def PersonToTelefonoCorreo_u5cm_hpr6(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #person=sys.argv[1] person = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == person): celular = r[i]['celular'] email = r[i]['correo_electr_nico'] break ent = TRX.addEntity('maltego.PhoneNumber', celular) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('maltego.EmailAddress', email) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def getCompany(me, query=None, trans=None): me = MaltegoTransform() #country = me.getVar("nemi.countrytoo") #print countr countryFrom = trans.loc[(trans.drzavaStranke == country.upper())] if any(countryFrom['drzavaPrejemnika'].str.contains(query.upper())): countryTo = countryFrom.loc[(trans.drzavaPrejemnika == query.upper())] companyPrint = countryTo.prejemnik allSums = getSum(companyPrint, countryTo) for i in companyPrint: sumCountry = countryTo[countryTo['prejemnik'] == i]['znesek'].sum() address = countryFrom[countryTo['prejemnik'] == i]['sedezPrejemnika'] addressPrint = np.unique(address, return_index=False) getReason = countryTo[countryTo['prejemnik'] == i]['namenNakazila'] comma = intWithCommas(sumCountry) test = me.addEntity("Maltego.Phrase", i) #test.addProperty('value','Sum transfer: ','strict', sumCountry) #test.setLinkColor('0xFF0000') test.addAdditionalFields("value", "Sum transfer EUR:", True, str(comma)) for j in addressPrint: test.addAdditionalFields("Address", "Address:", True, j) #test.addAdditionalFields("value", "Reason: ", True, getReason) else: me.addUIMessage("Country not in the list") return me
def CedulaToNombrei88y_d8rr(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("i88y-d8rr", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cedula'] == cedula): nombres = r[i]['nombre'] apellidos = r[i]['apellidos'] full = nombres + " " + apellidos break ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombres) ent.addAdditionalFields("person.lastname", "Surname", True, apellidos) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToPuestoDeVotacion(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value #cedula='1026585665' website = 'wsp.registraduria.gov.co/estadodocs/resultadobusqueda.php?cedula=' #port = m.getVar('ports') #port = port.split(',') #ssl = m.getVar('website.ssl-enabled') try: url = 'https://' + website + cedula html = requests.get(url).text soup = BeautifulSoup(html, 'html.parser') #print r.text.encode('utf-8') res = soup.findAll("table", {"class": "tabla_solicitud"}) lista = [] for i in res: lista = i.find_all('b') direccion = str(lista[1]) departamento = str(lista[2]) direccion = direccion.replace("<b>", "").replace("</b>", "") departamento = departamento.replace("<b>", "").replace("</b>", "") ent = TRX.addEntity('eci.LugarExpedicion', direccion) ent.addAdditionalFields("properity.eci.departamento", "Departamento", True, departamento) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def NombreToCargo(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("2gvv-khi3", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['nombre'] == nombre.upper()) : cargo=r[i]['cargo'] direccion = r[i]['direccion'] email=r[i]['email'] telefono=r[i]['telefono'] break ent=TRX.addEntity('eci.Cargo', cargo) ent.addAdditionalFields("properity.direccion", "Direccion", True, direccion) ent.addAdditionalFields("properity.email", "Email", True, email) ent.addAdditionalFields("properity.telefono", "Telefono", True, telefono) except Exception as e: TRX.addUIMessage("Nombre no encontrado en la base de datos") TRX.returnOutput()
def CedulaToConsejal(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) cedula = m.Value #cedula=sys.argv[1] #cedula = '91457340' try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cc'] == cedula): genero = r[i]['genero'] partido = r[i]['partido_politico'] municipio = r[i]['municipio'] nombre_concejal = r[i]['nombre_concejal'] break ent = TRX.addEntity('eci.Consejal', nombre_concejal) ent.addAdditionalFields("properity.genero", "Genero", True, genero) ent.addAdditionalFields("properity.partido", "Partido", True, partido) ent.addAdditionalFields("properity.municipio", "Municipio", True, municipio) ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") return TRX.returnOutput()
def PersonToTelefonoDireccionCorreo_6kcx_kbuk(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6kcx-kbuk", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == nombre): cc = r[i]['doc_identidad'] partido = r[i]['partido_politico'] celular = r[i]['celular'] correo = r[i]['correo_electronico'] break ent = TRX.addEntity('maltego.EmailAddress', correo) ent1 = TRX.addEntity('maltego.PhoneNumber', celular) ent1.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido) ent3 = TRX.addEntity('eci.Cedula', cc) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def PersonToDireccion(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("3ard-sj8g", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre_prestador'] == nombre): dir = r[i]['nombre_concejal'] barrio = r[i]['barrio'] l = r[i]['localizacion']['coordinates'] break ent = TRX.addEntity('maltego.Location', dir) ent.addAdditionalFields("country", "Country", True, "Colombia") ent.addAdditionalFields("location.area", "Area", True, barrio) ent.addAdditionalFields("streetaddress", "Street Address", True, dir) ent.addAdditionalFields("longitude", "Longitude", True, l[0]) ent.addAdditionalFields("latitude", "Latituded", True, l[1]) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def EmailToTelefonoDirection_6hgq_bdxw(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #email=sys.argv[1] email = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6hgq-bdxw", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): correos = r[i]['correo_electronico'] correos = correos.split(";") if (email in correos): telefono = r[i]['telefonos'] dir = r[i]['direccion'] break ent = TRX.addEntity('maltego.PhoneNumber', telefono) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('maltego.Location', dir) ent2.addAdditionalFields("country", "Country", True, "Colombia") ent2.addAdditionalFields("streetaddress", "Street Address", True, dir) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def returnSuccess(etype,value,event=None, mt=None): if not mt: mt = MaltegoTransform() if event: mt.addUIMessage("[Info] Successful entry of %s with value %s into event %s" % (etype, value, event)) else: mt.addUIMessage("[Info] Successful entry of %s with ID %s" % (etype, value)) mt.returnOutput()
def selectEvent(eventID): s = shelve.open(eventDB) s['id'] = eventID s['age'] = datetime.today() s.close() mt = MaltegoTransform() mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID) mt.returnOutput()
def new_transform(arg): m = MaltegoTransform() url = 'http://10.1.99.250:8125/api/v1.0/%s' % arg try: r = requests.get(url) j = r.json() print j except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def returnSuccess(etype, value, event=None, mt=None): if not mt: mt = MaltegoTransform() if event: mt.addUIMessage( "[Info] Successful entry of %s with value %s into event %s" % (etype, value, event)) else: mt.addUIMessage("[Info] Successful entry of %s with ID %s" % (etype, value)) mt.returnOutput()
def new_transform(arg): m = MaltegoTransform() url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.IPv4Address', i['ipaddr']) ent.addAdditionalFields('workspace', 'Workspace ID', True, arg) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def createEvent(eventName): mt = MaltegoTransform() mt.addUIMessage("[Info] Creating event with the name %s" % eventName) event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName,None,MISP_EVENT_PUBLISH) eid = event['Event']['id'] einfo = event['Event']['info'] eorgc = event['Event']['orgc_id'] me = MaltegoEntity('maltego.MISPEvent',eid); me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid ) me.addAdditionalFields('Org', 'Org', False, eorgc) me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo) mt.addEntityToMessage(me); returnSuccess("event", eid, None, mt)
def CorreoToPersonDireccionTelefono_mk5f_bdwx(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #email=sys.argv[1] email = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['correo_electronico'] == email): celular = r[i]['celular'] direccion = r[i]['direccion'] celular2 = r[i]['telefonos'] barrio = r[i]['municipio'] nombre = r[i]['nombre'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[ 2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent2 = TRX.addEntity('maltego.PhoneNumber', celular) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent3 = TRX.addEntity('maltego.PhoneNumber', celular2) ent3.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def new_transform(arg): m = MaltegoTransform() m.parseArguments(arg) ip = m.getVar('ipv4-address') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.AS', i['asn']) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def createEvent(eventName): mt = MaltegoTransform() mt.addUIMessage("[Info] Creating event with the name %s" % eventName) event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName, None, MISP_EVENT_PUBLISH) eid = event['Event']['id'] einfo = event['Event']['info'] eorgc = event['Event']['orgc_id'] me = MaltegoEntity('maltego.MISPEvent', eid) me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid) me.addAdditionalFields('Org', 'Org', False, eorgc) me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo) mt.addEntityToMessage(me) returnSuccess("event", eid, None, mt)
def TelefonoToCorreoDireccionPerson_6kcx_kbuk(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #telefono=sys.argv[1] telefono=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6kcx-kbuk", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['celular'] == telefono) : cc=r[i]['doc_identidad'] nombre=r[i]['nombre_concejal'] partido=r[i]['partido_politico'] correo_electronico= r[i]['correo_electronico'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico) ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido) ent3 = TRX.addEntity('eci.Cedula', cc) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToPartidoPolitico(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula=m.Value partido="" try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['cc'] == cedula) : partido = r[i]['partido_politico'] break ent=TRX.addEntity('eciescuelaing.PartidoPolitico', partido) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CorreoToTelefonoPerson_u5mc_hpr6(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #correo=sys.argv[1] correo = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['correo_electr_nico'] == correo): nombre = r[i]['nombre'] telefono = r[i]['celular'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[ 2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent2 = TRX.addEntity('maltego.PhoneNumber', telefono) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToDiscapacidadh2wr_su56(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("h2wr-su56", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): tempid = r[i]['identificacion'].replace(",", "") tempid = tempid.replace(".", "") tempid = tempid.replace("T.I.", "") tempid = tempid.replace("NUIP ", "") if (tempid == cedula): direccion = r[i]['direccion'] discapacidad = r[i]['discapacidad'] fecha = r[i]['fecha_de_nacimiento'] nombres = r[i]['nombres_y_apellidos'] break ent = TRX.addEntity('maltego.Person', nombres) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombres) ent.addAdditionalFields("person.lastname", "Surname", True, "") ent2 = TRX.addEntity('eci.Discapacidad', discapacidad) ent2.addAdditionalFields("fechaNacimiento", "Born Date", True, fecha) ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, "") ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Nombre no encontrado en la base de datos") TRX.returnOutput()
def new_transform(arg): emails = [] m = MaltegoTransform() m.parseArguments(arg) domain = m.getVar('fqdn') ip = m.getVar('ipaddr') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: if domain in i['domain']: for x in i['data']['emails']: if x not in emails: emails.append(x) for t in emails: ent = m.addEntity('maltego.EmailAddress', t) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def CedulaToNombreDireccionTelefonoxbrx_42kw(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("xbrx-42kw", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['documento_de_identidad'] == cedula): barrio = r[i]['barrio'] direccion = r[i]['direcci_n'] nombre = r[i]['nombres'] telefono = r[i]['tel_fono'] break ent = TRX.addEntity('maltego.Person', nombre) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombre) ent.addAdditionalFields("person.lastname", "Surname", True, "") ent2 = TRX.addEntity('maltego.PhoneNumber', telefono) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToLocationConsejal(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cc'] == cedula): municipio = r[i]['municipio'] break ent = TRX.addEntity('maltego.Location', municipio) ent.addAdditionalFields("country", "Country", True, "Colombia") ent.addAdditionalFields("area", "Area", True, municipio) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def PersonToCorreoDireccionTelefono_mk5f_bdwx(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == nombre): celular = r[i]['celular'] correo_electronico = r[i]['correo_electronico'] direccion = r[i]['direccion'] celular2 = r[i]['telefonos'] barrio = r[i]['municipio'] break ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico) ent2 = TRX.addEntity('maltego.PhoneNumber', celular) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent3 = TRX.addEntity('maltego.PhoneNumber', celular2) ent3.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def createEvent(eventName): mt = MaltegoTransform() mt.addUIMessage("[Info] Creating event with the name %s" % eventName) mispevent = MISPEvent() mispevent.analysis = MISP_ANALYSIS mispevent.date = datetime.now() mispevent.distribution = MISP_DISTRIBUTION mispevent.info = eventName mispevent.threat_level_id = MISP_THREAT mispevent.published = MISP_EVENT_PUBLISH event = misp.add_event(mispevent) eid = event['Event']['id'] einfo = event['Event']['info'] eorgc = event['Event']['orgc_id'] me = MaltegoEntity('maltego.MISPEvent', eid) me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid) me.addAdditionalFields('Org', 'Org', False, eorgc) me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo) mt.addEntityToMessage(me) returnSuccess("event", eid, None, mt)
def PersonToTelefono(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("3ard-sj8g", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre_prestador'] == nombre): telefono = r[i]['telefono'] break ent = TRX.addEntity('maltego.PhoneNumber', telefono) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
#!/usr/bin/python # Get Instance Information from MaltegoTransform import * import sys import boto3 mt = MaltegoTransform() mt.parseArguments(sys.argv) REGION = mt.getVar('RegionName') instance_id = mt.getVar('InstanceId') mt.addUIMessage("Region: " + REGION) mt.addUIMessage("Instance: " + instance_id) # Get Instance Info try: client = boto3.resource('ec2', region_name=REGION) instance_info = client.Instance(id=instance_id) ent = mt.addEntity('matterasmus.AmazonEC2InstanceType', str(instance_info.instance_type)) ent.addAdditionalFields("InstanceType", "Instance Type", True, str(instance_info.instance_type)) ent = mt.addEntity('matterasmus.AmazonEC2Key', str(instance_info.key_name)) ent.addAdditionalFields("InstanceAccessKey", "Access Key", True, str(instance_info.key_name)) ent = mt.addEntity('matterasmus.AmazonEC2Subnet', str(instance_info.subnet_id)) ent.addAdditionalFields("variable", "Subnet ID", True, str(instance_info.subnet_id)) # Get VPC Information vpc_info = client.Vpc(id=instance_info.vpc_id) ent = mt.addEntity('matterasmus.AmazonEC2VPC', str(vpc_info.cidr_block)) ent.addAdditionalFields("VpcId", "VPC ID", True, str(instance_info.vpc_id)) ent.addAdditionalFields("IPv4Address", "CIDR Block", True, str(vpc_info.cidr_block)) ent = mt.addEntity('maltego.IPv4Address', str(instance_info.private_ip_address))
m = MaltegoTransform() repoName = sys.argv[1] def get_captcha(driver, element, path): chrome_options = Options() driver = None try: driver = webdriver.Chrome(executable_path=os.path.abspath("chromedriver.exe"), chrome_options=chrome_options) driver.get("https://www.google.com") except Exception as e: driver = webdriver.Chrome(executable_path=os.path.abspath("chromedriver"), chrome_options=chrome_options) driver.get("https://www.google.com") barraBusqueda = driver.find_element_by_name("q") barraBusqueda.send_keys("github") barraBusqueda.send_keys(Keys.ENTER) buscarGITHUB = driver.find_element_by_id("nqsbq") buscarGITHUB.send_keys(repoName) buscarGITHUB.send_keys(Keys.ENTER) link = driver.find_element_by_partial_link_text(repoName) link.click() linkRepos = driver.find_element_by_xpath("//span[@class='Counter']") m.addUIMessage(linkRepos.text) m.returnOutput() driver.quit()
if __name__ == "__main__": # Type of entity (1=IP, 2=Domain, 3=File) entity_type = sys.argv[1] query = "" value = "" if entity_type == 'ip' or entity_type == 'domain': # Query query = sys.argv[2] # Entity value value = sys.argv[3] else: # Entity value value = sys.argv[2] # Maltego Transform object me = MaltegoTransform() me.addUIMessage("[INFO] Querying VirusTotal...") me.addUIMessage("[INFO] Input entity type: %s..." % entity_type) me.addUIMessage("[INFO] Value: %s..." % value) me.addUIMessage("[INFO] Query: %s..." % query) # To Maltego entity if entity_type == 'ip': to_entity(query_ip(query, value)) elif entity_type == 'domain': to_entity(query_domain(query, value)) elif entity_type == 'file': query_file(value) me.returnOutput()
#!/usr/bin/python # Get all the instances in our Region from MaltegoTransform import * import sys import boto3 mt = MaltegoTransform() mt.parseArguments(sys.argv) REGION = mt.getVar('RegionName') try: client = boto3.resource('ec2', region_name=REGION) instances = client.instances.all() mt.addUIMessage("Getting instances in " + REGION) for instance in instances: ent = mt.addEntity('matterasmus.AmazonEC2Instance', instance.tags[0].get("Value")) ent.addAdditionalFields("InstanceId", "Instance ID", "strict", str(instance.id)) ent.addAdditionalFields("InstanceType", "Instance Type", "strict", instance.instance_type) ent.addAdditionalFields("KeyName", "Key Name", "strict", instance.key_name) ent.addAdditionalFields("PrivateIp", "Private Ip", "strict", instance.private_ip_address) ent.addAdditionalFields("RegionName", "Region Name", "strict", REGION) ent.addAdditionalFields("InstanceState", "Instance State", True, str(instance.state['Name'])) ent.addAdditionalFields("LaunchDate", "Launch Date", True, str(instance.launch_time)) else: mt.addUIMessage("Completed.") except Exception as e: mt.addUIMessage(str(e)) mt.returnOutput()
port = port.split(',') ssl = m.getVar('website.ssl-enabled') robots = [] try: for c in port: if ssl == 'true': url = 'https://' + website + ':' + str(c) + '/robots.txt' r = requests.get(url) if r.status_code == 200: robots = str(r.text).split('\n') for i in robots: ent = m.addEntity('maltego.Phrase', i) ent.addAdditionalFields("url","Original URL",True,url) else: m.addUIMessage("No Robots.txt found..") else: url = 'http://' + website + ':' + str(c) + '/robots.txt' r = requests.get(url) if r.status_code == 200: robots = str(r.text).split('\n') for i in robots: ent = m.addEntity('maltego.Phrase', i) ent.addAdditionalFields("url","Original URL",True,url) else: m.addUIMessage("No Robots.txt found..") except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
from init import load_credentials creds = load_credentials() REGION = creds[2] m = MaltegoTransform() # TODO: Is there a better way to do this ? try: conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1]) reservations = conn.get_all_instances() for i in reservations: group_nums = len(i.instances[0].groups) for z in range(group_nums): group_id = i.instances[0].groups[z].id sg_name = conn.get_all_security_groups(group_ids=group_id)[0] sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1]) ent.addAdditionalFields("SecurityGroup", "Group ID", "strict", str(group_id)) rule_nums = len(sec_rules) m.addUIMessage("Completed.") except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
response = urllib2.urlopen(url) html = response.read() for line in html.split("\r"): if "," in line: l = line.strip() type = l.split(",")[0] value = l.split(",")[1] reference = l.split(",")[2] if type == "DOMAIN": m.addEntity("maltego.Domain", value) if type == "IP": m.addEntity("maltego.IPv4Address", value) if type == "MD5": m.addEntity("malformity.Hash", value) if type == "EMAIL": m.addEntity("maltego.EmailAddress", value) return if __name__ == "__main__": m = MaltegoTransform() m.addUIMessage("[INFO] Enriching malware name via ThreatCrowd") try: main() except Exception as e: m.addUIMessage("[Error] " + str(e)) m.returnOutput()
# rather than as a separate entity import sys import shodan from api_key import load_key from MaltegoTransform import * API_KEY = load_key() api = shodan.Shodan(API_KEY) m = MaltegoTransform() m.parseArguments(sys.argv) try: host = api.host(sys.argv[1]) if len(host) == 0: m.addUIMessage('No data in Shodan') else: data = host['data'] portentity = m.addEntity('maltego.IPv4Address', str(sys.argv[1])) for i, ports in enumerate(data): port = host['data'][i]['port'] banner = host['data'][i]['data'] port_data = str(port) + ":" + str(banner) port_banner_data = portentity.addAdditionalFields(str(port), "Port:Banner", True, str(port_data)) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def main(): mt = MaltegoTransform() if len(sys.argv) != 5: mt.addException("You appear to be missing your uid and secret. Here is what was in your path: {s}".format( s=sys.argv)) mt.throwExceptions() sha1 = sys.argv[3] censys_uid = sys.argv[1] censys_secret = sys.argv[2] auth = (censys_uid, censys_secret) page = 1 query = {'query': '443.https.tls.certificate.parsed.fingerprint_sha1: \"{s}\"'.format(s=sha1), 'fields': ['ip', '443.https.tls.certificate.parsed.subject.common_name', '443.https.tls.certificate.parsed.issuer.common_name', 'updated_at'], 'page': page} try: request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query), auth=auth) if request.status_code == 200: results = request.json() pages = results['metadata']['pages'] if results['metadata']['count'] > 0: process_results(results['results'], mt) if pages > 1 > 4: mt.addUIMessage("Found more than one page. Getting up to the first 100 results") for i in range(2, 5): page = i query['page'] = page request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query), auth=auth) if request.status_code == 200: results = request.json() if results['metadata']['count'] > 0: process_results(results['results'], mt) else: if request.status_code == 400: results = request.json() mt.addException(str(results['error'])) if request.status_code == 429: results = request.json() mt.addException(str(results['error'])) if request.status_code == 404: mt.addException("No info found") if request.status_code == 500: mt.addException("There has been a server error!!!") if pages < 5 > 1: for i in range(2, pages): page = i query['page'] = page request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query), auth=auth) if request.status_code == 200: results = request.json() if results['metadata']['count'] > 0: process_results(results['results'], mt) else: if request.status_code == 400: results = request.json() mt.addException(str(results['error'])) if request.status_code == 429: results = request.json() mt.addException(str(results['error'])) if request.status_code == 404: mt.addException("No info found") if request.status_code == 500: mt.addException("There has been a server error!!!") else: mt.addUIMessage("No IP addresses found with this ssl cert") mt.returnOutput() else: if request.status_code == 400: results = request.json() mt.addException(str(results['error'])) if request.status_code == 429: results = request.json() mt.addException(str(results['error'])) if request.status_code == 404: mt.addException("No info found") if request.status_code == 500: mt.addException("There has been a server error!!!") mt.throwExceptions() except requests.exceptions.RequestException as e: mt.addException(str(e)) mt.throwExceptions()
ent = m.addEntity('matterasmus.AmazonEC2Subnet', str(instance[0].subnet_id)) ent.addAdditionalFields("variable", "Subnet ID", True, str(instance[0].subnet_id)) ent = m.addEntity('matterasmus.AmazonEC2VPC', str(instance[0].vpc_id)) ent.addAdditionalFields("variable", "VPC ID", True, str(instance[0].vpc_id)) ent = m.addEntity('maltego.IPv4Address', str(instance[0].ip_address)) ent.addAdditionalFields("variable", "IP Address", True, str(instance[0].ip_address)) ent = m.addEntity('maltego.IPv4Address', str(instance[0].private_ip_address)) ent.addAdditionalFields("variable", "Private IP Address", True, str(instance[0].private_ip_address)) ent = m.addEntity('matterasmus.AmazonEC2Platform', str(instance[0].platform)) ent.addAdditionalFields("variable", "Platform", True, str(instance[0].platform)) ent = m.addEntity('matterasmus.AmazonEC2LaunchTime', str(instance[0].launch_time)) ent.addAdditionalFields("variable", "Launch Time", True, str(instance[0].launch_time)) ent = m.addEntity('matterasmus.AmazonEC2Key', str(instance[0].key_name)) ent.addAdditionalFields("variable", "SSH Key", True, str(instance[0].key_name)) # Get Security Group Information group_nums = len(instance[0].groups) group_id = instance[0].groups[0].id sg_name = conn.get_all_security_groups(group_ids=group_id)[0] sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1]) ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id)) m.addUIMessage("Completed: Instance Info Fetch") else: pass else: m.addUIMessage("Completed") except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
# Maltego tranform to get FBID from MaltegoTransform import * import requests import sys from bs4 import BeautifulSoup m = MaltegoTransform() m.parseArguments(sys.argv) try: url = "http://www.findmyfbid.com/" post_data = "https://www.facebook.com/" + sys.argv[1] user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0" headers = {'User-Agent': user_agent} req = requests.post(url, headers=headers, data = { "url": post_data}) html_data = req.text soup = BeautifulSoup(html_data, 'html.parser') resp = str(soup.code) ugly1 = resp.split(">") ugly2 = ugly1[1].split("<") if resp == "<code>https://www.facebook.com</code>": m.addUIMessage("No ID found :(") else: m.addEntity('maltego.phrase', ugly2[0]) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
root = Tkinter.Tk() root.lift() root.withdraw() sys.stderr.write("Click the Python icon to select a file.") csvfilename = tkFileDialog.askopenfilename() data = csv.DictReader(open(csvfilename), delimiter=',',fieldnames=('Event Id','Event Type','Event Title','Start Time','End Time','Precision','Count','First Published Time','Last Published Time','Sample Fragment','Entities','Locations','Source Count','Positive Sentiment','Negative Sentiment')) next(data) for row in data: event = row['Event Type']+"-"+row['Event Id'] rfevent = mt.addEntity("recfut.RFEvent",event); rfevent.addAdditionalFields("eid","Event ID",False,row['Event Id']); rfevent.addAdditionalFields("etype","Event Type",False,row['Event Type']); rfevent.addAdditionalFields("title","Event Title",False,row['Event Title']); rfevent.addAdditionalFields("starttime","Start Time",False,row['Start Time']); rfevent.addAdditionalFields("stoptime","Stop Time",False,row['End Time']); rfevent.addAdditionalFields("fragment","Fragment",False,row['Sample Fragment']); rfevent.addAdditionalFields("precision","Precision",False,row['Precision']); rfevent.addAdditionalFields("count","Count",False,row['Count']); rfevent.addAdditionalFields("firstpublished","First Published",False,row['First Published Time']); rfevent.addAdditionalFields("lastpublished","Last Published",False,row['Last Published Time']); rfevent.addAdditionalFields("sourcecount","Source Count",False,row['Source Count']); rfevent.addAdditionalFields("pos_sentiment","Positive Sentiment",False,row['Positive Sentiment']); rfevent.addAdditionalFields("neg_sentiment","Negative Sentiment",False,row['Negative Sentiment']); mt.addUIMessage("RF event load completed!") mt.returnOutput()
found_pulse = getPulse(general_result) if found_pulse != '': m.addEntity("otx.OTXPulse", found_pulse) malware_result = otx.get_indicator_details_by_section(IndicatorTypes.IPv4, ip, 'malware') pdns_result = otx.get_indicator_details_by_section(IndicatorTypes.IPv4, ip, 'passive_dns') added_ips = 0 if 'passive_dns' in pdns_result: for pdns in pdns_result['passive_dns']: added_ips +=1 # Dont add too many IPs if fast flux etc if added_ips < 50: hostname = pdns['hostname'] m.addEntity("maltego.Domain", hostname) if 'data' in malware_result: for malware in malware_result['data']: hash = malware['hash'] m.addEntity("maltego.Hash", hash) return if __name__ == '__main__': m = MaltegoTransform() m.addUIMessage("[INFO] Enriching IP via OTX") try: main() except Exception as e: m.addUIMessage("[Error] " + str(e) + '\n' + traceback.format_exc()) m.returnOutput()
for line in html.split('\r'): if "," in line: l = line.strip() type = l.split(',')[0] value = l.split(',')[1] reference = l.split(',')[2] if type == "Domain": m.addEntity("maltego.Domain", value) if type == "IP": m.addEntity("maltego.IPv4Address", value) if type == "MD5": m.addEntity("malformity.Hash", value) if type == "EMAIL": m.addEntity("maltego.EmailAddress", value) return if __name__ == '__main__': m = MaltegoTransform() m.addUIMessage("[INFO] Enriching domain via ThreatCrowd") try: main() except Exception as e: m.addUIMessage("[Error] " + str(e)) m.returnOutput()
internetresource = ''.join(("organisation:", sys.argv[2])) elif sys.argv[1] == "MNT": internetresource = ''.join(("mntner:", sys.argv[2])) else: argument = sys.argv[1] argumentList = argument.split('#') ipaddress = argumentList[0].split('=') internetresource = argumentList[0] try: url = "https://stat.ripe.net/data/historical-whois/data.json?resource=" + internetresource response = json.loads(urllib2.urlopen(url).read()) except: m = MaltegoTransform() m.addUIMessage( "There was an issue fetching the WHOIS data:" + internetresource, "Inform") m.returnOutput() sys.exit(0) try: amountVersions = response['data']['num_versions'] startVersion = response['data']['versions'][0]['version'] - response[ 'data']['num_versions'] + 1 except: m = MaltegoTransform() m.addUIMessage( "There was an issue with the WHOIS response. Likely the authoritative resource information is not held in the RIPE Database.", "Inform") m.returnOutput() sys.exit(0)
# Get Shodan results for our host import sys import shodan from api_key import load_key from MaltegoTransform import * API_KEY = load_key() api = shodan.Shodan(API_KEY) m = MaltegoTransform() m.parseArguments(sys.argv) try: host = api.host(sys.argv[1]) if len(host) == 0: m.addUIMessage('No data in Shodan') else: open_ports = host['ports'] for port in open_ports: m.addEntity('undeadsecurity.Port', str(port)) m.addEntity('maltego.company', host.get('isp')) hostnames = host.get('hostnames') for hosts in hostnames: m.addEntity('maltego.DNSName', str(hosts)) m.addEntity('maltego.Location', host.get('country_name')) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
import sys import urllib2 import json from MaltegoTransform import * HIBP = "https://haveibeenpwned.com/api/breachedaccount/" mt = MaltegoTransform() mt.parseArguments(sys.argv) email = mt.getValue() mt = MaltegoTransform() getrequrl = HIBP + email try: response = urllib2.urlopen(getrequrl) data = json.load(response) response = data for rep in response: mt.addEntity("maltego.Phrase","Pwned at " + rep) except urllib2.URLError, e: # "Response Codes" within https://haveibeenpwned.com/API/v1 if e.code == 400: mt.addUIMessage("The e-mail account does not comply with an acceptable format",messageType="PartialError") if e.code == 404: UIMessage = email + " could not be found and has therefore not been pwned" mt.addUIMessage(UIMessage,messageType="Inform") mt.returnOutput()