def __init__(self, credentials):
self.__ipv4 = CensysIPv4(api_id=credentials.api_id,
api_secret=credentials.secret)
self.__certificate = CensysCertificates(api_id=credentials.api_id,
api_secret=credentials.secret)
self.__websites = CensysWebsites(api_id=credentials.api_id,
api_secret=credentials.secret)
def __init__(
self,
api_id=DefaultValues.CENSYS_API_ID,
api_secret=DefaultValues.CENSYS_API_SECRET,
):
try:
self.api = CensysIPv4(api_id=api_id, api_secret=api_secret)
except CensysUnauthorizedException as api_error:
print(f"Censys API error: {api_error}")
self.results: list = []
self.censys_results_count: int = 0
self.search_fields = [
"ip",
"location.country",
"location.latitude",
"location.longitude",
"ports",
"protocols",
]
self.convert_dict = {
"ip": "ip",
"location.country": "country",
"location.latitude": "lat",
"location.longitude": "lng",
"ports": "port",
"protocols": "proto",
}
def search_ip_for_certificate(value):
"""
A generator that uses the Census IPv4 API to identify all currently resolving IP addresses for a certificate value.
:param value: The certificate value for which to search
:return: The IP addresses
:raises LookupException: If there was an error performing the lookup
"""
try:
api = CensysIPv4(api_id=settings.CENSYS_API_ID, api_secret=settings.CENSYS_API_SECRET)
logger.info("Searching for certificate value: %s", value)
total = 0
for result in api.search(query=_escape_censys_value(value), fields=["ip"]):
total += 1
yield result["ip"]
logger.info("Found %d total result(s) for certificate value: %s", total, value)
except censys.base.CensysRateLimitExceededException as e:
msg = "Censys rate limit exceeded"
logger.exception(msg)
raise LookupException(msg, e) from e
except censys.base.CensysUnauthorizedException as e:
msg = "Censys authorization failed"
logger.exception(msg)
raise LookupException(msg, e) from e
except censys.base.CensysNotFoundException as e:
msg = "Certificate fragment not found in Censys: %s" % value
logger.exception(msg)
raise LookupException(msg, e) from e
except Exception as e:
msg = "Unknown error searching for certificate: %s" % value
logger.exception(msg)
raise LookupException(msg, e) from e
def module_run(self, companies):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [ 'ip', 'protocols',
'443.https.tls.certificate.parsed.names',
'25.smtp.starttls.tls.certificate.parsed.names',
'110.pop3.starttls.tls.certificate.parsed.names',
'location.country', 'location.latitude',
'location.longitude']
for company in companies:
self.heading(company, level=0)
try:
payload = c.search('autonomous_system.name:"{0}"'.format(company), IPV4_FIELDS)
except CensysException:
continue
for result in payload:
names = set(result.get('443.https.tls.certificate.parsed.names', []) +
result.get('25.smtp.starttls.tls.certificate.parsed.names', []) +
result.get('110.pop3.starttls.tls.certificate.parsed.names', []))
if len(names) < 1:
names.add('')
for name in names:
if name.startswith('*.'):
self.insert_domains(domain=name.replace('*.', ''))
continue
self.insert_hosts(ip_address=result['ip'],
host=name,
country=result.get('location.country', ''),
latitude=result.get('location.latitude', ''),
longitude=result.get('location.longitude', ''))
for protocol in result['protocols']:
port, service = protocol.split('/')
self.insert_ports(ip_address=result['ip'], host=name, port=port, protocol=service)
def module_run(self, domains):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [ '443.https.tls.certificate.parsed.subject.organization',
'25.smtp.starttls.tls.certificate.parsed.subject.organization',
'465.smtp.tls.tls.certificate.parsed.subject.organization',
'587.smtp.starttls.tls.certificate.parsed.subject.organization',
'1521.oracle.banner.tls.certificate.parsed.subject.organization',
'3306.mysql.banner.tls.certificate.parsed.subject.organizationn',
'3389.rdp.banner.tls.certificate.parsed.subject.organization',
'5432.postgres.banner.tls.certificate.parsed.subject.organization',
'8883.mqtt.banner.tls.certificate.parsed.subject.organization',]
SEARCH_FIELDS = ['443.https.tls.certificate.parsed.names',
'25.smtp.starttls.tls.certificate.parsed.names',
'110.pop3.starttls.tls.certificate.parsed.names',]
for domain in domains:
self.heading(domain, level=0)
try:
query = 'mx:"{0}" OR '.format(domain) + ' OR '.join([ '{0}:"{1}"'.format(x, domain) for x in SEARCH_FIELDS ])
payload = c.search(query, IPV4_FIELDS)
except CensysException:
continue
for result in payload:
orgs = set()
for k,v in result.items():
if k.endswith('.parsed.subject.organization'):
for org in v:
orgs.add(org)
for org in orgs:
self.insert_companies(company=org)
def module_run(self, netblocks):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'ip', 'protocols', 'location.country', 'location.latitude',
'location.longitude'
]
for netblock in netblocks:
self.heading(netblock, level=0)
try:
payload = c.search('ip:{0}'.format(netblock), IPV4_FIELDS)
except CensysException:
continue
for result in payload:
self.insert_hosts(ip_address=result['ip'],
country=result.get('location.country', ''),
latitude=result.get('location.latitude', ''),
longitude=result.get('location.longitude',
''))
for protocol in result['protocols']:
port, service = protocol.split('/')
self.insert_ports(ip_address=result['ip'],
port=port,
protocol=service)
def module_run(self, companies):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'ip',
'protocols',
'location.country',
'location.latitude',
'location.longitude',
'443.https.tls.certificate.parsed.names',
'25.smtp.starttls.tls.certificate.parsed.names',
'110.pop3.starttls.tls.certificate.parsed.names',
]
SEARCH_FIELDS = [
'443.https.tls.certificate.parsed.subject.organization',
'25.smtp.starttls.tls.certificate.parsed.subject.organization',
'465.smtp.tls.tls.certificate.parsed.subject.organization',
'587.smtp.starttls.tls.certificate.parsed.subject.organization',
'1521.oracle.banner.tls.certificate.parsed.subject.organization',
'3306.mysql.banner.tls.certificate.parsed.subject.organizationn',
'3389.rdp.banner.tls.certificate.parsed.subject.organization',
'5432.postgres.banner.tls.certificate.parsed.subject.organization',
'8883.mqtt.banner.tls.certificate.parsed.subject.organization',
]
for company in companies:
self.heading(company, level=0)
try:
query = ' OR '.join(
['{0}:"{1}"'.format(x, company) for x in SEARCH_FIELDS])
payload = c.search(query, IPV4_FIELDS)
except CensysException:
continue
for result in payload:
names = set()
for k, v in result.items():
if k.endswith('.parsed.names'):
for name in v:
names.add(name)
if len(names) < 1:
# make sure we have at least a blank name
names.add('')
for name in names:
if name.startswith('*.'):
self.add_domains(name.replace('*.', ''))
continue
self.add_hosts(host=name,
ip_address=result['ip'],
country=result.get('location.country', ''),
latitude=result.get('location.latitude',
''),
longitude=result.get(
'location.longitude', ''))
for protocol in result['protocols']:
port, service = protocol.split('/')
self.add_ports(ip_address=result['ip'],
host=name,
port=port,
protocol=service)
def censys_search(censys_query):
terms = ['ip', '80.http.get.metadata.description']
keyfile = open('secrets.txt', 'r')
API_KEY = keyfile.readline().rstrip()
API_SECRET = keyfile.readline().rstrip()
keyfile.close()
censys = CensysIPv4(api_id="API_KEY", api_secret="API_SECRET")
return censys.search(censys_query, fields=terms)
def gather_instances(api_id, api_secret):
api = CensysIPv4(api_id=api_id, api_secret=api_secret)
query = 'protocols:"9200/elasticsearch"'
store = OfflineStore('censys', 'offline')
filename = store._query_to_filename('search', query)
print('Storing results in {}'.format(filename))
with open('offline/data/{}'.format(filename), 'w') as output_file:
results = api.search(query, max_records=1000)
output_file.write(json.dumps(list(results), indent=4))
return results
def search_hosts(self, ip):
"""
Searches for a host using its ipv4 address
:param ip: ipv4 address as string
:type ip: str
:return: dict
"""
c = CensysIPv4(api_id=self.__uid, api_secret=self.__api_key)
return c.view(ip)
def lookup_ip_censys_https(ip):
api_id = settings.CENSYS_API_ID
api_secret = settings.CENSYS_API_SECRET
try:
ip_data = CensysIPv4(api_id=api_id, api_secret=api_secret).view(ip)
return ip_data['443']['https']['tls']['certificate']['parsed']
except KeyError:
return {'status': 404, 'message': "No HTTPS certificate data was found for IP " + ip}
except censys.base.CensysException as ce:
return {'status': ce.status_code, 'message': ce.message}
def port_scan(hostx, censys_id, censys_secret, counter):
c = CensysIPv4(censys_id, censys_secret)
for ip in hostx.resolved_ips:
try:
response = c.view(ip.address)
ip.ports = response["ports"]
counter.ports = counter.ports + len(hostx.ports)
except:
time.sleep(1)
continue
def module_run(self, domains):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'ip',
'protocols',
'location.country',
'location.latitude',
'location.longitude',
]
SEARCH_FIELDS = [
'443.https.tls.certificate.parsed.names',
'25.smtp.starttls.tls.certificate.parsed.names',
'110.pop3.starttls.tls.certificate.parsed.names'
]
for domain in domains:
self.heading(domain, level=0)
try:
query = 'mx:"{0}" OR '.format(domain) + ' OR '.join(
['{0}:"{1}"'.format(x, domain) for x in SEARCH_FIELDS])
payload = c.search(query, IPV4_FIELDS + SEARCH_FIELDS)
except CensysException:
continue
for result in payload:
names = set()
for k, v in result.items():
if k.endswith('.parsed.names'):
for name in v:
names.add(name)
if len(names) < 1:
# make sure we have at least a blank name
names.add('')
for name in names:
if name.startswith('*.'):
self.add_domains(name.replace('*.', ''))
continue
self.add_hosts(host=name,
ip_address=result['ip'],
country=result.get('location.country', ''),
latitude=result.get('location.latitude',
''),
longitude=result.get(
'location.longitude', ''))
for protocol in result['protocols']:
port, service = protocol.split('/')
self.add_ports(ip_address=result['ip'],
host=name,
port=port,
protocol=service)
def search_ipv4(self, search):
"""
Searches for hosts in IPv4 base
:param search:search as string
:type search: str
:return: dict
"""
c = CensysIPv4(api_id=self.__uid, api_secret=self.__api_key)
return [
x for x in c.search(search,
fields=self.__fields,
max_records=self.__max_records,
flatten=self.__flatten)
]
def module_run(self, hosts):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [ 'ip', 'protocols']
for ips in grouper(20, hosts):
try:
results = c.search(' OR '.join([ 'ip:{0}'.format(x) for x in ips ]), IPV4_FIELDS)
except CensysException:
continue
for result in results:
ip = result['ip']
for protocol in result['protocols']:
port, service = protocol.split('/')
self.add_ports(ip_address=ip, port=port, protocol=service)
def CensysIPv4(api_id="", api_secret=""):
"""A simple wrapper that returns either offline Censys data, or a real
Censys client.
To use offline data, set the api_id to "offline".
Arguments:
api_id {str} -- The API ID
api_secret {str} -- The API secret
"""
if api_id == 'offline':
return OfflineIPv4(api_id=api_id, api_secret=api_secret)
from censys.ipv4 import CensysIPv4
return CensysIPv4(api_id=api_id, api_secret=api_secret)
def ipv4_search(domain, api_id, api_secret, ipv4_fields):
ipv4 = CensysIPv4(api_id, api_secret)
results = ipv4.search(domain, fields=ipv4_fields)
ipv4_list = list(results)
res_list = []
for i in range(
len(ipv4_list)): # Remove duplicate domains and append in new list
if ipv4_list[i] not in ipv4_list[i + 1:]:
res_list.append(ipv4_list[i])
with open(domain + '.ipv4.csv', 'w', newline='') as f:
writer = csv.DictWriter(f, ipv4_fields)
writer.writerows(res_list)
print('[+] Results written to csv file: ' + domain + '.ipv4.csv')
def module_run(self):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
query = self.options['censys_query']
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'ip',
'protocols',
'location.country',
'location.latitude',
'location.longitude',
'443.https.tls.certificate.parsed.names',
'25.smtp.starttls.tls.certificate.parsed.names',
'110.pop3.starttls.tls.certificate.parsed.names',
]
try:
payload = list(c.search(query, fields=IPV4_FIELDS))
except CensysException as e:
self.error('Error seen: {0}'.format(e))
return
if len(payload) < 1:
self.alert("No results")
return
for result in payload:
names = set()
for k, v in result.items():
if k.endswith('.parsed.names'):
for name in v:
names.add(name)
if len(names) < 1:
# make sure we have at least a blank name
names.add('')
for name in names:
if name.startswith('*.'):
self.insert_domains(name.replace('*.', ''))
continue
self.insert_hosts(host=name,
ip_address=result['ip'],
country=result.get('location.country', ''),
latitude=result.get('location.latitude', ''),
longitude=result.get('location.longitude',
''))
for protocol in result['protocols']:
port, service = protocol.split('/')
self.insert_ports(ip_address=result['ip'],
host=name,
port=port,
protocol=service)
def censys_grab(ipRange, apis, options):
# ADD - Switch Case for API selection in seperate functions
fName = ipRange + "_report_" + str(date.today()) + ".csv"
fName = re.sub(r'[\\/*?:"<>|]', "_", fName)
ipv4 = CensysIPv4(api_id=UID, api_secret=SECRET)
IPV4_FIELDS = ['ip']
IPV4_FIELDS_TXT = ['ip']
for item in options:
if(item != None):
IPV4_FIELDS_TXT.append(item)
if (item == 'ftp') :
IPV4_FIELDS.append('21.ftp.banner.metadata.description')
if (item == 'ssh') :
IPV4_FIELDS.append('22.ssh.v2.banner.software')
if (item == 'http') :
IPV4_FIELDS.append('80.http.get.metadata.description')
if (item == 'https') :
IPV4_FIELDS.append('443.https.get.metadata.description')
if (item == 'smtp') :
IPV4_FIELDS.append('25.smtp.starttls.metadata.description')
results = list(ipv4.search(ipRange, IPV4_FIELDS, max_records=2000))
# Convert keys in dict
for d in results:
if "21.ftp.banner.metadata.description" in d:
d['ftp'] = d.pop('21.ftp.banner.metadata.description')
if "22.ssh.v2.banner.software" in d:
d['ssh'] = d.pop('22.ssh.v2.banner.software')
if "80.http.get.metadata.description" in d:
d['http'] = d.pop('80.http.get.metadata.description')
if "443.https.get.metadata.description" in d:
d['https'] = d.pop('443.https.get.metadata.description')
if "25.smtp.starttls.metadata.description" in d:
d['smtp'] = d.pop('25.smtp.starttls.metadata.description')
with open(fName, 'w', newline='') as f:
writer = csv.DictWriter(f, IPV4_FIELDS_TXT)
writer.writeheader()
writer.writerows(results)
dbName = re.sub(r'[/]', "_", ipRange)
newCol = db[dbName]
newCol.insert_many(results)
def module_run(self, companies):
"""
search by ASN name using censys, then dump CIDRs from bgpview
"""
# XXX
# we really like to know netnames so we alter the schema ...
try:
self.query('ALTER TABLE netblocks ADD COLUMN netname TEXT')
except:
# probably been here before
pass
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'autonomous_system.description', 'autonomous_system.asn'
]
seen = set()
for company in companies:
self.heading(company, level=0)
try:
query = 'autonomous_system.description: "{0}" OR autonomous_system.name: "{0}"'.format(
company)
payload = c.search(query, IPV4_FIELDS)
except CensysException:
continue
for result in payload:
asn = result.get('autonomous_system.asn', False)
if not asn:
continue
if asn in seen:
continue
else:
seen.add(asn)
bgpview_url = 'https://api.bgpview.io/asn/{0}/prefixes'
routes = self.request('GET',
bgpview_url.format(asn)).json()
for route in routes['data']['ipv4_prefixes']:
self.insert_netblocks(route['prefix'])
# XXX have to do this because we insert this data ourselves
self.query(
'UPDATE netblocks SET netname = "{0}" WHERE netblock = "{1}"'
.format(
result.get('autonomous_system.description',
''), route['prefix']))
def module_run(self, netblocks):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'autonomous_system.name',
]
for netblock in netblocks:
self.heading(netblock, level=0)
try:
# we only need one per netblock since they'll all have the same by ASN
payload = c.search('ip:{0}'.format(netblock),
fields=IPV4_FIELDS,
max_records=2)
except CensysException:
continue
for result in payload:
self.insert_companies(company=result['autonomous_system.name'])
def search_ipv4(self, **kwargs) -> Results:
"""
A method to search the IPv4 data set via the API.
Args:
query (str): The string search query.
fields (list, optional): The fields that should be returned with a query.
overwrite (bool, optional): Whether to overwrite or append default fields
with user fields. Defaults to False.
Returns:
Results: A list of results from the query.
"""
default_fields = [
"updated_at",
"protocols",
"metadata.description",
"autonomous_system.name",
"23.telnet.banner.banner",
"80.http.get.title",
"80.http.get.metadata.description",
"8080.http.get.metadata.description",
"8888.http.get.metadata.description",
"443.https.get.metadata.description",
"443.https.get.title",
"443.https.tls.certificate.parsed.subject_dn",
"443.https.tls.certificate.parsed.names",
"443.https.tls.certificate.parsed.subject.common_name",
"443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names",
]
query = kwargs.get("query", "")
fields = kwargs.get("fields", [])
overwrite = kwargs.get("overwrite", False)
index = CensysIPv4(api_id=self.api_user, api_secret=self.api_pass)
return self._process_search(
query,
index,
self._combine_fields(default_fields, fields, overwrite=overwrite),
)
def module_run(self, companies):
api_id = self.get_key('censysio_id')
api_secret = self.get_key('censysio_secret')
c = CensysIPv4(api_id, api_secret)
IPV4_FIELDS = [
'443.https.tls.certificate.parsed.issuer.email_address',
'25.smtp.starttls.tls.certificate.parsed.issuer.email_address',
'465.smtp.tls.tls.certificate.parsed.issuer.email_address',
'587.smtp.starttls.tls.certificate.parsed.issuer.email_address',
'1521.oracle.banner.tls.certificate.parsed.issuer.email_address',
'3306.mysql.banner.tls.certificate.parsed.issuer.email_addressn',
'3389.rdp.banner.tls.certificate.parsed.issuer.email_address',
'5432.postgres.banner.tls.certificate.parsed.issuer.email_address',
'8883.mqtt.banner.tls.certificate.parsed.issuer.email_address',
]
SEARCH_FIELDS = [
'443.https.tls.certificate.parsed.subject.organization',
'25.smtp.starttls.tls.certificate.parsed.subject.organization',
'465.smtp.tls.tls.certificate.parsed.subject.organization',
'587.smtp.starttls.tls.certificate.parsed.subject.organization',
'1521.oracle.banner.tls.certificate.parsed.subject.organization',
'3306.mysql.banner.tls.certificate.parsed.subject.organizationn',
'3389.rdp.banner.tls.certificate.parsed.subject.organization',
'5432.postgres.banner.tls.certificate.parsed.subject.organization',
'8883.mqtt.banner.tls.certificate.parsed.subject.organization',
]
for company in companies:
self.heading(company, level=0)
try:
query = ' OR '.join(
['{0}:"{1}"'.format(x, company) for x in SEARCH_FIELDS])
payload = c.search(query, IPV4_FIELDS)
except CensysException as e:
self.error('Exception: {0}'.format(e))
continue
for result in payload:
for k, v in result.items():
if k.endswith('.issuer.email_address'):
for e in v:
self.add_contacts(email=e)
def __init__(
self,
api_id: str = DefaultValues.CENSYS_API_ID,
api_secret: str = DefaultValues.CENSYS_API_SECRET,
):
"""
Initialize Censys Search Engine API
:param api_id: Censys ID key
:param api_secret: Censys SECRET key
"""
try:
self.api = CensysIPv4(api_id=api_id, api_secret=api_secret)
except CensysUnauthorizedException as invalid_api_err:
print(f"Censys invalid API keys error: {invalid_api_err}")
except CensysException as api_err:
print(f"Censys API error: {api_err}")
self.results: list = []
self.censys_results_count: int = 0
self.search_fields = [
"ip",
"location.country",
"location.latitude",
"location.longitude",
"ports",
"protocols",
"autonomous_system.name",
]
self.convert_dict = {
"ip": "ip",
"location.country": "country",
"location.latitude": "lat",
"location.longitude": "lng",
"ports": "port",
"protocols": "proto",
"autonomous_system.name": "org",
}
def __init__(self, api_id: str, api_secret: str):
self.index = CensysIPv4(api_id, api_secret)
def censys_search(censys_query):
terms = ['ip', '80.http.get.metadata.description']
censys = CensysIPv4(api_id="", api_secret="")
return censys.search(censys_query, fields=terms)
def __init__(self, data):
self.__ipv4 = CensysIPv4(api_id=data.api_id, api_secret=data.secret)
self.__certificate = CensysCertificates(api_id=data.api_id, api_secret=data.secret)
self.__websites = CensysWebsites(api_id=data.api_id, api_secret=data.secret)
def censys_search(censys_query):
terms = ['ip', '80.http.get.metadata.description']
fileOpen = open('secrets.txt', 'r').read().split(',')
return CensysIPv4(api_id=fileOpen[0],
api_secret=fileOpen[1]).search(censys_query, fields=terms)
def setUpClass(cls):
cls._api = CensysIPv4()
def __init__(self, api_id, api_secret, **kwargs):
logging.basicConfig(filename='censys_maltego_transform.log',
level=logging.DEBUG)
self.max_pages = kwargs.get('max_pages', 1)
self.start_page = kwargs.get('start_pages', 1)
self.connection = {
'ipv4':
CensysIPv4(api_id=api_id, api_secret=api_secret),
'certificates':
CensysCertificates(api_id=api_id, api_secret=api_secret)
}
self.fields = {
'certificate': [
'parsed.names', 'metadata.added_at', 'metadata.seen_in_scan',
'metadata.source', 'metadata.updated_at', 'tags',
'parsed.fingerprint_sha1', 'parsed.fingerprint_sha256',
'parsed.serial_number', 'parsed.subject.common_name',
'parsed.validity.start', 'parsed.validity.end',
'parsed.issuer.organization', 'parsed.issuer_dn',
'parsed.extensions.basic_constraints.is_ca'
],
'ipv4': [
'443.https.heartbleed.heartbleed_vulnerable',
'443.https.tls.certificate.parsed.extensions.basic_constraints.is_ca',
'443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names',
'443.https.tls.certificate.parsed.fingerprint_sha256',
'443.https.tls.certificate.parsed.issuer.common_name',
'443.https.tls.certificate.parsed.issuer.country',
'443.https.tls.certificate.parsed.issuer.organization',
'443.https.tls.certificate.parsed.issuer_dn',
'443.https.tls.certificate.parsed.names',
'443.https.tls.certificate.parsed.serial_number',
'443.https.tls.certificate.parsed.signature.self_signed',
'443.https.tls.certificate.parsed.subject.common_name',
'443.https.tls.certificate.parsed.subject_dn',
'443.https.tls.certificate.parsed.validity.end',
'443.https.tls.certificate.parsed.validity.start',
'443.https.tls.cipher_suite.name',
'443.https.tls.signature.valid',
'443.https.tls.validation.browser_trusted',
'443.https.tls.version', 'ip'
],
'ports': ['ip', 'ports', 'protocols', 'tags'],
'banners': [
'22.ssh.v2.banner.raw', '143.imap.starttls.banner',
'21.ftp.banner.banner', '23.telnet.banner.banner',
'2323.telnet.banner.banner', '25.smtp.starttls.banner',
'5900.vnc.banner.desktop_name', '5901.vnc.banner.desktop_name',
'5902.vnc.banner.desktop_name', '5903.vnc.banner.desktop_name',
'631.ipp.banner.attr_printer_uris',
'3389.rdp.banner.metadata.description',
'7547.cwmp.get.headers.www_authenticate'
],
'domain': [
'443.https.heartbleed.heartbleed_vulnerable',
'443.https.tls.certificate.parsed.extensions.basic_constraints.is_ca',
'443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names',
'443.https.tls.certificate.parsed.fingerprint_sha256',
'443.https.tls.certificate.parsed.issuer.common_name',
'443.https.tls.certificate.parsed.issuer.country',
'443.https.tls.certificate.parsed.issuer.organization',
'443.https.tls.certificate.parsed.issuer_dn',
'443.https.tls.certificate.parsed.names',
'443.https.tls.certificate.parsed.serial_number',
'443.https.tls.certificate.parsed.signature.self_signed',
'443.https.tls.certificate.parsed.subject.common_name',
'443.https.tls.certificate.parsed.subject_dn',
'443.https.tls.certificate.parsed.validity.end',
'443.https.tls.certificate.parsed.validity.start',
'443.https.tls.cipher_suite.name',
'443.https.tls.signature.valid',
'443.https.tls.validation.browser_trusted',
'443.https.tls.version', 'ip'
]
}
if api_id and api_secret:
self.api_id = api_id
self.api_secret = api_secret
self.mt = MaltegoTransform()
else:
self.mt.addException(
"Please provide valid credentials as either a script parameter or environmental variable"
)