def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(cookies.c.client_mac==mac) #s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL. s = select([cookies.c.host], and_(*filters)) logging.debug(s) logging.debug(mac) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for domain in results: domain = illegal_xml_re.sub('', domain) NewEnt=TRX.addEntity("maltego.Domain", domain) NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain) NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac) TRX.returnOutput()
def main(argv): if argv[1] == "caseyso": namesList = ["bobbyo", "jjc", "alf", "courtp"] elif argv[1] == "jjc": namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"] elif argv[1] == "alf": namesList = ["mrclean", "jjc", "alf", "courtp", "joe"] elif argv[1] == "bobbyo": namesList = ["jjc", "caseyso", "brat322"] else: users = twitterSearch.getFollowers(argv[1]) if DEBUG: print users searchString = "" for i in range(len(users["users"])): searchString += str(users["users"][i]["id"]) + "," if DEBUG: print searchString[:-1] names = twitterSearch.idToUsername(searchString[:-1]) namesList = [] for name in names: namesList.append(name["screen_name"]) if DEBUG: print namesList mt = MaltegoTransform() for user_name in namesList: if DEBUG: print user_name mt.addEntity("maltego.Twit", user_name) mt.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip==ip) s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() #logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for res in results: logging.debug(res) url, cookies = res #logging.debug(cookies) NewEnt=TRX.addEntity("maltego.URL", url) NewEnt.addAdditionalFields("url","URL", "strict",url) TRX.returnOutput()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() # reading samples table ... c.execute("SELECT * FROM samples") found = c.fetchall() if found is not None: for i in range(0, len(found)): # adding Sample entity name = found[i][2] me.addEntity("ran2.Sample", name) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") me.returnOutput() conn.commit() c.close()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip==ip) s = select([weblogs.c.useragent], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for ua in results: logging.debug(ua) if str(ua).find('None') < 1: NewEnt=TRX.addEntity("snoopy.useragent", str(ua)) NewEnt.addAdditionalFields("ip","Client IP", "strict",ip) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters.append(ssids.c.mac==mac) s = select([ssids.c.ssid], and_(*filters)) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for ssid in results: #ssid = b64decode(ssid) ssid=escape(ssid) ssid = illegal_xml_re.sub('', ssid) if not ssid.isspace() and ssid: NewEnt=TRX.addEntity("snoopy.SSID", ssid) NewEnt.addAdditionalFields("properties.ssid","ssid", "strict",ssid) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend((cookies.c.client_mac==mac, cookies.c.baseDomain==domain)) s = select([cookies.c.name, cookies.c.value], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for cookie in results: logging.debug(cookie) name, value = cookie NewEnt=TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value","Value", "strict",value) NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain) NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. # s = select([proxs.c.drone], and_(*filters)).distinct() s = select([sess.c.drone], and_(*filters)).distinct() logging.debug(filters) logging.debug(s) r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() for drone in results: logging.debug(drone) NewEnt=TRX.addEntity("snoopy.Drone", drone) NewEnt.addAdditionalFields("properties.drone","drone", "strict",drone) NewEnt.addAdditionalFields("start_time", "start_time", "strict", start_time) NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time) #NewEnt.addAdditionalFields("drone", "drone", "strict", drone) #NewEnt.addAdditionalFields("location", "location", "strict", location) TRX.returnOutput()
def parsereport(page): xform = MaltegoTransform() try: try: single = page.find(text='To mark the presence in the system, the following Mutex object was created:').findNext('ul').li.text except: single = None try: multiple = page.find(text='To mark the presence in the system, the following Mutex objects were created:').findNext('ul') except: multiple = None if single is not None: entity = xform.addEntity("maltego.IPv4Address", single) if multiple is not None: for mutex in multiple.findAll('li'): entity = xform.addEntity("maltego.Phrase", mutex.text) elif multiple is not None: for mutex in multiple.findAll('li'): entity = xform.addEntity("maltego.Phrase", mutex.text) else: sys.exit("No Mutexes Reported") except: sys.exit("Error finding Mutexes.") xform.returnOutput()
def returnSuccess(etype,value,event=None, mt=None): if not mt: mt = MaltegoTransform() if event: mt.addUIMessage("[Info] Successful entry of %s with value %s into event %s" % (etype, value, event)) else: mt.addUIMessage("[Info] Successful entry of %s with ID %s" % (etype, value)) mt.returnOutput()
def selectEvent(eventID): s = shelve.open(eventDB) s['id'] = eventID s['age'] = datetime.today() s.close() mt = MaltegoTransform() mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID) mt.returnOutput()
def main(argv): myURLs = LinkedIn(sys.argv[1]) mt = MaltegoTransform(); for urls in myURLs: mt.addEntity("maltego.Alias", urls) mt.returnOutput()
def main(): filters.append(wigle.c.ssid == ssid) filters.append(wigle.c.overflow == 0) s = select([wigle], and_(*filters)).distinct().limit(limit) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for address in results: if len(results) > 20: break #ssid = b64decode(ssid) #ssid=escape(ssid) #ssid = illegal_xml_re.sub('', ssid) logging.debug(type(address)) street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address['lat']),str(address['long'])) street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long'])) map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long'])) flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper() #NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8')) NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8')) NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8')) NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8')) NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8')) NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat'])) NewEnt.addAdditionalFields("long","long", "strict", str(address['long'])) NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8')) NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode']) NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8')) NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8')) NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid']) NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8')) NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8')) NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url) NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2) #NewEnt.setIconURL(flag_img) logging.debug(street_view_url1) NewEnt.setIconURL(street_view_url1) NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view") NewEnt.addDisplayInformation("one","two") #try: TRX.returnOutput()
def parsereport(page): xform = MaltegoTransform() table = page.find("div", {"id" : "network_hosts"}).findNext('table') elements = table.findAll('td', {"class" : "row"}) for element in elements: text = element.find(text=True) entity = xform.addEntity("maltego.IPv4Address", text) xform.returnOutput()
def parsereport(page): xform = MaltegoTransform() try: for element in page.findAll(text=re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")): entity = xform.addEntity("maltego.IPv4Address", element) except: sys.exit("Report contains no IPs.") xform.returnOutput()
def main(): # open database and create a cursor object # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): # print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide an ip_addr!") sys.exit() else: input = sys.argv[1].split("=") if len(input) == 2: ip_addr = input[1] else: ip_addr = input[0] if ip_addr != "": ip = ip_addr.split(".") ip_addr = ip[0] + "." + ip[1] + "." + ip[2] input = '"%' + ip_addr + '%"' sql1 = "SELECT * FROM ip where ip_addr like " + input # checking database, ip table c.execute(sql1) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): source = found1[i][2] ip_addr = found1[i][5] # adding entity IP Entity if ip_addr != "" and ip_addr != sys.argv[1]: entity = MaltegoEntity() entity.setType("maltego.IPv4Address") entity.setValue(ip_addr) entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080") me.addEntityToMessage(entity) else: # print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def new_transform(arg): m = MaltegoTransform() url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.IPv4Address', i['ipaddr']) ent.addAdditionalFields('workspace', 'Workspace ID', True, arg) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) global TRX ip = TRX.getVar("properties.client_ip") if TRX.getVar("client_ip"): ip = TRX.getVar("client_ip") domain = TRX.getVar("domain") filters = [] if ip: filters.append(sslstrip.c.client == ip) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.key, sslstrip.c.value], and_(*filters)).distinct() results = db.execute(s).fetchall() for res in results: key, value = res NewEnt = TRX.addEntity("snoopy.sslstripResult", key) NewEnt.addAdditionalFields("key", "key", "strict", value) NewEnt.addAdditionalFields("value", "Value", "strict", value) TRX.returnOutput() # Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip)) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters)) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() illegal_xml_re = re.compile(u"[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]") for res in results: domain, client_mac, client_ip = res NewEnt = TRX.addEntity("snoopy.Site", domain) NewEnt.addAdditionalFields("domain", "domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac) NewEnt.addAdditionalFields("client_ip", "Client IP", "strict", client_ip) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. #db.echo=True #Need to implement outer join at some point: # s=select([cookies.c.client_mac]).outerjoin(vends, cookies.c.client_mac == vends.c.mac) #Outer join sl = select([leases.c.mac, leases.c.hostname]).distinct() lease_list = dict ( db.execute(sl).fetchall() ) #filters.append(cookies.c.client_mac == vends.c.mac) # Replaced with JOIN j = cookies.outerjoin(vends, cookies.c.client_mac == vends.c.mac) s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)).select_from(j).distinct() logging.debug(s) #s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)) if ssid: nfilters=[] nfilters.append(ssids.c.ssid == ssid) nfilters.append(ssids.c.mac == vends.c.mac) s = select([ssids.c.mac,vends.c.vendor, vends.c.vendorLong], and_(*nfilters)) #logging.debug(s) #s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(cookies.c.client_mac == vends.c.mac, cookies.c.num_probes>1 ) ).distinct() cwdF = [cookies.c.run_id == sess.c.run_id] cw = select([cookies.c.client_mac], and_(*cwdF)) logging.debug(cw) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() for mac,vendor,vendorLong in results: hostname = lease_list.get(mac) if hostname: NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,hostname)) else: NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,mac[6:])) NewEnt.addAdditionalFields("mac","mac address", "strict",mac) NewEnt.addAdditionalFields("vendor","vendor", "nostrict", vendor) NewEnt.addAdditionalFields("vendorLong","vendorLong", "nostrict", vendorLong) TRX.returnOutput()
def metasearch(query): m = MaltegoTransform() for page in range(1, settings.MAX_PAGES): url = '{0}{1}&format=json&pageno={2}'.format(settings.SEARX, query, page) response = requests.post(url).json() for r in response['results']: ent = m.addEntity('maltego.URL', r['url']) ent.addAdditionalFields('url', 'URL', True, r['url']) if r.get('title'): ent.addAdditionalFields('title', 'Title', True, r['title']) if r.get('content'): ent.addAdditionalFields('content', 'Content', True, r['content']) m.returnOutput()
def new_transform(arg): m = MaltegoTransform() m.parseArguments(arg) ip = m.getVar('ipv4-address') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.AS', i['asn']) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def CedulaToConsejal(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) cedula = m.Value #cedula=sys.argv[1] #cedula = '91457340' try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cc'] == cedula): genero = r[i]['genero'] partido = r[i]['partido_politico'] municipio = r[i]['municipio'] nombre_concejal = r[i]['nombre_concejal'] break ent = TRX.addEntity('eci.Consejal', nombre_concejal) ent.addAdditionalFields("properity.genero", "Genero", True, genero) ent.addAdditionalFields("properity.partido", "Partido", True, partido) ent.addAdditionalFields("properity.municipio", "Municipio", True, municipio) ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") return TRX.returnOutput()
def uriToI3visioEntities(argv): ''' Method that obtains all the entities in a given profile. :param argv: the serialized entity. :return: Nothing is returned but the code of the entities is created. ''' me = MaltegoTransform() #me.parseArguments(argv); uri = sys.argv[1] # Trying to recover all the possible i3visio entities found_fields = {} import urllib2 data = urllib2.urlopen(uri).read() entities = processing.getEntitiesByRegexp(data=data) # This returns a dictionary like the following: """ [{ 'attributes': [], 'type': 'i3visio.sha256', 'value': 'a9b8c5d848205db514d4097d2b78f4528d01a79f39601e0f9c5c40ed689471' }, { 'attributes': [], 'type': 'i3visio.sha256', 'value': 'b28b896e6eeb8d651cacd5f4a4d1490fbe9d05dbc92221609350b0ce7a68e9' }, { 'attributes': [], 'type': 'i3visio.sha256', 'value': 'd727fed4d969b14b28165c75ad12d7dddd56c0198fa70cedc3fdad7ac395b2' }, { 'attributes': [], 'type': 'i3visio.sha256', 'value': '3e9a2204fcfc6f7dde250e61ca35353411880024102cba14a0bd45f05f1e74' }] """ #print json.dumps(entities, indent=2) for elem in entities: newEnt = me.addEntity(elem["type"], elem["value"]) newEnt.addAdditionalFields("i3visio.attributes", "i3visio.attributes", True, str(elem["attributes"])) # Returning the output text... me.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip == ip) s = select([weblogs.c.host, weblogs.c.path, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for res in results: #logging.debug(res) host, path, cookies = res logging.debug(host) #logging.debug(path) logging.debug(cookies) if len(cookies) > 2: foo = cookies.split(", ") for cookie in foo: name, value = cookie.split(": ") name = name.split('"')[1] value = value.split('"')[1] logging.debug(name) logging.debug(value) NewEnt = TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value", "Value", "strict", value) NewEnt.addAdditionalFields("fqdn", "Domain", "strict", host) #NewEnt.addAdditionalFields("path","Path", "strict",path) NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip) TRX.returnOutput()
def main(argv): url = sys.argv[1]; html = urllib.urlopen(url).read() emails = collectAllEmail(html) #print emails #myfile = open('emails.csv', 'wb') #wr = csv.writer(myfile, quoting=csv.QUOTE_ALL) #wr.writerow(emails) mt = MaltegoTransform(); for email in emails: mt.addEntity("maltego.EmailAddress", email) mt.returnOutput()
def main(argv): url = sys.argv[1] html = urllib.urlopen(url).read() emails = collectAllEmail(html) #print emails #myfile = open('emails.csv', 'wb') #wr = csv.writer(myfile, quoting=csv.QUOTE_ALL) #wr.writerow(emails) mt = MaltegoTransform() for email in emails: mt.addEntity("maltego.EmailAddress", email) mt.returnOutput()
def main(): parser = argparse.ArgumentParser(description="Jumpstart Maltego graph of C2 infrastructure off domain or IP.", epilog="spidermal.py -l paloaltonetworks.com -s 2014-09-12 -e 2015-12-1 -r 2 -o pan.mgtx -a PT") parser.add_argument("-s", "--start", help="Start date for range; \"YYYY-MM-DD\".", metavar="YYYY-MM-DD") parser.add_argument("-e", "--end", help="End date for range; \"YYYY-MM-DD\".", metavar="YYYY-MM-DD") parser.add_argument("-l", "--lookup", help="Value you start search with.", required=True, metavar="IP|DOMAIN") parser.add_argument("-o", "--out", help="Output file name (will append \"mtgx\" if not present.", default="malgraph.mtgx", metavar="filename.mtgx") parser.add_argument("-r", "--recurse", help="Number of levels to recurse. Default is 1; be careful with hosting sites.", default=1, metavar="LEVEL") parser.add_argument("-a", "--api", help="Choose API to use. Default is PassiveTotal.", default="PT", choices=["PT"]) parser.add_argument("-t", "--transform", help="Run in Maltego Transform mode (run from inside Maltego client).", action="store_true") parser.add_argument("-v", "--verbose", help="Print additional data (tags/class/dynamic fields).", action="store_true") args, unknown = parser.parse_known_args() # Make sure to collect the unknown arguments since Maltego will pass them in "#" format global verbose verbose = args.verbose target_start = datetime.date(1970, 1, 1) # Default start date for range target_end = datetime.date.today() # Default end date for range if args.transform == True: if transform == 0: # Check to make sure the MaltegoTransform.py file is there, otherwise notify user within Maltego print """<MaltegoMessage><MaltegoTransformResponseMessage><Entities></Entities><UIMessages><UIMessage MessageType="FatalError">MaltegoTransform.py Module Not Found!</UIMessage></UIMessages></MaltegoTransformResponseMessage></MaltegoMessage>""" sys.exit() unknownargs = unknown[0].split("#") # Peel off any dates sent by Maltego in the "Before" or "After" fields for argument in unknownargs: if argument.startswith("After"): target_start = date_convert(argument.split("=")[1], "user") elif argument.startswith("Before"): target_end = date_convert(argument.split("=")[1], "user") else: pass global maltrans # Build maltego transform to pipe data back if transform is selected maltrans = MaltegoTransform() final_list, type = api_query(args.lookup, target_start, target_end, "1", "PT", args.transform) build_maltego(final_list, type, str(target_start), str(target_end)) maltrans.returnOutput() else: if args.start: target_start = date_convert(args.start, "user") if args.end: target_end = date_convert(args.end, "user") print "[+] Begining search for", args.lookup, "using", args.api, "API between", str(target_start), "and", str(target_end) + "." final_list, type = api_query(args.lookup, target_start, target_end, args.recurse, args.api, args.transform) print "[+] Finished API queries." print "[+] Building graph (nodes/edges)." build_graph(final_list, args.out) print "[+] Building Maltego file named", args.out + "." zip_file(args.out)
def TelefonoToCorreoDireccionPerson_6kcx_kbuk(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #telefono=sys.argv[1] telefono=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6kcx-kbuk", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['celular'] == telefono) : cc=r[i]['doc_identidad'] nombre=r[i]['nombre_concejal'] partido=r[i]['partido_politico'] correo_electronico= r[i]['correo_electronico'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico) ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido) ent3 = TRX.addEntity('eci.Cedula', cc) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def TelefonoToCorreoDireccionPerson_mk5f_bdwx(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #telefono=sys.argv[1] telefono=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['celular'] == telefono or r[i]['telefonos'] == telefono) : nombre=r[i]['nombre'] correo_electronico= r[i]['correo_electronico'] direccion=r[i]['direccion'] barrio=r[i]['municipio'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico) ent4 = m.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def handleNessusScanEntity(entityValue="", properties=""): global allHosts global pluginIncludeList nessusFiles = [] pluginfilter = "" fileStr = None #parse calling entity properties nessusScanProps = properties.split("#") for prop in nessusScanProps: if NESSUSSCANPATHPROP in prop: nessusScansDirProp = prop.split("=") if len(nessusScansDirProp) > 1: fileStr = sanitize(nessusScansDirProp[1], [("\\\\", "\\")]) if "pluginfilter" in prop: pluginFilterProp = prop.split("=") if len(pluginFilterProp) > 1: pluginfilter = pluginFilterProp[1] #prompt user for nessus files if not already specified fileStr, nessusFiles = getNessusScanFiles(fileStr) #prompt user for user for plugin selections if len(pluginfilter) < 1: parseNessus(nessusFiles, GATHERPLUGINMODE) data = getSelectedPlugins() for plugin in data: pluginIncludeList.append(plugin[0]) else: pluginIncludeList = eval(pluginfilter) #start creation of Maltego message MaltegoMessage = MaltegoTransform() #ensure properties of calling entity updated ent = MaltegoMessage.addEntity("securifera.NessusScan", entityValue) ent.addProperty(NESSUSSCANPATHPROP, NESSUSSCANPATHPROPDIS, value=fileStr) ent.addProperty("pluginfilter", "PluginFilter", value=str(pluginIncludeList)) #parse files for IPv4Address entity creation parseNessus(nessusFiles, IPENTITYMODE) for host in allHosts: host.addCustomProperty( EntityProperty(NESSUSSCANPATHPROP, "NessusPath", fileStr)) host.addCustomProperty( EntityProperty("includelist", "IncludeList", str(pluginIncludeList))) host.addEntity(MaltegoMessage) xmlStr = MaltegoMessage.returnOutput() return xmlStr
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip==ip) s = select([weblogs.c.host, weblogs.c.path, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for res in results: #logging.debug(res) host, path, cookies = res logging.debug(host) #logging.debug(path) logging.debug(cookies) if len(cookies) > 2: foo = cookies.split(", ") for cookie in foo: name, value = cookie.split(": ") name = name.split('"')[1] value = value.split('"')[1] logging.debug(name) logging.debug(value) NewEnt=TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value","Value", "strict",value) NewEnt.addAdditionalFields("fqdn","Domain", "strict",host) #NewEnt.addAdditionalFields("path","Path", "strict",path) NewEnt.addAdditionalFields("ip","Client IP", "strict",ip) TRX.returnOutput()
def expandPropertiesFromI3visioEntity(argv): ''' Method that expands the properties from a given i3visio entity. It is useful to create new Entities based on the contents of the properties. :param argv: the serialized entity. :return: Nothing is returned but the code of the entities is created. ''' me = MaltegoTransform() me.parseArguments(argv) # Trying to recover all the possible i3visio entities found_fields = {} for entity in constants.I3VISIO_ENTITIES: found_fields[entity] = me.getVar(entity) # All the possible fields must be written down here... # iterating through the possible i3visio entities for field in found_fields.keys(): if found_fields[field] != None: newEnt = me.addEntity(field, str(found_fields[field])) #newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat] + "</p>"); #newEnt.addAdditionalFields("i3visio.platform","Platform name",True,plat) try: # Adding new entities observing the attributes tab: attributes = me.getVar("attributes") #print attributes attJson = json.loads(attributes) #print attJson for att in attJson: #print att newEnt = me.addEntity(str(att["type"]), str(att["value"])) #newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat] + "</p>"); newEnt.addAdditionalFields("attributes", "attributes", True, str(att["attributes"])) except: pass # Getting the output text #maltegoText = me.getOutput() # Returning the output text... me.returnOutput()
def main(argv): url = sys.argv[1]; html = urllib.urlopen(url).read() emails = collectAllEmail(html) #print emails #myfile = open('emails.csv', 'wb') #wr = csv.writer(myfile, quoting=csv.QUOTE_ALL) #wr.writerow(emails) mt = MaltegoTransform(); for email in emails: index = email.find('@'); alias = email[:index] mt.addEntity("maltego.Alias", alias) mt.returnOutput()
def CedulaToPartidoPolitico(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula=m.Value partido="" try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['cc'] == cedula) : partido = r[i]['partido_politico'] break ent=TRX.addEntity('eciescuelaing.PartidoPolitico', partido) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToDiscapacidadh2wr_su56(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("h2wr-su56", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): tempid = r[i]['identificacion'].replace(",", "") tempid = tempid.replace(".", "") tempid = tempid.replace("T.I.", "") tempid = tempid.replace("NUIP ", "") if (tempid == cedula): direccion = r[i]['direccion'] discapacidad = r[i]['discapacidad'] fecha = r[i]['fecha_de_nacimiento'] nombres = r[i]['nombres_y_apellidos'] break ent = TRX.addEntity('maltego.Person', nombres) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombres) ent.addAdditionalFields("person.lastname", "Surname", True, "") ent2 = TRX.addEntity('eci.Discapacidad', discapacidad) ent2.addAdditionalFields("fechaNacimiento", "Born Date", True, fecha) ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, "") ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Nombre no encontrado en la base de datos") TRX.returnOutput()
def CorreoToTelefonoPerson_u5mc_hpr6(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #correo=sys.argv[1] correo = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['correo_electr_nico'] == correo): nombre = r[i]['nombre'] telefono = r[i]['celular'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[ 2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent2 = TRX.addEntity('maltego.PhoneNumber', telefono) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def new_transform(arg): emails = [] m = MaltegoTransform() m.parseArguments(arg) domain = m.getVar('fqdn') ip = m.getVar('ipaddr') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: if domain in i['domain']: for x in i['data']['emails']: if x not in emails: emails.append(x) for t in emails: ent = m.addEntity('maltego.EmailAddress', t) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def aliasToSkypeAccounts(query=None): ''' Method that checks if the given email is stored in the HIBP website. :param query: query to verify. ''' me = MaltegoTransform() jsonData = skype.checkInSkype(query=query) # This returns a dictionary like: # [{}] #print json.dumps(entities, indent=2) for user in jsonData: newEnt = me.addEntity("i3visio.profile","skype://" +str(user["i3visio.alias"])) aliasEnt = me.addEntity("i3visio.alias",user["i3visio.alias"]) newEnt.setDisplayInformation("<h3>" + user["i3visio.alias"] +"</h3><p>");# + json.dumps(user, sort_keys=True, indent=2) + "!</p>"); for field in user.keys(): if field != "i3visio.alias": # [TO-DO] Appending all the information from the json: if field == "i3visio.aliases": listAliases = [user["i3visio.alias"]] listAliases += user[field] # in this case, this is a list for alias in user[field]: aliasEnt = me.addEntity("i3visio.alias",alias.encode('utf-8')) elif user[field] != None: try: newEnt.addAdditionalFields(field,field,True,str(user[field]).encode('utf-8')) except: # Something passed... pass # Returning the output text... me.returnOutput()
def CedulaToNombreDireccionTelefonoxbrx_42kw(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("xbrx-42kw", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['documento_de_identidad'] == cedula): barrio = r[i]['barrio'] direccion = r[i]['direcci_n'] nombre = r[i]['nombres'] telefono = r[i]['tel_fono'] break ent = TRX.addEntity('maltego.Person', nombre) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombre) ent.addAdditionalFields("person.lastname", "Surname", True, "") ent2 = TRX.addEntity('maltego.PhoneNumber', telefono) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def CedulaToLocationConsejal(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cc'] == cedula): municipio = r[i]['municipio'] break ent = TRX.addEntity('maltego.Location', municipio) ent.addAdditionalFields("country", "Country", True, "Colombia") ent.addAdditionalFields("area", "Area", True, municipio) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def PersonToCorreoDireccionTelefono_mk5f_bdwx(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == nombre): celular = r[i]['celular'] correo_electronico = r[i]['correo_electronico'] direccion = r[i]['direccion'] celular2 = r[i]['telefonos'] barrio = r[i]['municipio'] break ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico) ent2 = TRX.addEntity('maltego.PhoneNumber', celular) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent3 = TRX.addEntity('maltego.PhoneNumber', celular2) ent3.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def emailToSkypeAccount(query=None): ''' Method that checks if the given email is appears in Skype. :param query: query to verify. ''' me = MaltegoTransform() jsonData = skype.checkInSkype(query=query) # This returns a dictionary like: # [{}] #print json.dumps(entities, indent=2) for user in jsonData: newEnt = me.addEntity("i3visio.profile", "skype://" + str(user["i3visio.alias"])) # From v0.3.1 and ongoing versions, the i3visio.alias is not created directly but appended to the profile. #aliasEnt = me.addEntity("i3visio.alias",user["i3visio.alias"]) newEnt.setDisplayInformation("<h3>" + user["i3visio.alias"] + "</h3><p>") # + json.dumps(user, sort_keys=True, indent=2) + "!</p>"); for field in user.keys(): # [TO-DO] Appending all the information from the json: if user[field] != None: try: newEnt.addAdditionalFields( field, field, True, str(user[field]).encode('utf-8')) except: # Something passed... pass # Returning the output text... me.returnOutput()
def PersonToTelefono(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("3ard-sj8g", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre_prestador'] == nombre): telefono = r[i]['telefono'] break ent = TRX.addEntity('maltego.PhoneNumber', telefono) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
# Remove header value host.remove('host') # Adding new Host entities and properties. for a in host: ent = me.addEntity("munk.Host",a) ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A') # If status is set, ping the server and set the bookmark color based on response. if status == "1": try: status = subprocess.check_output('ping -c 1 ' + a, shell=True) if "bytes from" in status: ent.addAdditionalFields('bookmark#','Bookmark','',"1") elif "cannot" in status: ent.addAdditionalFields('bookmark#','Bookmark','',"4") except subprocess.CalledProcessError, e: ent.addAdditionalFields('bookmark#','Bookmark','',"4") else: pass # Return Maltego Output me.returnOutput()
' earliest=' + timeframe + ' | table sourcetype | dedup sourcetype" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True) # Regex to find Sourcetype sourcetype = re.findall(r'.+', output) sourcetypes = [] for i in sourcetype: if i[0] == '"': sourcetypes.append(i[1:-1]) else: sourcetypes.append(i) # Remove header value sourcetypes.remove('sourcetype') # Adding new Sourcetype entities and properties. for source in sourcetypes: ent = me.addEntity("munk.Sourcetype", source) ent.addAdditionalFields('link#maltego.link.color', 'LinkColor', '', '0x86B34A') # Return Maltego Output me.returnOutput()
# Get Shodan results for our host import sys import shodan from api_key import load_key from MaltegoTransform import * API_KEY = load_key() api = shodan.Shodan(API_KEY) m = MaltegoTransform() m.parseArguments(sys.argv) try: host = api.host(sys.argv[1]) if len(host) == 0: m.addUIMessage('No data in Shodan') else: open_ports = host['ports'] for port in open_ports: m.addEntity('undeadsecurity.Port', str(port)) m.addEntity('maltego.company', host.get('isp')) hostnames = host.get('hostnames') for hosts in hostnames: m.addEntity('maltego.DNSName', str(hosts)) m.addEntity('maltego.Location', host.get('country_name')) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
#!/usr/bin/env python import sys import urllib2 from MaltegoTransform import * mt = MaltegoTransform() mt.parseArguments(sys.argv) SearchString = mt.getValue() mt = MaltegoTransform() url = 'http://api.predator.wtf/resolver/?arguments='+SearchString ipaddress = urllib2.urlopen(url).read() mt.addEntity("maltego.IPv4Address",ipaddress) mt.returnOutput()
robots = [] try: for c in port: if ssl == 'true': url = 'https://' + website + ':' + str(c) + '/robots.txt' r = requests.get(url) if r.status_code == 200: robots = str(r.text).split('\n') for i in robots: ent = m.addEntity('maltego.Phrase', i) ent.addAdditionalFields("url","Original URL",True,url) else: m.addUIMessage("No Robots.txt found..") else: url = 'http://' + website + ':' + str(c) + '/robots.txt' r = requests.get(url) if r.status_code == 200: robots = str(r.text).split('\n') for i in robots: ent = m.addEntity('maltego.Phrase', i) ent.addAdditionalFields("url","Original URL",True,url) else: m.addUIMessage("No Robots.txt found..") except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fabaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'IP') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("jc.ip", entry) ## Edit HEre e.addAdditionalFields("CSV File", filepath, True, filepath) MT.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre e.addAdditionalFields("CSV File",filepath,True,filepath) MT.returnOutput()
from MaltegoTransform import * import json, requests, base64 from facebook_totem import * id = str(sys.argv).split("id=")[1].split("#category")[0] trx = MaltegoTransform() for ad in getAdsFromId(id): poost = trx.addEntity("megadose.FacebookAdsPosts", ad["adArchiveID"]) jsoovalue = str(json.dumps(ad)) b64value = str(base64.b64encode(jsoovalue.encode('ascii')).decode("utf-8")) poost.addProperty(fieldName="jsonInfo", value=b64value) print(trx.returnOutput())
def main(): # open database and create a cursor object # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: email = input[1] else: email = input[0] e = email.split('@') input = '"%' + e[1] + '%"' sql1 = "SELECT * FROM whois where email like " + input sql2 = "SELECT * FROM passive_whois where email like " + input # checking database, whois table c.execute(sql1) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): domain = found1[i][3] scan_date = found1[i][4] c_date = found1[i][5] registrar = found1[i][6] nameServer = found1[i][7] email = found1[i][8] tel = found1[i][9] registrant = found1[i][10] # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # checking database, passive_whois table c.execute(sql2) found2 = c.fetchall() if found2 is not None: for i in range(0, len(found2)): domain = found2[i][3] scan_date = found2[i][4] c_date = found2[i][5] registrar = found2[i][6] nameServer = found2[i][7] email = found2[i][8] tel = found2[i][9] registrant = found2[i][10] # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def ReCapcha(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedulaTg = sys.argv[1] # cedulaTg = 1026585645 cedulaTg=m.Value nombre = "" def get_captcha(driver, element, path): # now that we have the preliminary stuff out of the way time to get that image :D location = element.location size = element.size # saves screenshot of entire page driver.save_screenshot(path) # uses PIL library to open image in memory image = Image.open(path) left = location['x'] top = location['y'] right = location['x'] + size['width'] bottom = location['y'] + size['height'] image = image.crop((left, top, right, bottom)) # defines crop points image.save(path, 'png') # saves new cropped image try: driver = webdriver.Chrome(executable_path=r"chromedriver.exe") driver.set_window_position(-3000, 0) driver.get("https://antecedentes.policia.gov.co:7005/WebJudicial/index.xhtml") aceptaOption = driver.find_element_by_id("aceptaOption:0") driver.execute_script("arguments[0].click();", aceptaOption) bandera = True while (bandera): try: continuarBtn = driver.find_element_by_name("continuarBtn") continuarBtn.click() bandera = False except Exception: m.addUIMessage("Cedula no encontrada en la base de datos1") bandera = True while (bandera): try: cedula = driver.find_element_by_id("cedulaInput") cedula.send_keys(cedulaTg) bandera = False except Exception: m.addUIMessage("Cedula no encontrada en la base de datos2") time.sleep(2) # driver.switch_to.default_content() image = driver.find_elements_by_xpath("//img[@id='capimg']")[0] get_captcha(driver, image, "captcha.png") window = tk.Tk() window.title("Enter Captcha") window.geometry("140x120") window.configure(background='grey') path = "captcha.png" # Creates a Tkinter-compatible photo image, which can be used everywhere Tkinter expects an image object. img = ImageTk.PhotoImage(Image.open(path)) # The Label widget is a standard Tkinter widget used to display a text or image on the screen. panel = tk.Label(window, image=img).grid(row=0) # The Pack geometry manager packs widgets in rows or columns. # panel.pack(side = "bottom", fill = "both", expand = "yes") e1 = tk.Entry(window) e1.grid(row=1, column=0) tk.Button(window, text='Aceptar', command=window.quit).grid(row=3, column=0, pady=4) # Start the GUI window.mainloop() textcaptcha = driver.find_element_by_id("textcaptcha") textcaptcha.send_keys(e1.get()) bandera = True while (bandera): try: j_idt20 = driver.find_element_by_name("j_idt20") j_idt20.click() bandera = False except Exception: m.addUIMessage("Cedula no encontrada en la base de datos3") bandera = True while (bandera): try: nombre = driver.find_elements_by_xpath('.//span[@id = "form:mensajeCiudadano"]/b')[2].text antecedentes = driver.find_elements_by_xpath('.//span[@id = "form:mensajeCiudadano"]/b')[3].text bandera = False except Exception: TRX.addUIMessage('Cedula no encontrada4') ent = TRX.addEntity('eci.AntecedentesPersonales', antecedentes.encode('utf8')) ent.addAdditionalFields("properity.eci.nombre", "Nombre", True, nombre.encode('utf8')) except Exception: TRX.addUIMessage("Cedula no encontrada en la base de datos") driver.quit() TRX.returnOutput()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: registrant = input[1] else: registrant = input[0] # checking database, whois table c.execute("SELECT * FROM whois where registrant=?", ((registrant), )) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): domain = found1[i][3] scan_date = found1[i][4] c_date = found1[i][5] registrar = found1[i][6] nameServer = found1[i][7] email = found1[i][8] tel = found1[i][9] registrant = found1[i][10] # adding entity domain if domain != '': entity = MaltegoEntity() entity.setType("maltego.Domain") entity.setValue(domain) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # adding entity nameServer if nameServer != '': entity = MaltegoEntity() entity.setType("maltego.NSRecord") entity.setValue(nameServer) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # checking database, passive_whois table c.execute("SELECT * FROM passive_whois where registrant=?", ((registrant), )) found2 = c.fetchall() if found2 is not None: for i in range(0, len(found2)): domain = found2[i][3] scan_date = found2[i][4] c_date = found2[i][5] registrar = found2[i][6] nameServer = found2[i][7] email = found2[i][8] tel = found2[i][9] registrant = found2[i][10] # adding entity domain if domain != '': entity = MaltegoEntity() entity.setType("maltego.Domain") entity.setValue(domain) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # adding entity nameServer if nameServer != '': entity = MaltegoEntity() entity.setType("maltego.NSRecord") entity.setValue(nameServer) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
#!/usr/bin/python ''' Easy example of core functions Just dumps every single line of a text file into entities ''' import os, sys, time from MaltegoTransform import * m_ent = MaltegoTransform() m_ent.parseArguments(sys.argv) # add logic here to pull from higher entities site_array = "bu.edu" # take in multiple sites if one wants file_name = "site_listing.txt" os_pass = ("nslookup " + site_array + ">>" + file_name) os.system(os_pass) count = 0 f = open(file_name) for line in f: me_ip = m_ent.addEntity("the_ip", "IP: " + line.strip()) me_ip = "DNS ADDRESS" # cascading logic...value that will be pulled by lower transforms f.close() #os.system("rm " + file_name) m_ent.returnOutput()