def dotransform(request, response):
ip = request.value
dump = request.fields['dumpfile']
x = parse_netflow(dump)
for i in x:
dstip = i[6]
dstip = dstip.split(':')[0]
proto = i[3]
if ip in dstip:
dport = i[6]
dport = dport.split(':')[1]
e = Port(dport)
e += Field('dumpfile',
dump,
displayname='Dump File',
matchingrule='loose')
# e.linklabel = proto
if proto == 'TCP':
e.linkcolor = 0xff0000
if proto == 'UDP':
e.linkcolor = 0x002bff
if proto == 'ICMP':
e.linkcolor = 0x2f9a0d
response += e
else:
pass
return response
def dotransform(request, response):
ns = login()
vulns = Report(ns, request.fields['nessusreport.uuid'], '').vulnerabilities
for h in vulns[request.fields['nessusplugin.id']].hosts:
p = Port(h.port)
p.destination = h.name
p.status = 'Open'
p.protocol = h.protocol
response += p
return response
def dotransform(request, response):
ns = login()
vulns = Report(ns, request.fields['nessusreport.uuid'], '').vulnerabilities
for h in vulns[request.fields['nessusplugin.id']].hosts:
p = Port(h.port)
p.destination = h.name
p.status = 'Open'
p.protocol = h.protocol
response += p
return response
def dotransform(request, response):
s = login(host=request.entity.server, port=request.entity.port)
if s is None:
return response
vulns = Report(s, request.entity.uuid, '').vulnerabilities
for h in vulns[request.entity.pluginid].hosts:
p = Port(h.port)
p.destination = h.name
p.status = 'Open'
p.protocol = h.protocol
response += p
return response
def dotransform(request, response):
s = login(host=request.entity.server, port=request.entity.port)
if s is None:
return response
vulns = Report(s, request.entity.uuid, '').vulnerabilities
for h in vulns[request.entity.pluginid].hosts:
p = Port(h.port)
p.destination = h.name
p.status = 'Open'
p.protocol = h.protocol
response += p
return response
def dotransform(request, response):
checkdir(config['nexpose/reportdir'])
# Nexpose API session login
session = nexlogin()
# Nexpose Adhoc report generation and save to file
siteid = request.fields['siteid']
report = '%s.xml' % siteid
reportstatus = reportChecker(session, siteid, report)
if reportstatus == True:
f = open(os.path.join(config['nexpose/reportdir'], report))
reporto = f.read()
f.close
else:
raise MaltegoException('Something went wrong with the report checks')
for dic in nexposePort(reporto):
for key, val in dic.iteritems():
response += Port(key,
siteid=siteid,
scanid=request.fields['scanid'],
protocol=val[0],
status=val[1])
return response
nexlogout(session)
def dotransform(request, response):
params = parse_args(request.params)
ports = portrange(
params.target_ports
) if params.target_ports is not None else config['irsscan/target_ports']
dst = params.target_host if params.target_host is not None else config[
'irsscan/target_host']
global q
q = Queue()
debug('Sending probes to %s' % dst)
# This is the template used to send traffic
p = Ether() / IP(dst=dst, id=int(RandShort())) / TCP(
dport=ports, sport=int(RandShort()), seq=int(RandInt()))
# We need to fix these values so that Scapy doesn't poop all over them
p.dst = router_mac = p.dst
p.src = my_mac = p.src
# Begin the evil... mwuahahahahaha..
apw = ArpCachePoisoner(my_mac, router_mac)
apw.start()
# Loop through our IP address block and send out the probes
for i in iprange(request.value):
# Queue and set the current IP we are poisoning for the poisoner.
q.put(str(i))
p[IP].src = str(i)
sleep(0.5)
# Send the probes!
ans, unans = srp(p,
retry=config['irsscan/sr_retries'],
timeout=config['irsscan/sr_timeout'],
verbose=config['irsscan/sr_verbose'])
if ans:
for a in ans:
req, res = a
e = Port(req.dport)
e.source = req[IP].src
e.destination = req[IP].dst
e.protocol = 'tcp'
e += Label('Summary', res.summary())
if TCP in res:
e.response = res[TCP].sprintf('TCP:%flags%')
e.status = PortStatus.Closed if (res[TCP].flags
& 4) else PortStatus.Open
elif ICMP in res:
e.response = res[ICMP].sprintf('ICMP:%type%')
e.status = PortStatus.TimedOut
response += e
if unans:
for u in unans:
e = Port(u.dport)
e.source = u[IP].src
e.destination = u[IP].dst
e.status = PortStatus.TimedOut
e.response = 'none'
response += e
# Goodbye!
q.put(None)
apw.join()
return response
def dotransform(request, response):
params = parse_args(request.params)
ports = portrange(params.target_ports) if params.target_ports is not None else config['irsscan/target_ports']
dst = params.target_host if params.target_host is not None else config['irsscan/target_host']
global q
q = Queue()
debug('Sending probes to %s' % dst)
# This is the template used to send traffic
p = Ether()/IP(dst=dst, id=int(RandShort()))/TCP(dport=ports, sport=int(RandShort()), seq=int(RandInt()))
# We need to fix these values so that Scapy doesn't poop all over them
p.dst = router_mac = p.dst
p.src = my_mac = p.src
# Begin the evil... mwuahahahahaha..
apw = ArpCachePoisoner(my_mac, router_mac)
apw.start()
# Loop through our IP address block and send out the probes
for i in iprange(request.value):
# Queue and set the current IP we are poisoning for the poisoner.
q.put(str(i))
p[IP].src = str(i)
sleep(0.5)
# Send the probes!
ans, unans = srp(
p,
retry=config['irsscan/sr_retries'],
timeout=config['irsscan/sr_timeout'],
verbose=config['irsscan/sr_verbose']
)
if ans:
for a in ans:
req, res = a
e = Port(req.dport)
e.source = req[IP].src
e.destination = req[IP].dst
e.protocol = 'tcp'
e += Label('Summary', res.summary())
if TCP in res:
e.response = res[TCP].sprintf('TCP:%flags%')
e.status = PortStatus.Closed if (res[TCP].flags & 4) else PortStatus.Open
elif ICMP in res:
e.response = res[ICMP].sprintf('ICMP:%type%')
e.status = PortStatus.TimedOut
response += e
if unans:
for u in unans:
e = Port(u.dport)
e.source = u[IP].src
e.destination = u[IP].dst
e.status = PortStatus.TimedOut
e.response = 'none'
response += e
# Goodbye!
q.put(None)
apw.join()
return response
