def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
cve = res.get("elements").popitem()
if len(cve) > 0:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability", cve[0])
apachevuln.setValue(cve[0])
if isinstance(cve[1],dict):
details = cve[1]
for key,value in details.items():
if value and value.strip():
apachevuln.addAdditionalFields(key, key, False, value.strip())
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|low")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if msreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule",
msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False,
msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex,output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False, "\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-csrf", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
csrfentity = mt.addEntity(
"msploitego.CSFR", "{}:{}".format(scriptrun.get("id"), hostid))
csrfentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
csrfentity.addAdditionalFields("data", "Data", True, output)
csrfentity.addAdditionalFields("servicename", "Service Name", True,
servicename)
csrfentity.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
csrfentity.addAdditionalFields("hostid", "Host Id", True, hostid)
csrfentity.addAdditionalFields("workspace", "Workspace", True,
workspace)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-users", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\")
bucket = bucketparser(regex,output)
for item in bucket:
userentity = mt.addEntity("msploitego.SambaUser", item.get("Header"))
userentity.setValue(item.get("Header"))
userentity.addAdditionalFields("ip", "IP Address", False, ip)
userentity.addAdditionalFields("port", "Port", False, port)
for k,v in item.items():
userentity.addAdditionalFields(k, k.capitalize(), False, v.strip())
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
fn = mt.getVar("niktofile")
if not fn:
mt.addException("Nikto file is either not attached or does not exist")
mt.returnOutput()
else:
nr = NiktoReport(fn)
for d in nr.details:
det = mt.addEntity("msploitego.niktodetail", d.description)
det.setValue(d.description[0:45])
det.addAdditionalFields("description","Description",False,d.description)
det.addAdditionalFields("iplink", "IP Link", False, d.iplink)
det.addAdditionalFields("namelink", "Name Link", False, d.namelink)
det.addAdditionalFields("uri", "URI", False, d.uri)
det.addAdditionalFields("ip", "IP", False, ip)
det.addAdditionalFields("port", "IP", False, port)
if len(d.get("uri")) > 2:
webdir = mt.addEntity("maltego.URL", d.get("iplink"))
webdir.setValue(d.get("iplink"))
# elif d.get("namelink"):
# webdir = mt.addEntity("maltego.URL", d.get("namelink"))
# webdir.setValue(d.get("namelink"))
webdir.addAdditionalFields("ip", "IP", False, ip)
webdir.addAdditionalFields("port", "IP", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
name = mt.getVar("name")
rep = scriptrunner(port, "http-csrf", ip)
tags = ["Path", "Form id", "Form action"]
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
csrfentity = None
for line in output.split("\n"):
if any(x in line for x in tags):
sline = line.split(":")
tag = sline[0].lstrip()
data = ":".join(sline[1::])
if tag == "Path":
csrfentity = mt.addEntity("msploitego.CSFR", data)
csrfentity.setValue(data)
elif tag == "Form id":
csrfentity.addAdditionalFields("formid", "Form ID", True, data)
elif tag == "Form action":
csrfentity.addAdditionalFields("formaction", "Form Action", True, data)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
creds = mpost.getCredentials()
for cred in mpost.getCredentials():
if cred.get("type") == "Metasploit::Credential::Password":
entityname = "msploitego.Password"
data = cred.get("data").split(":")[0]
elif cred.get("type") == "Metasploit::Credential::NTLMHash":
entityname = "msploitego.EncryptedPassword"
data = cred.get("data")
else:
entityname = "msploitego.Credentials"
data = cred.get("data")
hostentity = mt.addEntity(entityname, data)
hostentity.setValue(data)
for k,v in cred.items():
if isinstance(v,datetime):
hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False, str(v))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex, output)
for item in bucket:
serviceent = mt.addEntity(
"maltego.Service", "{}:{}".format(item.get("Header"),
hostid))
serviceent.setValue("{}:{}".format(item.get("Header"), hostid))
serviceent.addAdditionalFields("displayname", "Service Name",
False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex, output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability",
res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k, v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False,
"\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(
k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(port, "msrpc-enum", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
popent = mt.addEntity("msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
popent.setValue("{}:{}".format(scriptrun.get("id"), hostid))
popent.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
popent.addAdditionalFields("ip", "IP Address", False, ip)
popent.addAdditionalFields("port", "Port", False, port)
popent.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-security-headers", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").strip()
if output:
secheader = mt.addEntity("msploitego.httpsecureheaders",
"{}:{}".format(res.get("id"), hostid))
secheader.setValue("{}:{}".format(res.get("id"), hostid))
secheader.addAdditionalFields("details", "Details", False,
output)
secheader.addAdditionalFields("servicename", "Service Name",
True, servicename)
secheader.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
secheader.addAdditionalFields("hostid", "Host Id", True,
hostid)
secheader.addAdditionalFields("workspace", "Workspace", True,
workspace)
secheader.addAdditionalFields("ip", "IP Address", False, ip)
secheader.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-sitemap-generator", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
webdir = mt.addEntity(
"msploitego.WebDirectoryInfo",
"{}:{}:{}".format(res.get("id"), hostid, port))
webdir.setValue("{}:{}:{}".format(res.get("id"), hostid, port))
webdir.addAdditionalFields("data", "Data", True, output)
webdir.addAdditionalFields("servicename", "Service Name", True,
servicename)
webdir.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
webdir.addAdditionalFields("hostid", "Host Id", True, hostid)
webdir.addAdditionalFields("workspace", "Workspace", True,
workspace)
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for loot in mpost.getLootforHost(ip):
if loot.get("name"):
lootentity = mt.addEntity("msploitego.MetasploitLoot", loot.get("name"))
lootentity.setValue(loot.get("name"))
else:
lootentity = mt.addEntity("msploitego.MetasploitLoot", loot.get("ltype"))
lootentity.setValue(loot.get("ltype"))
for k,v in loot.items():
if isinstance(v,datetime):
lootentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
lootentity.addAdditionalFields(k, k.capitalize(), False, str(v))
lootentity.addAdditionalFields("user", "User", False, user)
lootentity.addAdditionalFields("password", "Password", False, password)
lootentity.addAdditionalFields("db", "db", False, db)
lootentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-comments-displayer", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
regex = re.compile("^\s+Path:")
results = bucketparser(regex, scriptrun.get("output").split("\n"))
for res in results:
k, v = res.get("Header").split(":", 1)
commententity = mt.addEntity("msploitego.SourceCodeComment", v)
commententity.setValue(v)
commententity.addAdditionalFields(
"comment", "Comment", False, "\n".join(res.get("Details")))
commententity.addAdditionalFields("linenumber",
"Line Number", False,
res.get("Line number"))
commententity.addAdditionalFields("path", "Path", False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-mbenum", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s{2}\w")
bucket = bucketparser(regex, output, sep=" ")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.WindowsMasterBrowser",
"{}:{}".format(header, hostid))
shareentity.setValue("{}:{}".format(header, hostid))
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
if k == "Header" or k == "Details":
continue
shareentity.addAdditionalFields(k.lower(), k, False,
"{}/{}".format(k, v))
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(
port,
"ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor",
ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
scriptid = scriptrun.get("id")
if scriptid.lower() == "ftp-vuln-cve2010-4221":
scriptid = "cve-2010-4221"
vulnentity = mt.addEntity("msploitego.FTPVulnerability",
"{}:{}".format(scriptid, hostid))
vulnentity.setValue("{}:{}".format(scriptid, hostid))
vulnentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding on this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(
port,
"http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ",
ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability",
"{}:{}".format(res.get("id"), hostid))
apachevuln.setValue("{}:{}".format(res.get("id"), hostid))
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
apachevuln.addAdditionalFields(hostid, "Host Id", False, hostid)
inheritvalues(apachevuln, mt.values)
for k, v in res.get("elements").items():
if isinstance(v, dict):
apachevuln.addAdditionalFields("vuln", "Vuln", False, k)
for key, value in v.items():
if value and value.strip():
apachevuln.addAdditionalFields(
key, key.capitalize(), False, value.strip())
elif v and v.strip():
apachevuln.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
creds = mpost.getCredentials()
for cred in mpost.getCredentials():
if cred.get("type") == "Metasploit::Credential::Password":
entityname = "msploitego.Password"
data = cred.get("data").split(":")[0]
elif cred.get("type") == "Metasploit::Credential::NTLMHash":
entityname = "msploitego.EncryptedPassword"
data = cred.get("data")
else:
entityname = "msploitego.Credentials"
data = cred.get("data")
hostentity = mt.addEntity(entityname, data)
hostentity.setValue(data)
for k, v in cred.items():
if isinstance(v, datetime):
hostentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-users", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\")
bucket = bucketparser(regex, output)
for item in bucket:
userentity = mt.addEntity("msploitego.SambaUser",
item.get("Header"))
userentity.setValue(item.get("Header"))
userentity.addAdditionalFields("ip", "IP Address", False, ip)
userentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
userentity.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-mbenum", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s{2}\w")
bucket = bucketparser(regex,output,sep=" ")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header,hostid))
shareentity.setValue("{}:{}".format(header,hostid))
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k,v in item.items():
if k == "Header" or k == "Details":
continue
shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k,v))
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
body = mt.getVar("body")
url = mt.getValue()
details = None
if body:
details = body
else:
bashlog = bashrunner("wget -qO- {}".format(url))
if bashlog:
details = "".join(bashlog)
if details:
webfile = mt.addEntity("msploitego.WebFile", url)
webfile.setValue(url)
webfile.addAdditionalFields("details", "Details", False, details)
webfile.addAdditionalFields("url", "Site URL", False, url)
webfile.addAdditionalFields("ip", "IP Address", False, ip)
webfile.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for host in mpost.getAllHosts():
hostentity = mt.addEntity("maltego.IPv4Address", host.get("address"))
hostentity.setValue(host.get("address"))
for k, v in host.items():
if isinstance(v, datetime):
hostentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
hostentity.addAdditionalFields("user", "User", False, user)
hostentity.addAdditionalFields("password", "Password", False, password)
hostentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-robots.txt", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
for line in output.split("\n"):
if line.lstrip()[0] == "/":
for d in line.lstrip().strip().split():
webdirentity = mt.addEntity("maltego.WebDir", d)
webdirentity.setValue(d)
webdirentity.addAdditionalFields(
"ip", "IP Address", False, ip)
webdirentity.addAdditionalFields(
"port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-robots.txt", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
for line in output.split("\n"):
if line.lstrip()[0] == "/":
for d in line.lstrip().strip().split():
webdirentity = mt.addEntity(
"maltego.WebDir",
"{}:{}:{}".format(d, hostid, port))
webdirentity.setValue("{}:{}:{}".format(
d, hostid, port))
webdirentity.addAdditionalFields(
"ip", "IP Address", False, ip)
webdirentity.addAdditionalFields(
"port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-shares", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex, output, method="search")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.SambaShare", header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name",
False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share",
False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
if res.get("elements"):
for key, elem in res.get("elements").items():
vulnentity = mt.addEntity("msploitego.XSSVulnerability",
elem.get("title"))
vulnentity.setValue(res.get("title"))
vulnentity.addAdditionalFields("vulnid", "Vuln ID", False,
res.get("id"))
vulnentity.addAdditionalFields("description",
"Description", False,
res.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False,
ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k, v in elem.items():
if v.strip():
vulnentity.addAdditionalFields(
k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
hostid = mt.getVar("id")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for vuln in mpost.getforHost(ip, "vulns"):
vulnentity = mt.addEntity("maltego.Vulnerability", vuln.get("name"))
vulnentity.setValue(vuln.get("name"))
vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
for k, v in vuln.items():
if isinstance(v, datetime):
vulnentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
vulnentity.addAdditionalFields("user", "User", False, user)
vulnentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(
port,
"smtp-commands,smtp-enum-users,smtp-open-relay,smtp-vuln-cve2011-1764",
ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity(
"msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
infoentity.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-sitemap-generator", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^\s{4}/")
for line in output:
if regex.match(line):
webdir = mt.addEntity(
"maltego.WebDir",
"{}:{}".format(line.strip().lstrip(), hostid))
webdir.setValue("{}:{}".format(line.strip().lstrip(),
hostid))
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
excludes = ["Nessus Scan Information"]
# entitytags = ["hostid", "info", "name","vulnattemptcount"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
vulncount = int(mt.getVar("vulncount"))
if vulncount > 0:
for vuln in host.vulns:
vulnent = mt.addEntity("maltego.Vulnerability", vuln.name)
vulnent.setValue("{}/{}".format(vuln.name, host.address))
vulnent.addAdditionalFields("refs", "References", False,
",".join([x.ref for x in vuln.refs]))
vulnent.addAdditionalFields("ipaddress", "IP Address", False,
host.address)
vulnent.addAdditionalFields("hostid", "Host ID", False, host.id)
vulnent.addAdditionalFields("os", "OS Name", False, host.osname)
for tag, val in vuln:
if isinstance(val, str):
vulnent.addAdditionalFields(tag, tag.capitalize(), False,
val)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-groups", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
for item in output:
d = item.split()
groupentity = mt.addEntity("msploitego.UserGroup", d[0])
groupentity.setValue(d[0])
groupentity.addAdditionalFields("groupname", "Group Name",
False, d[0])
groupentity.addAdditionalFields("details", "Details", False,
" ".join(d[1::]))
groupentity.addAdditionalFields("ip", "IP Address", False, ip)
groupentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner("53,5353", "dns-random-srcport,dns-random-txid,dns-recursion,dns-service-discovery", ip, args="-sU")
if rep:
for service in rep.hosts[0].services:
for res in service.scripts_results:
output = res.get("output")
dnsinfo = mt.addEntity("msploitego.DNSInformation", "{}:{}".format(res.get("id"),hostid))
dnsinfo.setValue("{}:{}".format(res.get("id"),hostid))
dnsinfo.addAdditionalFields("data", "Data", True, output)
dnsinfo.addAdditionalFields("servicename", "Service Name", True, servicename)
dnsinfo.addAdditionalFields("serviceid", "Service Id", True, serviceid)
dnsinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
dnsinfo.addAdditionalFields("workspace", "Workspace", True, workspace)
dnsinfo.addAdditionalFields("ip", "IP Address", False, ip)
dnsinfo.addAdditionalFields("port", "Port", False, str(service.port))
dnsinfo.addAdditionalFields("protocol", "Protocol", False, service.protocol)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
if res.get("elements"):
for key, elem in res.get("elements").items():
vulnentity = mt.addEntity("msploitego.XSSVulnerability", elem.get("title"))
vulnentity.setValue(res.get("title"))
vulnentity.addAdditionalFields("vulnid", "Vuln ID", False, res.get("id"))
vulnentity.addAdditionalFields("description", "Description", False, res.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in elem.items():
if v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port,
"ssh-auth-methods,ssh-hostkey",
ip,
scriptargs="ssh_hostkey=all")
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity(
"msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
fn = mt.getVar("niktofile")
if not fn:
mt.addException("Nikto file is either not attached or does not exist")
mt.returnOutput()
else:
nr = NiktoReport(fn)
for d in nr.details:
det = mt.addEntity("msploitego.niktodetail", d.description)
det.setValue(d.description[0:25])
det.addAdditionalFields("description", "Description", False,
d.description)
det.addAdditionalFields("iplink", "IP Link", False, d.iplink)
det.addAdditionalFields("namelink", "Name Link", False, d.namelink)
det.addAdditionalFields("uri", "URI", False, d.uri)
det.addAdditionalFields("ip", "IP", False, ip)
det.addAdditionalFields("port", "IP", False, port)
if len(d.get("uri")) > 2:
webdir = mt.addEntity("maltego.URL", d.get("iplink"))
webdir.setValue(d.get("iplink"))
# elif d.get("namelink"):
# webdir = mt.addEntity("maltego.URL", d.get("namelink"))
# webdir.setValue(d.get("namelink"))
webdir.addAdditionalFields("ip", "IP", False, ip)
webdir.addAdditionalFields("port", "IP", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
excludes = ["Nessus Scan Information"]
# entitytags = ["hostid", "info", "name","vulnattemptcount"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
vulncount = int(mt.getVar("vulncount"))
if vulncount > 0:
for vuln in host.vulns:
vulnent = mt.addEntity("maltego.Vulnerability", vuln.name)
vulnent.setValue("{}/{}".format(vuln.name,host.address))
vulnent.addAdditionalFields("refs", "References", False, ",".join([x.ref for x in vuln.refs]))
vulnent.addAdditionalFields("ipaddress", "IP Address", False, host.address)
vulnent.addAdditionalFields("hostid", "Host ID", False, host.id)
vulnent.addAdditionalFields("os", "OS Name", False, host.osname)
for tag,val in vuln:
if isinstance(val,str):
vulnent.addAdditionalFields(tag, tag.capitalize() , False, val)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = []
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = []
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
server = mt.getVar("server")
if not server:
server = mt.getVar("machinename")
workgroup = mt.getVar("workgroup")
path = mt.getVar("path")
domaindns = mt.getVar("domain_dns")
sharename = mt.getVar("sharename")
if not workgroup:
workgroup = "WORKGROUP"
# conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True,is_direct_tcp=True)
conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True)
conn.connect(ip, int(port))
regex = re.compile("^\.{1,2}$")
try:
files = conn.listPath(sharename, path)
except NotReadyError:
accessdenied = mt.addEntity("msploitego.AccessDenied",sharename)
accessdenied.setValue(sharename)
else:
for file in files:
filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore')
if file.isDirectory:
if not regex.match(filename):
entityname = "msploitego.SambaShare"
newpath = "{}/{}".format(path,filename)
else:
continue
else:
entityname = "msploitego.SambaFile"
newpath = "{}/{}".format(path, filename)
sambaentity = mt.addEntity(entityname,"{}/{}{}".format(ip,sharename,newpath))
sambaentity.setValue("{}/{}{}".format(ip,sharename,newpath))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("filename", "Filename", False, filename)
sambaentity.addAdditionalFields("path", "Path", False, newpath)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
if domaindns:
sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns)
sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename)
conn.close()
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
for page in host.webpages:
setentity(mt,page)
for form in host.webforms:
setentity(mt,form)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
module = mt.getValue()
falsepos = mt.addEntity("msploitego.Checked", "{}:{}".format(module,ip,port))
falsepos.setValue("{}:{}".format(module,ip,port))
falsepos.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
server = mt.getVar("server")
workgroup = mt.getVar("workgroup")
account = mt.getVar("account_used")
path = mt.getVar("sambapath")
domaindns = mt.getVar("domain_dns")
if not path:
path = "/"
conn = SMBConnection('admin', 'admin', "localhost", server, domain=workgroup, use_ntlm_v2=True,
is_direct_tcp=True)
conn.connect(ip, int(port))
shares = conn.listShares()
regex = re.compile("^\.{1,2}$")
for share in shares:
if not share.isSpecial and share.name not in ['NETLOGON', 'SYSVOL']:
sharename = unicodedata.normalize("NFKD", share.name).encode('ascii', 'ignore')
for file in conn.listPath(share.name, path):
filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore')
if file.isDirectory:
if not regex.match(filename):
entityname = "msploitego.SambaShare"
newpath = "{}/{}/".format(path,filename)
else:
continue
# subpath = conn.listPath(share.name, '/{}'.format(filename))
else:
entityname = "msploitego.SambaFile"
newpath = "{}/{}".format(path, filename)
sambaentity = mt.addEntity(entityname,"{}/{}/{}".format(ip,sharename,filename))
sambaentity.setValue("{}/{}/{}".format(ip,sharename,filename))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("filename", "Filename", False, filename)
sambaentity.addAdditionalFields("path", "Path", False, newpath)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns)
sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
website = mt.addEntity("maltego.Website", "http://{}:{}".format(ip,port))
website.setValue("http://{}:{}".format(ip,port))
website.addAdditionalFields("url", "Site URL", False, "http://{}:{}".format(ip,port))
website.addAdditionalFields("ip", "IP Address", False, ip)
website.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
path = mt.getVar("uri")
namelink = mt.getVar("namelink")
urlent = mt.addEntity("msploitego.SiteURL", namelink)
urlent.setValue(namelink)
urlent.addAdditionalFields("ip", "IP Address", False, ip)
urlent.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "dns-nsid", ip, args="-sSU")
for res in rep.hosts[0].services[0].scripts_results:
id = res.get("id")
if id:
dnsnsid = mt.addEntity("msploitego.dnsnsid", "{}:{}".format(id,hostid))
dnsnsid.setValue("{}:{}".format(id,hostid))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = ["name", "address", "servicecount", "osname", "state", "mac","vulncount","purpose", "osflavor",
"osfamily", "notecount"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mdb = MetasploitXML(fn)
for host in mdb.hosts:
hostentity = mt.addEntity("maltego.IPv4Address", host.address)
hostentity.setValue(host.address)
hostentity.addAdditionalFields("fromfile", "Source File", False, fn)
tags = host.getTags()
for etag in entitytags:
if etag in tags:
hostentity.addAdditionalFields(etag, etag, False, host.getVal(etag))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
for cve in cvereg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
url = mt.getValue()
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
# gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
bashlog = bashrunner("gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}".format(url))
for line in bashlog:
webdir = mt.addEntity("maltego.WebDir", line.split()[0])
webdir.setValue(line.split()[0])
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
webdir.addAdditionalFields("url", "URL", False, url)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, scripts, ip, scriptargs="unsafe=1")
for scriptrun in rep.hosts[0].scripts_results:
id = scriptrun.get("id")
if id and "ERROR" not in scriptrun.get("output"):
smbvuln = mt.addEntity("msploitego.SambaVulnerability", "{}:{}".format(id,hostid))
smbvuln.setValue("{}:{}".format(id,hostid))
smbvuln.addAdditionalFields("description", "Description", False, scriptrun.get("output"))
smbvuln.addAdditionalFields("IP", "IP Address", False, ip)
smbvuln.addAdditionalFields("Port", "Port", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smtp-enum-users", ip)
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
for username in output.split(","):
username = username.strip().lstrip()
userentity = mt.addEntity("maltego.Alias", username)
userentity.setValue(username)
userentity.addAdditionalFields("sourceip", "Source IP", False, ip)
userentity.addAdditionalFields("sourceport", "Source Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all")
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
fn = mt.getValue()
path = mt.getVar("path")
bashlog = bashrunner("cat {}".format(path))
details = "".join(bashlog)
if details:
fileent = mt.addEntity("msploitego.LootFile", fn)
fileent.setValue(fn)
fileent.addAdditionalFields("details", "Details", False, details)
fileent.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-security-headers", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
lines = output.split("\n")
for line in lines:
if not line.strip():
lines.remove(line)
secheader = mt.addEntity("msploitego.httpsecureheaders", output)
secheader.setValue(output[0:25])
secheader.addAdditionalFields("details", "Details", False, output)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for session in mpost.getForAllHosts("sessions"):
sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id")))
sessionentity.setValue(str(session.get("id")))
for k,v in session.items():
if isinstance(v,datetime):
sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v))
sessionentity.addAdditionalFields("user", "User", False, user)
sessionentity.addAdditionalFields("password", "Password", False, password)
sessionentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
scriptid = scriptrun.get("id")
if scriptid.lower() == "ftp-vuln-cve2010-4221":
scriptid = "cve-2010-4221"
vulnentity = mt.addEntity("msploitego.FTPVulnerability", scriptid)
vulnentity.setValue(scriptid)
vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
proto = mt.getVar("proto")
service = mt.getValue()
rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip)
if rep.hosts[0].status == "up":
d = {}
for res in rep.hosts[0].scripts_results:
elems = res.get("elements")
for k,v in elems.items():
if v and v.strip():
d.update({k:v})
server = d.get("server").split("\\")[0]
workgroup = d.get("workgroup").split("\\")[0]
sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup))
sambaentity.setValue("{}:{}".format(server,workgroup))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("info", "Info", False, d.get("os"))
sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn"))
sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os"))
sambaentity.addAdditionalFields("service.name", "Description", False, service)
sambaentity.addAdditionalFields("properties.service", "Service", False, service)
sambaentity.addAdditionalFields("proto", "Protocol", False, proto)
for k,v in d.items():
if any(x in k for x in ["server","workgroup"]):
continue
sambaentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
machinename = mt.getVar("machinename")
rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS")
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex,output,method="search")
for item in bucket:
warning = item.get("Warning")
if warning and re.search("denied",warning, re.I):
enitiyname = "msploitego.AccessDenied"
else:
enitiyname = "msploitego.SambaShare"
header = item.get("Header")
shareentity = mt.addEntity(enitiyname, header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name", False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share", False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
if machinename:
shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename)
for k,v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
