def new_transform(arg): m = MaltegoTransform() m.parseArguments(arg) ip = m.getVar('ipv4-address') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.AS', i['asn']) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def new_transform(arg): emails = [] m = MaltegoTransform() m.parseArguments(arg) domain = m.getVar('fqdn') ip = m.getVar('ipaddr') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: if domain in i['domain']: for x in i['data']['emails']: if x not in emails: emails.append(x) for t in emails: ent = m.addEntity('maltego.EmailAddress', t) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) TRX = MaltegoTransform() TRX.parseArguments(sys.argv) lat = float(TRX.getVar("latitude")) lng = float(TRX.getVar("longitude")) address = TRX.getVar("longaddress") logging.debug(lat) logging.debug(address) try: f = open("wigle_creds.txt", "r") user, passw, email,proxy = f.readline().strip().split(":") except Exception, e: print "ERROR: Unable to read Wigle user & pass, email (and optional proxy) from wigle_creds.txt" print e exit(-1)
username = config.get('credentials', 'username') password = config.get('credentials', 'password') auth = config.get('splunk','auth') searchhead = config.get('splunk','searchhead') timeframe = config.get('splunk', 'timeframe') status = config.get('splunk', 'status') management = config.get('splunk', 'management') proxy = config.get('splunk', 'proxy') proxy_ip = config.get('splunk','proxy_ip') proxy_port = config.get('splunk', 'proxy_port') # Setting up Maltego entities and getting initial variables. me = MaltegoTransform() me.parseArguments(sys.argv) sourcetype = sys.argv[1] hostip = me.getVar("host") # Determine which REST call to make based on authentication setting. if auth == "1": if proxy == "1": output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True) else: output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True) else: if proxy == "1": output = subprocess.check_output('curl -s -k --socks5 ' + proxy_ip + ':' + proxy_port + ' --data-urlencode search="search index=* earliest=' + timeframe + ' sourcetype=' + sourcetype + ' | table host | dedup host" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True) else:
# # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # Written by JC (https://twitter.com/jc_socal) # Copyright 2015 ###################################################################### import sys from MaltegoTransform import * import fa_parser as fa value = sys.argv[1] MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") #############################
from hashlib import sha512 import datetime import random logging.basicConfig(level=logging.DEBUG,filename='/tmp/maltego_logs_bv.txt',format='%(asctime)s %(levelname)s: %(message)s',datefmt='%Y-%m-%d %H:%M:%S') bv_User = "******" bv_Pass = "******" bv_URL = "https://yourBroadViewAPI" makeHuman = False humanSalt = "saltIsGoodOnBurgers" def randIP(): ip = "x.x." + ".".join(map(str, (random.randint(0, 255) for _ in range(2)))) return ip ignoreAccounts = [] #Any BroadView/MVS accounts to ignore api_service = "http://172.16.29.195:5000/api/v1/query" #Point to AyePeeEye.py service TRX = MaltegoTransform() TRX.parseArguments(sys.argv) logging.debug(sys.argv) client = bvapi.Client(url=bv_URL, user=bv_User, password=bv_Pass) status = client.status() if 'status' not in status or status['status'] != 'success': logging.error("Bad Status: '%s'" % str(status)) exit(-1)
#!/usr/bin/python ################# # NMAP VULN TOOL# ################# import os, sys from MaltegoTransform import * m_ent = MaltegoTransform() m_ent.parseArguments(sys.argv) banner_grab = m_ent.getVar("banner") open_grab = m_ent.getVar("opening") if open_grab == "open": me_add = m_ent.addEntity("Banner", banner_grab) me_add.setType("jf.SuperFunTransforms") m_ent.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) TRX = MaltegoTransform() TRX.parseArguments(sys.argv) # ssid = TRX.getVar("ssid") logging.debug(ssid) logging.debug(type(ssid)) user = TRX.getVar("wigleUser") passw = TRX.getVar("wiglePass") email = TRX.getVar("wigleEmail") proxy = TRX.getVar("wigleProxy") if not user or not passw or not email: print "ERROR: Please supply Wigle credentials in the 'Property View' on the right --->" exit(-1) wig = Wigle(user, passw, email, proxy) if not wig.login(): print "ERROR: Unable to login to Wigle with supplied wigle creds. Please check them." exit(-1) locations = wig.lookupSSID(ssid) if "error" in locations: print "ERROR: Unable to query Wigle. Perhaps your IP/user is shunned. Error was '%s'" % locations exit(-1) for address in locations: if len(locations) > 20: break # ssid = b64decode(ssid) # ssid=escape(ssid) # ssid = illegal_xml_re.sub('', ssid) logging.debug(type(address)) street_view_url1 = ( "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address["lat"]), str(address["long"])) ) street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % ( str(address["lat"]), str(address["long"]), ) map_url = "http://maps.google.com/maps?t=h&q=%s,%s" % (str(address["lat"]), str(address["long"])) flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address["code"]).upper() # NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8')) NewEnt = TRX.addEntity("snoopy.ssidLocation", address["shortaddress"].encode("utf-8")) NewEnt.addAdditionalFields("city", "city", "strict", address["city"].encode("utf-8")) NewEnt.addAdditionalFields("countrycode", "countrycode", "strict", address["code"].encode("utf-8")) NewEnt.addAdditionalFields("country", "country", "strict", address["country"].encode("utf-8")) NewEnt.addAdditionalFields("lat", "lat", "strict", str(address["lat"])) NewEnt.addAdditionalFields("long", "long", "strict", str(address["long"])) NewEnt.addAdditionalFields("longaddress", "longaddress", "strict", address["longaddress"].encode("utf-8")) NewEnt.addAdditionalFields("location.areacode", "Area Code", "strict", address["postcode"]) NewEnt.addAdditionalFields("road", "Road", "strict", address["road"].encode("utf-8")) NewEnt.addAdditionalFields("streetaddress", "streetaddress", "strict", address["shortaddress"].encode("utf-8")) NewEnt.addAdditionalFields("ssid", "SSID", "strict", address["ssid"]) NewEnt.addAdditionalFields("state", "State", "strict", address["state"].encode("utf-8")) NewEnt.addAdditionalFields("area", "Area", "strict", address["suburb"].encode("utf-8")) NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url) NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2) # NewEnt.setIconURL(flag_img) logging.debug(street_view_url1) NewEnt.setIconURL(street_view_url1) NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view") TRX.returnOutput()
#!/usr/bin/python from MaltegoTransform import * import sys import urllib2 import re mt = MaltegoTransform() mt.parseArguments(sys.argv) domain = mt.getValue() url = "http://safeweb.norton.com/heartbleed?url=www." getrequrl = url + domain try: response = urllib2.urlopen(getrequrl) ser = re.search(r'is vulnerable', response.read()) if ser: print "a" mt.addEntity("maltego.Phrase", "HeartBleed Vulnerable") except: print "" mt.returnOutput()
import sys from MaltegoTransform import * import fa_parser as fa value = sys.argv[1] MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'Remote IP') ## Edit Here #################### ## Submit Results ##
#!/usr/bin/python # -*- coding: utf-8 -*- from MaltegoTransform import * from ttp import ttp import sys # Description: Locally extract hashtags from Tweets # Installation: http://dev.paterva.com/developer/getting_started/building_your_own_local_transform.php # Author: Michael Henriksen (@michenriksen) transform = MaltegoTransform() transform.parseArguments(sys.argv) tweet = transform.getVar("content").decode('utf-8') parser = ttp.Parser() parsed_tweet = parser.parse(tweet) for hashtag in parsed_tweet.tags: hashtag = "#" + hashtag transform.addEntity("maltego.hashtag", hashtag) transform.returnOutput()
#!/usr/bin/python ####################################################### # Maltego NMAP integration script # # # # # # Andrew MacPherson [ andrew <<at>> Paterva.com ] # # # ####################################################### import os,sys,time from MaltegoTransform import * me = MaltegoTransform(); me.parseArguments(sys.argv); ports = me.getVar("ports"); target = me.getValue(); fn = target + "-version"; if (ports == None): me.addUIMessage("No ports found, please do a portscan first!"); me.returnOutput(); exit(); nmapCMD = "nmap --version-light -oG " + fn + " -sV -PN -p" + ports + " " + target + ">"+fn+".stdout" me.debug("running " + nmapCMD); os.system(nmapCMD); try: if (os.path.exists(fn) == False): me.debug("File not found, please make sure another scan is not currently running. (windows limitation)"); me.returnOutput(); exit(); f = open(fn)
exit(-1) f = open("/etc/transforms/db_path.conf") dbms = f.readline().strip() try: db = create_engine(dbms) #db.echo = True metadata = MetaData(db) metadata.reflect() except Exception, e: print "ERROR: Unable to communicate with DB specified in /etc/transforms/db_path.txt ('%s'). Error was '%s'" % ( dbms, str(e)) exit(-1) TRX = MaltegoTransform() TRX.parseArguments(sys.argv) start_time = "2000-01-01 00:00:00.0" end_time = "2037-01-01 00:00:00.0" drone, location, mac, ssid, domain, observation = (None, ) * 6 filters = [] mtk = metadata.tables['mtk'] users = metadata.tables['users'] sess = metadata.tables['sessions'] #Hack to know if we're local or TDS #Option One, TDS (this should be made into the new TRX): if len(sys.argv) < 2: from Maltego import *