def parsereport(page):
xform = MaltegoTransform()
try:
try:
single = page.find(text='To mark the presence in the system, the following Mutex object was created:').findNext('ul').li.text
except:
single = None
try:
multiple = page.find(text='To mark the presence in the system, the following Mutex objects were created:').findNext('ul')
except:
multiple = None
if single is not None:
entity = xform.addEntity("maltego.IPv4Address", single)
if multiple is not None:
for mutex in multiple.findAll('li'):
entity = xform.addEntity("maltego.Phrase", mutex.text)
elif multiple is not None:
for mutex in multiple.findAll('li'):
entity = xform.addEntity("maltego.Phrase", mutex.text)
else:
sys.exit("No Mutexes Reported")
except:
sys.exit("Error finding Mutexes.")
xform.returnOutput()
def PersonToTelefonoDireccionCorreo_6kcx_kbuk(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6kcx-kbuk", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre'] == nombre):
cc = r[i]['doc_identidad']
partido = r[i]['partido_politico']
celular = r[i]['celular']
correo = r[i]['correo_electronico']
break
ent = TRX.addEntity('maltego.EmailAddress', correo)
ent1 = TRX.addEntity('maltego.PhoneNumber', celular)
ent1.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
ent3 = TRX.addEntity('eci.Cedula', cc)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def EmailToTelefonoDirection_6hgq_bdxw(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#email=sys.argv[1]
email = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6hgq-bdxw", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
correos = r[i]['correo_electronico']
correos = correos.split(";")
if (email in correos):
telefono = r[i]['telefonos']
dir = r[i]['direccion']
break
ent = TRX.addEntity('maltego.PhoneNumber', telefono)
ent.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent2 = TRX.addEntity('maltego.Location', dir)
ent2.addAdditionalFields("country", "Country", True, "Colombia")
ent2.addAdditionalFields("streetaddress", "Street Address", True, dir)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def main(argv):
if argv[1] == "caseyso":
namesList = ["bobbyo", "jjc", "alf", "courtp"]
elif argv[1] == "jjc":
namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"]
elif argv[1] == "alf":
namesList = ["mrclean", "jjc", "alf", "courtp", "joe"]
elif argv[1] == "bobbyo":
namesList = ["jjc", "caseyso", "brat322"]
else:
users = twitterSearch.getFollowers(argv[1])
if DEBUG:
print users
searchString = ""
for i in range(len(users["users"])):
searchString += str(users["users"][i]["id"]) + ","
if DEBUG:
print searchString[:-1]
names = twitterSearch.idToUsername(searchString[:-1])
namesList = []
for name in names:
namesList.append(name["screen_name"])
if DEBUG:
print namesList
mt = MaltegoTransform()
for user_name in namesList:
if DEBUG:
print user_name
mt.addEntity("maltego.Twit", user_name)
mt.returnOutput()
def main(argv):
if (argv[1] == "caseyso"):
namesList = ["bobbyo", "jjc", "alf", "courtp"]
elif (argv[1] == "jjc"):
namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"]
elif (argv[1] == "alf"):
namesList = ["mrclean", "jjc", "alf", "courtp", "joe"]
elif (argv[1] == "bobbyo"):
namesList = ["jjc", "caseyso", "brat322"]
else:
users = twitterSearch.getFollowers(argv[1])
if (DEBUG): print users
searchString = ''
for i in range(len(users['users'])):
searchString += str(users['users'][i]['id']) + ','
if (DEBUG): print searchString[:-1]
names = twitterSearch.idToUsername(searchString[:-1])
namesList = []
for name in names:
namesList.append(name['screen_name'])
if (DEBUG): print namesList
mt = MaltegoTransform()
for user_name in namesList:
if (DEBUG): print user_name
mt.addEntity("maltego.Twit", user_name)
mt.returnOutput()
def PersonToTelefonoCorreo_u5cm_hpr6(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#person=sys.argv[1]
person = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre'] == person):
celular = r[i]['celular']
email = r[i]['correo_electr_nico']
break
ent = TRX.addEntity('maltego.PhoneNumber', celular)
ent.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent2 = TRX.addEntity('maltego.EmailAddress', email)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def main(argv):
myURLs = LinkedIn(sys.argv[1])
mt = MaltegoTransform();
for urls in myURLs:
mt.addEntity("maltego.Alias", urls)
mt.returnOutput()
def extractAllEntitiesFromI3visioText(argv):
'''
Method that obtains all the entities in a given i3visio.Object that contains an i3visio.text property.
:param argv: the serialized entity.
:return: Nothing is returned but the code of the entities is created.
'''
me = MaltegoTransform()
#me.parseArguments(argv);
#data = sys.argv[1]
# Trying to recover all the possible i3visio entities
found_fields = {}
#data = me.getVar("i3visio.text")
data = sys.argv[1]
entities = entify.getEntitiesByRegexp(data=data)
# This returns a dictionary like:
# {'email': {'reg_exp': ['[a-zA-Z0-9\\.\\-]+@[a-zA-Z0-9\\.\\-]+\\.[a-zA-Z]+'], 'found_exp': ['*****@*****.**', '*****@*****.**']}}
#print entities
#print json.dumps(entities, indent=2)
for type_regexp in entities:
for k in type_regexp.keys():
for element in type_regexp[k]['found_exp']:
if k == "i3visio.bitcoin.address":
bitcoinAddress = str(element)
newEnt = me.addEntity(k, str(element))
# Looking for information on Blockchain
jsonData = blockchain.getBitcoinAddressDetails(
address=bitcoinAddress)
# Adding the fields
newEnt.setDisplayInformation(
json.dumps(jsonData, sort_keys=True, indent=2))
newEnt.addAdditionalFields("Final balance (nanobitcoins)",
"Final balance (nanobitcoins)",
True,
str(jsonData["final_balance"]))
newEnt.addAdditionalFields("Total sent (nanobitcoins)",
"Total sent (nanobitcoins)",
True,
str(jsonData["total_sent"]))
newEnt.addAdditionalFields(
"Total received (nanobitcoins)",
"Total received (nanobitcoins)", True,
str(jsonData["total_received"]))
newEnt.addAdditionalFields("Number of transactions",
"Number of transactions", True,
str(jsonData["n_tx"]))
else:
newEnt = me.addEntity(k, str(element))
# Returning the output text...
me.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
#db.echo=True
#Need to implement outer join at some point:
# s=select([cookies.c.client_mac]).outerjoin(vends, cookies.c.client_mac == vends.c.mac) #Outer join
sl = select([leases.c.mac, leases.c.hostname]).distinct()
lease_list = dict(db.execute(sl).fetchall())
#filters.append(cookies.c.client_mac == vends.c.mac) # Replaced with JOIN
j = cookies.outerjoin(vends, cookies.c.client_mac == vends.c.mac)
s = select([cookies.c.client_mac, vends.c.vendor, vends.c.vendorLong],
and_(*filters)).select_from(j).distinct()
logging.debug(s)
#s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters))
if ssid:
nfilters = []
nfilters.append(ssids.c.ssid == ssid)
nfilters.append(ssids.c.mac == vends.c.mac)
s = select([ssids.c.mac, vends.c.vendor, vends.c.vendorLong],
and_(*nfilters))
#logging.debug(s)
#s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(cookies.c.client_mac == vends.c.mac, cookies.c.num_probes>1 ) ).distinct()
cwdF = [cookies.c.run_id == sess.c.run_id]
cw = select([cookies.c.client_mac], and_(*cwdF))
logging.debug(cw)
r = db.execute(s)
results = r.fetchall()
TRX = MaltegoTransform()
for mac, vendor, vendorLong in results:
hostname = lease_list.get(mac)
if hostname:
NewEnt = TRX.addEntity("snoopy.Client",
"%s\n(%s)" % (vendor, hostname))
else:
NewEnt = TRX.addEntity("snoopy.Client",
"%s\n(%s)" % (vendor, mac[6:]))
NewEnt.addAdditionalFields("mac", "mac address", "strict", mac)
NewEnt.addAdditionalFields("vendor", "vendor", "nostrict", vendor)
NewEnt.addAdditionalFields("vendorLong", "vendorLong", "nostrict",
vendorLong)
TRX.returnOutput()
def CorreoToPersonDireccionTelefono_mk5f_bdwx(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#email=sys.argv[1]
email = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['correo_electronico'] == email):
celular = r[i]['celular']
direccion = r[i]['direccion']
celular2 = r[i]['telefonos']
barrio = r[i]['municipio']
nombre = r[i]['nombre']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[
2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent2 = TRX.addEntity('maltego.PhoneNumber', celular)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent3 = TRX.addEntity('maltego.PhoneNumber', celular2)
ent3.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
#db.echo=True
#Need to implement outer join at some point:
# s=select([cookies.c.client_mac]).outerjoin(vends, cookies.c.client_mac == vends.c.mac) #Outer join
sl = select([leases.c.mac, leases.c.hostname]).distinct()
lease_list = dict ( db.execute(sl).fetchall() )
#filters.append(cookies.c.client_mac == vends.c.mac) # Replaced with JOIN
j = cookies.outerjoin(vends, cookies.c.client_mac == vends.c.mac)
s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)).select_from(j).distinct()
logging.debug(s)
#s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters))
if ssid:
nfilters=[]
nfilters.append(ssids.c.ssid == ssid)
nfilters.append(ssids.c.mac == vends.c.mac)
s = select([ssids.c.mac,vends.c.vendor, vends.c.vendorLong], and_(*nfilters))
#logging.debug(s)
#s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(cookies.c.client_mac == vends.c.mac, cookies.c.num_probes>1 ) ).distinct()
cwdF = [cookies.c.run_id == sess.c.run_id]
cw = select([cookies.c.client_mac], and_(*cwdF))
logging.debug(cw)
r = db.execute(s)
results = r.fetchall()
TRX = MaltegoTransform()
for mac,vendor,vendorLong in results:
hostname = lease_list.get(mac)
if hostname:
NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,hostname))
else:
NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,mac[6:]))
NewEnt.addAdditionalFields("mac","mac address", "strict",mac)
NewEnt.addAdditionalFields("vendor","vendor", "nostrict", vendor)
NewEnt.addAdditionalFields("vendorLong","vendorLong", "nostrict", vendorLong)
TRX.returnOutput()
def emailToBreachedAccounts(email=None):
'''
Method that checks if the given email is stored in the HIBP website.
:param email: email to verify.
'''
me = MaltegoTransform()
jsonData = HIBP.checkIfHackedInHIBP(email=email)
# This returns a dictionary like:
# [{"Title":"Adobe","Name":"Adobe","Domain":"adobe.com","BreachDate":"2013-10-4","AddedDate":"2013-12-04T00:12Z","PwnCount":152445165,"Description":"The big one. In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href=\"http://stricture-group.com/files/adobe-top100.txt\" target=\"_blank\">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href=\"http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html\" target=\"_blank\">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.","DataClasses":["Email addresses","Password hints","Passwords","Usernames"]}]
#print json.dumps(entities, indent=2)
for breach in jsonData:
newEnt = me.addEntity("i3visio.breach",breach["Title"])
newEnt.setDisplayInformation("<h3>" + breach["Title"] +"</h3><p>" + json.dumps(breach, sort_keys=True, indent=2) + "!</p>");
for field in breach.keys():
if field != "Title":
pass
# [TO-DO] Appending all the information from the json:
#newEnt.addAdditionalFields(field,field,True,breach[field])
# Returning the output text...
me.returnOutput()
def bitcoinAddressToBlockchainDetails(bitcoinAddress=None):
'''
Method that checks if the given bitcoinAddress is stored in the HIBP website.
:param bitcoinAddress: bitcoinAddress to verify.
'''
jsonData = blockchain.getBitcoinAddressDetails(address=bitcoinAddress)
me = MaltegoTransform()
# Adding the data to the current Bitcoin address
newEnt = me.addEntity("i3visio.bitcoin.address", bitcoinAddress)
newEnt.setDisplayInformation(json.dumps(jsonData, sort_keys=True, indent=2))
newEnt.addAdditionalFields("Final balance (nanobitcoins)", "Final balance (nanobitcoins)", True, str(jsonData["final_balance"]))
newEnt.addAdditionalFields("Total sent (nanobitcoins)", "Total sent (nanobitcoins)", True, str(jsonData["total_sent"]))
newEnt.addAdditionalFields("Total received (nanobitcoins)", "Total received (nanobitcoins)", True, str(jsonData["total_received"]))
newEnt.addAdditionalFields("Number of transactions", "Number of transactions", True, str(jsonData["n_tx"]))
# In this case, no new entity is added...
# newEnt = me.addEntity(<name_of_i3visio_entity>,<value_of_the_entity>)
# Returning the output text...
me.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.extend(
(cookies.c.client_mac == mac, cookies.c.baseDomain == domain))
s = select([cookies.c.name, cookies.c.value], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for cookie in results:
logging.debug(cookie)
name, value = cookie
NewEnt = TRX.addEntity("snoopy.Cookie", name)
NewEnt.addAdditionalFields("value", "Value", "strict", value)
NewEnt.addAdditionalFields("fqdn", "Domain", "strict", domain)
NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
mac2 = ""
for x in xrange(0, 11, 2):
mac2 += mac[x] + mac[x + 1]
if x < 10:
mac2 += ":"
filters.append(leases.c.mac == mac2)
s = select([leases.c.ip], and_(*filters))
logging.debug(s)
logging.debug(mac2)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for ip in results:
NewEnt = TRX.addEntity("maltego.IPv4Address", ip)
NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac)
NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip)
TRX.returnOutput()
def NombreToCargo(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre=m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("2gvv-khi3", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['nombre'] == nombre.upper()) :
cargo=r[i]['cargo']
direccion = r[i]['direccion']
email=r[i]['email']
telefono=r[i]['telefono']
break
ent=TRX.addEntity('eci.Cargo', cargo)
ent.addAdditionalFields("properity.direccion", "Direccion", True, direccion)
ent.addAdditionalFields("properity.email", "Email", True, email)
ent.addAdditionalFields("properity.telefono", "Telefono", True, telefono)
except Exception as e:
TRX.addUIMessage("Nombre no encontrado en la base de datos")
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip == ip)
s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
#logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for res in results:
logging.debug(res)
url, cookies = res
#logging.debug(cookies)
NewEnt = TRX.addEntity("maltego.URL", url)
NewEnt.addAdditionalFields("url", "URL", "strict", url)
TRX.returnOutput()
def CedulaToPuestoDeVotacion(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
#cedula='1026585665'
website = 'wsp.registraduria.gov.co/estadodocs/resultadobusqueda.php?cedula='
#port = m.getVar('ports')
#port = port.split(',')
#ssl = m.getVar('website.ssl-enabled')
try:
url = 'https://' + website + cedula
html = requests.get(url).text
soup = BeautifulSoup(html, 'html.parser')
#print r.text.encode('utf-8')
res = soup.findAll("table", {"class": "tabla_solicitud"})
lista = []
for i in res:
lista = i.find_all('b')
direccion = str(lista[1])
departamento = str(lista[2])
direccion = direccion.replace("<b>", "").replace("</b>", "")
departamento = departamento.replace("<b>", "").replace("</b>", "")
ent = TRX.addEntity('eci.LugarExpedicion', direccion)
ent.addAdditionalFields("properity.eci.departamento", "Departamento",
True, departamento)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def PersonToDireccion(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("3ard-sj8g", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre_prestador'] == nombre):
dir = r[i]['nombre_concejal']
barrio = r[i]['barrio']
l = r[i]['localizacion']['coordinates']
break
ent = TRX.addEntity('maltego.Location', dir)
ent.addAdditionalFields("country", "Country", True, "Colombia")
ent.addAdditionalFields("location.area", "Area", True, barrio)
ent.addAdditionalFields("streetaddress", "Street Address", True, dir)
ent.addAdditionalFields("longitude", "Longitude", True, l[0])
ent.addAdditionalFields("latitude", "Latituded", True, l[1])
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip==ip)
s = select([weblogs.c.useragent], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for ua in results:
logging.debug(ua)
if str(ua).find('None') < 1:
NewEnt=TRX.addEntity("snoopy.useragent", str(ua))
NewEnt.addAdditionalFields("ip","Client IP", "strict",ip)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(cookies.c.client_mac==mac)
#s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL.
s = select([cookies.c.host], and_(*filters))
logging.debug(s)
logging.debug(mac)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for domain in results:
domain = illegal_xml_re.sub('', domain)
NewEnt=TRX.addEntity("maltego.Domain", domain)
NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain)
NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac)
TRX.returnOutput()
def getCompany(me, query=None, trans=None):
me = MaltegoTransform()
#country = me.getVar("nemi.countrytoo")
#print countr
countryFrom = trans.loc[(trans.drzavaStranke == country.upper())]
if any(countryFrom['drzavaPrejemnika'].str.contains(query.upper())):
countryTo = countryFrom.loc[(trans.drzavaPrejemnika == query.upper())]
companyPrint = countryTo.prejemnik
allSums = getSum(companyPrint, countryTo)
for i in companyPrint:
sumCountry = countryTo[countryTo['prejemnik'] == i]['znesek'].sum()
address = countryFrom[countryTo['prejemnik'] ==
i]['sedezPrejemnika']
addressPrint = np.unique(address, return_index=False)
getReason = countryTo[countryTo['prejemnik'] == i]['namenNakazila']
comma = intWithCommas(sumCountry)
test = me.addEntity("Maltego.Phrase", i)
#test.addProperty('value','Sum transfer: ','strict', sumCountry)
#test.setLinkColor('0xFF0000')
test.addAdditionalFields("value", "Sum transfer EUR:", True,
str(comma))
for j in addressPrint:
test.addAdditionalFields("Address", "Address:", True, j)
#test.addAdditionalFields("value", "Reason: ", True, getReason)
else:
me.addUIMessage("Country not in the list")
return me
def hashToMD5crackDotCom(hash=None):
'''
Method that checks if the given email is stored in the md5crack.com.
:param email: email to verify.
'''
me = MaltegoTransform()
jsonData = md5crack.checkIfCrackedInMD5crack(hash=hash)
# This returns a dictionary like:
""" {
"phrase": "4d186321c1a7f0f354b297e8914ab240",
"code": 6,
"parsed": "hola",
"response": "The MD5 hash was cracked."
}"""
#print json.dumps(entities, indent=2)
if not jsonData["parsed"] == "":
newEnt = me.addEntity("i3visio.text", jsonData["parsed"])
newEnt.setDisplayInformation(
"<h3>" + jsonData["parsed"] + "</h3><p>" +
json.dumps(jsonData, sort_keys=True, indent=2) + "</p>")
for field in jsonData.keys():
if field != "parsed":
pass
# [TO-DO] Appending all the information from the json:
#newEnt.addAdditionalFields(field,field,True,breach[field])
# Returning the output text...
me.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
# s = select([proxs.c.drone], and_(*filters)).distinct()
s = select([sess.c.drone], and_(*filters)).distinct()
logging.debug(filters)
logging.debug(s)
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
for drone in results:
logging.debug(drone)
NewEnt=TRX.addEntity("snoopy.Drone", drone)
NewEnt.addAdditionalFields("properties.drone","drone", "strict",drone)
NewEnt.addAdditionalFields("start_time", "start_time", "strict", start_time)
NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time)
#NewEnt.addAdditionalFields("drone", "drone", "strict", drone)
#NewEnt.addAdditionalFields("location", "location", "strict", location)
TRX.returnOutput()
def CedulaToNombrei88y_d8rr(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("i88y-d8rr", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cedula'] == cedula):
nombres = r[i]['nombre']
apellidos = r[i]['apellidos']
full = nombres + " " + apellidos
break
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
nombres)
ent.addAdditionalFields("person.lastname", "Surname", True, apellidos)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip==ip)
s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
#logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for res in results:
logging.debug(res)
url, cookies = res
#logging.debug(cookies)
NewEnt=TRX.addEntity("maltego.URL", url)
NewEnt.addAdditionalFields("url","URL", "strict",url)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.extend((cookies.c.client_mac==mac, cookies.c.baseDomain==domain))
s = select([cookies.c.name, cookies.c.value], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for cookie in results:
logging.debug(cookie)
name, value = cookie
NewEnt=TRX.addEntity("snoopy.Cookie", name)
NewEnt.addAdditionalFields("value","Value", "strict",value)
NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain)
NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(cookies.c.client_mac == mac)
#s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL.
s = select([cookies.c.host], and_(*filters))
logging.debug(s)
logging.debug(mac)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for domain in results:
domain = illegal_xml_re.sub('', domain)
NewEnt = TRX.addEntity("maltego.Domain", domain)
NewEnt.addAdditionalFields("fqdn", "Domain", "strict", domain)
NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
# s = select([proxs.c.drone], and_(*filters)).distinct()
s = select([sess.c.drone], and_(*filters)).distinct()
logging.debug(filters)
logging.debug(s)
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
for drone in results:
logging.debug(drone)
NewEnt = TRX.addEntity("snoopy.Drone", drone)
NewEnt.addAdditionalFields("properties.drone", "drone", "strict",
drone)
NewEnt.addAdditionalFields("start_time", "start_time", "strict",
start_time)
NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time)
#NewEnt.addAdditionalFields("drone", "drone", "strict", drone)
#NewEnt.addAdditionalFields("location", "location", "strict", location)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip == ip)
s = select([weblogs.c.useragent], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for ua in results:
logging.debug(ua)
if str(ua).find('None') < 1:
NewEnt = TRX.addEntity("snoopy.useragent", str(ua))
NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip)
TRX.returnOutput()
def CedulaToConsejal(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
cedula = m.Value
#cedula=sys.argv[1]
#cedula = '91457340'
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cc'] == cedula):
genero = r[i]['genero']
partido = r[i]['partido_politico']
municipio = r[i]['municipio']
nombre_concejal = r[i]['nombre_concejal']
break
ent = TRX.addEntity('eci.Consejal', nombre_concejal)
ent.addAdditionalFields("properity.genero", "Genero", True, genero)
ent.addAdditionalFields("properity.partido", "Partido", True, partido)
ent.addAdditionalFields("properity.municipio", "Municipio", True,
municipio)
ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
return TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters.append(ssids.c.mac==mac)
s = select([ssids.c.ssid], and_(*filters))
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for ssid in results:
#ssid = b64decode(ssid)
ssid=escape(ssid)
ssid = illegal_xml_re.sub('', ssid)
if not ssid.isspace() and ssid:
NewEnt=TRX.addEntity("snoopy.SSID", ssid)
NewEnt.addAdditionalFields("properties.ssid","ssid", "strict",ssid)
TRX.returnOutput()
def main(argv):
url = sys.argv[1]
html = urllib.urlopen(url).read()
emails = collectAllEmail(html)
#print emails
#myfile = open('emails.csv', 'wb')
#wr = csv.writer(myfile, quoting=csv.QUOTE_ALL)
#wr.writerow(emails)
mt = MaltegoTransform()
for email in emails:
mt.addEntity("maltego.EmailAddress", email)
mt.returnOutput()
def main(argv):
url = sys.argv[1];
html = urllib.urlopen(url).read()
emails = collectAllEmail(html)
#print emails
#myfile = open('emails.csv', 'wb')
#wr = csv.writer(myfile, quoting=csv.QUOTE_ALL)
#wr.writerow(emails)
mt = MaltegoTransform();
for email in emails:
mt.addEntity("maltego.EmailAddress", email)
mt.returnOutput()
def TelefonoToCorreoDireccionPerson_6kcx_kbuk(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#telefono=sys.argv[1]
telefono=m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6kcx-kbuk", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['celular'] == telefono) :
cc=r[i]['doc_identidad']
nombre=r[i]['nombre_concejal']
partido=r[i]['partido_politico']
correo_electronico= r[i]['correo_electronico']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico)
ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
ent3 = TRX.addEntity('eci.Cedula', cc)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def handleNessusScanEntity(entityValue="", properties=""):
global allHosts
global pluginIncludeList
nessusFiles = []
pluginfilter = ""
fileStr = None
#parse calling entity properties
nessusScanProps = properties.split("#")
for prop in nessusScanProps:
if NESSUSSCANPATHPROP in prop:
nessusScansDirProp = prop.split("=")
if len(nessusScansDirProp) > 1:
fileStr = sanitize(nessusScansDirProp[1], [("\\\\", "\\")])
if "pluginfilter" in prop:
pluginFilterProp = prop.split("=")
if len(pluginFilterProp) > 1:
pluginfilter = pluginFilterProp[1]
#prompt user for nessus files if not already specified
fileStr, nessusFiles = getNessusScanFiles(fileStr)
#prompt user for user for plugin selections
if len(pluginfilter) < 1:
parseNessus(nessusFiles, GATHERPLUGINMODE)
data = getSelectedPlugins()
for plugin in data:
pluginIncludeList.append(plugin[0])
else:
pluginIncludeList = eval(pluginfilter)
#start creation of Maltego message
MaltegoMessage = MaltegoTransform()
#ensure properties of calling entity updated
ent = MaltegoMessage.addEntity("securifera.NessusScan", entityValue)
ent.addProperty(NESSUSSCANPATHPROP, NESSUSSCANPATHPROPDIS, value=fileStr)
ent.addProperty("pluginfilter",
"PluginFilter",
value=str(pluginIncludeList))
#parse files for IPv4Address entity creation
parseNessus(nessusFiles, IPENTITYMODE)
for host in allHosts:
host.addCustomProperty(
EntityProperty(NESSUSSCANPATHPROP, "NessusPath", fileStr))
host.addCustomProperty(
EntityProperty("includelist", "IncludeList",
str(pluginIncludeList)))
host.addEntity(MaltegoMessage)
xmlStr = MaltegoMessage.returnOutput()
return xmlStr
def main():
filters.append(wigle.c.ssid == ssid)
filters.append(wigle.c.overflow == 0)
s = select([wigle], and_(*filters)).distinct().limit(limit)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for address in results:
if len(results) > 20:
break
#ssid = b64decode(ssid)
#ssid=escape(ssid)
#ssid = illegal_xml_re.sub('', ssid)
logging.debug(type(address))
street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address['lat']),str(address['long']))
street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long']))
map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long']))
flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper()
#NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8'))
NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8'))
NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8'))
NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat']))
NewEnt.addAdditionalFields("long","long", "strict", str(address['long']))
NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode'])
NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8'))
NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid'])
NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8'))
NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8'))
NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)
#NewEnt.setIconURL(flag_img)
logging.debug(street_view_url1)
NewEnt.setIconURL(street_view_url1)
NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")
NewEnt.addDisplayInformation("one","two")
#try:
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
global TRX
ip = TRX.getVar("properties.client_ip")
if TRX.getVar("client_ip"):
ip = TRX.getVar("client_ip")
domain = TRX.getVar("domain")
filters = []
if ip:
filters.append(sslstrip.c.client == ip)
if domain:
filters.append(sslstrip.c.domain == domain)
s = select([sslstrip.c.key, sslstrip.c.value],
and_(*filters)).distinct()
results = db.execute(s).fetchall()
for res in results:
key, value = res
NewEnt = TRX.addEntity("snoopy.sslstripResult", key)
NewEnt.addAdditionalFields("key", "key", "strict", value)
NewEnt.addAdditionalFields("value", "Value", "strict", value)
TRX.returnOutput()
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip))
if domain:
filters.append(sslstrip.c.domain == domain)
s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters))
r = db.execute(s)
results = r.fetchall()
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for res in results:
domain, client_mac, client_ip = res
NewEnt = TRX.addEntity("snoopy.Site", domain)
NewEnt.addAdditionalFields("domain", "domain", "strict", domain)
NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac)
NewEnt.addAdditionalFields("client_ip", "Client IP", "strict",
client_ip)
TRX.returnOutput()
def parsereport(page):
xform = MaltegoTransform()
table = page.find("div", {"id" : "network_hosts"}).findNext('table')
elements = table.findAll('td', {"class" : "row"})
for element in elements:
text = element.find(text=True)
entity = xform.addEntity("maltego.IPv4Address", text)
xform.returnOutput()
def parsereport(page):
xform = MaltegoTransform()
try:
for element in page.findAll(text=re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")):
entity = xform.addEntity("maltego.IPv4Address", element)
except:
sys.exit("Report contains no IPs.")
xform.returnOutput()
def main(argv):
url = sys.argv[1];
html = urllib.urlopen(url).read()
emails = collectAllEmail(html)
#print emails
#myfile = open('emails.csv', 'wb')
#wr = csv.writer(myfile, quoting=csv.QUOTE_ALL)
#wr.writerow(emails)
mt = MaltegoTransform();
for email in emails:
index = email.find('@');
alias = email[:index]
mt.addEntity("maltego.Alias", alias)
mt.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.IPv4Address', i['ipaddr'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, arg)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
# reading samples table ...
c.execute("SELECT * FROM samples")
found = c.fetchall()
if found is not None:
for i in range(0, len(found)):
# adding Sample entity
name = found[i][2]
me.addEntity("ran2.Sample", name)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
me.returnOutput()
conn.commit()
c.close()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
global TRX
ip = TRX.getVar("properties.client_ip")
if TRX.getVar("client_ip"):
ip = TRX.getVar("client_ip")
domain = TRX.getVar("domain")
filters = []
if ip:
filters.append(sslstrip.c.client == ip)
if domain:
filters.append(sslstrip.c.domain == domain)
s = select([sslstrip.c.key, sslstrip.c.value], and_(*filters)).distinct()
results = db.execute(s).fetchall()
for res in results:
key, value = res
NewEnt = TRX.addEntity("snoopy.sslstripResult", key)
NewEnt.addAdditionalFields("key", "key", "strict", value)
NewEnt.addAdditionalFields("value", "Value", "strict", value)
TRX.returnOutput()
# Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip))
if domain:
filters.append(sslstrip.c.domain == domain)
s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters))
r = db.execute(s)
results = r.fetchall()
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u"[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]")
for res in results:
domain, client_mac, client_ip = res
NewEnt = TRX.addEntity("snoopy.Site", domain)
NewEnt.addAdditionalFields("domain", "domain", "strict", domain)
NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac)
NewEnt.addAdditionalFields("client_ip", "Client IP", "strict", client_ip)
TRX.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
m.parseArguments(arg)
ip = m.getVar('ipv4-address')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.AS', i['asn'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide an ip_addr!")
sys.exit()
else:
input = sys.argv[1].split("=")
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
if ip_addr != "":
ip = ip_addr.split(".")
ip_addr = ip[0] + "." + ip[1] + "." + ip[2]
input = '"%' + ip_addr + '%"'
sql1 = "SELECT * FROM ip where ip_addr like " + input
# checking database, ip table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
source = found1[i][2]
ip_addr = found1[i][5]
# adding entity IP Entity
if ip_addr != "" and ip_addr != sys.argv[1]:
entity = MaltegoEntity()
entity.setType("maltego.IPv4Address")
entity.setValue(ip_addr)
entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080")
me.addEntityToMessage(entity)
else:
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip==ip)
s = select([weblogs.c.host, weblogs.c.path, weblogs.c.cookies], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for res in results:
#logging.debug(res)
host, path, cookies = res
logging.debug(host)
#logging.debug(path)
logging.debug(cookies)
if len(cookies) > 2:
foo = cookies.split(", ")
for cookie in foo:
name, value = cookie.split(": ")
name = name.split('"')[1]
value = value.split('"')[1]
logging.debug(name)
logging.debug(value)
NewEnt=TRX.addEntity("snoopy.Cookie", name)
NewEnt.addAdditionalFields("value","Value", "strict",value)
NewEnt.addAdditionalFields("fqdn","Domain", "strict",host)
#NewEnt.addAdditionalFields("path","Path", "strict",path)
NewEnt.addAdditionalFields("ip","Client IP", "strict",ip)
TRX.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
hosts = re.findall(r'.+', output)
host = []
for i in hosts:
if i[0] == '"':
host.append(i[1:-1])
else:
host.append(i)
# Remove header value
host.remove('host')
# Adding new Host entities and properties.
for a in host:
ent = me.addEntity("munk.Host",a)
ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A')
# If status is set, ping the server and set the bookmark color based on response.
if status == "1":
try:
status = subprocess.check_output('ping -c 1 ' + a, shell=True)
if "bytes from" in status:
ent.addAdditionalFields('bookmark#','Bookmark','',"1")
elif "cannot" in status:
ent.addAdditionalFields('bookmark#','Bookmark','',"4")
except subprocess.CalledProcessError, e:
ent.addAdditionalFields('bookmark#','Bookmark','',"4")
else:
pass
#!/usr/bin/env python
import sys
import urllib2
from MaltegoTransform import *
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
SearchString = mt.getValue()
mt = MaltegoTransform()
url = 'http://api.predator.wtf/resolver/?arguments='+SearchString
ipaddress = urllib2.urlopen(url).read()
mt.addEntity("maltego.IPv4Address",ipaddress)
mt.returnOutput()
website = m.getVar('fqdn')
port = m.getVar('ports')
port = port.split(',')
ssl = m.getVar('website.ssl-enabled')
robots = []
try:
for c in port:
if ssl == 'true':
url = 'https://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
else:
url = 'http://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
except Exception as e:
m.addUIMessage(str(e))
# Determine which REST call to make based on authentication setting.
if auth == "1":
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --data-urlencode search="search index=' + sourcetype + ' earliest=' + timeframe + ' | table sourcetype | dedup sourcetype" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
else:
output = subprocess.check_output('curl -s -k --data-urlencode search="search index=' + sourcetype + ' earliest=' + timeframe + ' | table sourcetype | dedup sourcetype" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True)
# Regex to find Sourcetype
sourcetype = re.findall(r'.+', output)
sourcetypes = []
for i in sourcetype:
if i[0] == '"':
sourcetypes.append(i[1:-1])
else:
sourcetypes.append(i)
# Remove header value
sourcetypes.remove('sourcetype')
# Adding new Sourcetype entities and properties.
for source in sourcetypes:
ent = me.addEntity("munk.Sourcetype",source)
ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A')
# Return Maltego Output
me.returnOutput()
else:
output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
else:
if proxy == "1":
output = subprocess.check_output('curl --socks5 ' + proxy_ip + ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
else:
output = subprocess.check_output('curl -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True)
# XML Parsing with ElementTree
root = ET.fromstring(output)
entry = root.find('{http://www.w3.org/2005/Atom}entry')
content = entry.find('{http://www.w3.org/2005/Atom}content')
dic = content.find('{http://dev.splunk.com/ns/rest}dict')
app = ".//{http://dev.splunk.com/ns/rest}key[@name='" + application + "']"
app2 = content.find(app)
app_d = app2[0]
sc = app_d.find(".//{http://dev.splunk.com/ns/rest}key[@name='serverclasses']")
serverclass = sc[0][0].text
# Adding new Server Class entities and properties based on XML results.
ent = me.addEntity("munk.ServerClass",serverclass)
ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A')
ent.addAdditionalFields('ds','DS IP','',ds)
ent.addAdditionalFields('dsport', 'DS Port','',dsport)
# Return Maltego Output
me.returnOutput()
from mcrits_utils import *
crits = mcrits()
me = MaltegoTransform()
me.parseArguments(sys.argv)
id_ = me.getVar('id')
crits_type = me.getVar('crits_type')
for result in crits.get_related(crits_type, id_, 'Actor'):
# For each related object, get the details.
obj = crits.get_single_obj('Actor', result[1])
# For each identifer, get the name.
identifiers = []
for id_dict in obj['identifiers']:
id_obj = crits.get_single_obj('ActorIdentifier',
id_dict['identifier_id'])
identifiers.append(id_obj['name'])
ent = me.addEntity(result[0], obj['name'])
ent.addAdditionalFields(fieldName='id',
displayName='id',
value=result[1])
ent.addAdditionalFields(fieldName='aliases',
displayName='Aliases',
value=obj['aliases'])
ent.addAdditionalFields(fieldName='identifiers',
displayName='Identifiers',
value=identifiers)
me.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre
e.addAdditionalFields("CSV File",filepath,True,filepath)
MT.returnOutput()
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
# TODO: Is there a better way to do this ?
try:
conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
sg_name = conn.get_all_security_groups(group_ids=group_id)[0]
sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1])
ent.addAdditionalFields("SecurityGroup", "Group ID", "strict", str(group_id))
rule_nums = len(sec_rules)
m.addUIMessage("Completed.")
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
