] # Trying to recover all the possible i3visio entities found_fields = {} #data = me.getVar("i3visio.text") data = sys.argv[1] entities = entify.getEntitiesByRegexp(data=data) # This returns a dictionary like: # {'email': {'reg_exp': ['[a-zA-Z0-9\\.\\-]+@[a-zA-Z0-9\\.\\-]+\\.[a-zA-Z]+'], 'found_exp': ['*****@*****.**', '*****@*****.**']}} #print entities #print json.dumps(entities, indent=2) for type_regexp in entities: for k in type_regexp.keys(): for element in type_regexp[k]['found_exp']: if k == "i3visio.bitcoin.address": bitcoinAddress = str(element) newEnt = me.addEntity(k, str(element)) # Looking for information on Blockchain jsonData = blockchain.getBitcoinAddressDetails( address=bitcoinAddress) # Adding the fields newEnt.setDisplayInformation( json.dumps(jsonData, sort_keys=True, indent=2)) newEnt.addAdditionalFields("Final balance (nanobitcoins)", "Final balance (nanobitcoins)", True, str(jsonData["final_balance"])) newEnt.addAdditionalFields("Total sent (nanobitcoins)", "Total sent (nanobitcoins)", True, str(jsonData["total_sent"])) newEnt.addAdditionalFields( "Total received (nanobitcoins)", "Total received (nanobitcoins)", True, str(jsonData["total_received"])) newEnt.addAdditionalFields("Number of transactions", "Number of transactions", True, str(jsonData["n_tx"])) else: newEnt = me.addEntity(k, str(element)) # Returning the output text... me.returnOutput()
def handleNessusScanEntity(entityValue="", properties=""): global allHosts global pluginIncludeList nessusFiles = [] pluginfilter = "" fileStr = None #parse calling entity properties nessusScanProps = properties.split("#") for prop in nessusScanProps: if NESSUSSCANPATHPROP in prop: nessusScansDirProp = prop.split("=") if len(nessusScansDirProp) > 1: fileStr = sanitize(nessusScansDirProp[1], [("\\\\", "\\")]) if "pluginfilter" in prop: pluginFilterProp = prop.split("=") if len(pluginFilterProp) > 1: pluginfilter = pluginFilterProp[1] #prompt user for nessus files if not already specified fileStr, nessusFiles = getNessusScanFiles(fileStr) #prompt user for user for plugin selections if len(pluginfilter) < 1: parseNessus(nessusFiles, GATHERPLUGINMODE) data = getSelectedPlugins() for plugin in data: pluginIncludeList.append(plugin[0]) else: pluginIncludeList = eval(pluginfilter) #start creation of Maltego message MaltegoMessage = MaltegoTransform() #ensure properties of calling entity updated ent = MaltegoMessage.addEntity("securifera.NessusScan", entityValue) ent.addProperty(NESSUSSCANPATHPROP, NESSUSSCANPATHPROPDIS, value=fileStr) ent.addProperty("pluginfilter", "PluginFilter", value=str(pluginIncludeList)) #parse files for IPv4Address entity creation parseNessus(nessusFiles, IPENTITYMODE) for host in allHosts: host.addCustomProperty( EntityProperty(NESSUSSCANPATHPROP, "NessusPath", fileStr)) host.addCustomProperty( EntityProperty("includelist", "IncludeList", str(pluginIncludeList))) host.addEntity(MaltegoMessage) xmlStr = MaltegoMessage.returnOutput() return xmlStr
def new_transform(arg): m = MaltegoTransform() url = 'http://10.1.99.250:8125/api/v1.0/%s' % arg try: r = requests.get(url) j = r.json() print j except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def parsereport(page): xform = MaltegoTransform() table = page.find("div", {"id": "network_hosts"}).findNext('table') elements = table.findAll('td', {"class": "row"}) for element in elements: text = element.find(text=True) entity = xform.addEntity("maltego.IPv4Address", text) xform.returnOutput()