def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
hostid = mt.getVar("hostid")
fn = mt.getVar("niktofile")
if not fn:
mt.addException("Nikto file is either not attached or does not exist")
mt.returnOutput()
else:
nr = NiktoReport(fn)
for d in nr.details:
try:
det = mt.addEntity("msploitego.niktodetail",
"{}:{}".format(d.description, hostid))
except Exception:
continue
det.setValue("{}:{}".format(d.description, hostid))
det.addAdditionalFields("description", "Description", False,
d.description)
det.addAdditionalFields("iplink", "IP Link", False, d.iplink)
det.addAdditionalFields("namelink", "Name Link", False, d.namelink)
det.addAdditionalFields("uri", "URI", False, d.uri)
inheritvalues(det, mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(
port,
"http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ",
ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability",
"{}:{}".format(res.get("id"), hostid))
apachevuln.setValue("{}:{}".format(res.get("id"), hostid))
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
apachevuln.addAdditionalFields(hostid, "Host Id", False, hostid)
inheritvalues(apachevuln, mt.values)
for k, v in res.get("elements").items():
if isinstance(v, dict):
apachevuln.addAdditionalFields("vuln", "Vuln", False, k)
for key, value in v.items():
if value and value.strip():
apachevuln.addAdditionalFields(
key, key.capitalize(), False, value.strip())
elif v and v.strip():
apachevuln.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
noteon = mt.getValue()
noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon))
noteent.setValue("Note:{}".format(noteon))
noteent.addAdditionalFields("note", "Note", False, "")
noteent.addAdditionalFields("link", "Link", False, "")
inheritvalues(noteent, mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
for workspace in mpost.getWorkspaces():
wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name"))
wsentity.setValue(workspace.get("name"))
wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id")))
wsentity.addAdditionalFields("db", "Database", False, db)
inheritvalues(wsentity, mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
hostid = mt.getVar("id")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for session in mpost.getSessionsForHost(hostid):
sessionentity = mt.addEntity("msploitego.MeterpreterSession", "{}:{}".format(ip,str(session.get("sessionid"))))
sessionentity.setValue("{}:{}".format(ip,str(session.get("sessionid"))))
for k,v in session.items():
if isinstance(v,datetime):
sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v))
inheritvalues(sessionentity,mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
workspace = mt.getValue()
workspaceid = mt.getVar("workspaceid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
for host in mpost.getAllHosts(workspaceid):
hostentity = mt.addEntity("maltego.IPv4Address", host.get("address"))
hostentity.setValue(host.get("address"))
for k,v in host.items():
if isinstance(v,datetime):
hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False, str(v))
inheritvalues(hostentity, mt.values)
hostentity.addAdditionalFields("workspace", "Workspace Name", False, workspace)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
hostid = mt.getVar("hostid")
port = mt.getVar("port")
ip = mt.getVar("ip")
rep = scriptrunner(port, "http-security-headers", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").strip()
if output:
secheader = mt.addEntity("msploitego.httpsecureheaders",
"{}:{}".format(res.get("id"), hostid))
secheader.setValue("{}:{}".format(res.get("id"), hostid))
secheader.addAdditionalFields("details", "Details", False,
output)
inheritvalues(secheader, mt)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()