def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide an ip_addr!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
if ip_addr != "":
ip = ip_addr.split('.')
ip_addr = ip[0] + "." + ip[1] + "." + ip[2]
input = '"%' + ip_addr + '%"'
sql1 = "SELECT * FROM ip where ip_addr like " + input
# checking database, ip table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
source = found1[i][2]
ip_addr = found1[i][5]
# adding entity IP Entity
if ip_addr != '' and ip_addr != sys.argv[1]:
entity = MaltegoEntity()
entity.setType("maltego.IPv4Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide an ip_addr!")
sys.exit()
else:
input = sys.argv[1].split("=")
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
if ip_addr != "":
ip = ip_addr.split(".")
ip_addr = ip[0] + "." + ip[1] + "." + ip[2]
input = '"%' + ip_addr + '%"'
sql1 = "SELECT * FROM ip where ip_addr like " + input
# checking database, ip table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
source = found1[i][2]
ip_addr = found1[i][5]
# adding entity IP Entity
if ip_addr != "" and ip_addr != sys.argv[1]:
entity = MaltegoEntity()
entity.setType("maltego.IPv4Address")
entity.setValue(ip_addr)
entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080")
me.addEntityToMessage(entity)
else:
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName,None,MISP_EVENT_PUBLISH)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent',eid);
me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid )
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me);
returnSuccess("event", eid, None, mt)
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS,
eventName, None, MISP_EVENT_PUBLISH)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent', eid)
me.addAdditionalFields('EventLink', 'EventLink', False,
BASE_URL + '/events/view/' + eid)
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me)
returnSuccess("event", eid, None, mt)
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
mispevent = MISPEvent()
mispevent.analysis = MISP_ANALYSIS
mispevent.date = datetime.now()
mispevent.distribution = MISP_DISTRIBUTION
mispevent.info = eventName
mispevent.threat_level_id = MISP_THREAT
mispevent.published = MISP_EVENT_PUBLISH
event = misp.add_event(mispevent)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent', eid)
me.addAdditionalFields('EventLink', 'EventLink', False,
BASE_URL + '/events/view/' + eid)
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me)
returnSuccess("event", eid, None, mt)
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
registrant = input[1]
else:
registrant = input[0]
# checking database, whois table
c.execute("SELECT * FROM whois where registrant=?", ((registrant), ))
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
domain = found1[i][3]
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity domain
if domain != '':
entity = MaltegoEntity()
entity.setType("maltego.Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
me.addEntityToMessage(entity)
# checking database, passive_whois table
c.execute("SELECT * FROM passive_whois where registrant=?",
((registrant), ))
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
domain = found2[i][3]
scan_date = found2[i][4]
c_date = found2[i][5]
registrar = found2[i][6]
nameServer = found2[i][7]
email = found2[i][8]
tel = found2[i][9]
registrant = found2[i][10]
# adding entity domain
if domain != '':
entity = MaltegoEntity()
entity.setType("maltego.Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '',
True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '',
True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
email = input[1]
else:
email = input[0]
e = email.split('@')
input = '"%' + e[1] + '%"'
sql1 = "SELECT * FROM whois where email like " + input
sql2 = "SELECT * FROM passive_whois where email like " + input
# checking database, whois table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
domain = found1[i][3]
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# checking database, passive_whois table
c.execute(sql2)
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
domain = found2[i][3]
scan_date = found2[i][4]
c_date = found2[i][5]
registrar = found2[i][6]
nameServer = found2[i][7]
email = found2[i][8]
tel = found2[i][9]
registrant = found2[i][10]
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
name = input[1]
else:
name = input[0]
#print "Checking ... " + name
c.execute("SELECT * FROM samples where name=?", ((name), ))
found = c.fetchone()
if found is not None:
sid = found[0]
md5sum = found[1]
# checking database, detects
c.execute(
"SELECT * FROM detects where sid=? and (vendor='AcAfee' or vendor='Kaspersky' or vendor='F-Secure')",
((sid), ))
found1 = c.fetchone()
if found1 is not None:
result = found1[3]
entity = MaltegoEntity()
entity.setType("ran2.exploits")
entity.setValue(result)
entity.addAdditionalFields('notes#', '', True, md5sum)
me.addEntityToMessage(entity)
# checking database, c2 table
c.execute("SELECT * FROM c2 where sid=?", ((sid), ))
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
scan_date = found2[i][2]
dns = found2[i][3]
ip_addr = found2[i][4]
# adding entity hostname + ip_addr (scan_date) ...
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0xFF0000')
me.addEntityToMessage(entity)
entity = MaltegoEntity()
entity.setType("ran2.c2Hostname")
entity.setValue(dns)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0xFF0000')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
me.returnOutput()
conn.commit()
c.close()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
name = input[1]
else:
name = input[0]
#print "Checking ... " + name
c.execute("SELECT * FROM samples where name=?", ((name),))
found = c.fetchone()
if found is not None:
sid = found[0]
md5sum = found[1]
# checking database, detects
c.execute("SELECT * FROM detects where sid=? and (vendor='AcAfee' or vendor='Kaspersky' or vendor='F-Secure')", ((sid),))
found1 = c.fetchone()
if found1 is not None:
result = found1[3]
entity = MaltegoEntity()
entity.setType("ran2.exploits")
entity.setValue(result)
entity.addAdditionalFields('notes#', '', True, md5sum)
me.addEntityToMessage(entity)
# checking database, c2 table
c.execute("SELECT * FROM c2 where sid=?", ((sid),))
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
scan_date = found2[i][2]
dns = found2[i][3]
ip_addr = found2[i][4]
# adding entity hostname + ip_addr (scan_date) ...
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
entity = MaltegoEntity()
entity.setType("ran2.c2Hostname")
entity.setValue(dns)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
me.returnOutput()
conn.commit()
c.close()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
domain = input[1]
else:
domain = input[0]
# checking database, domain table
c.execute("SELECT * FROM domains where domain=?", ((domain),))
found = c.fetchone()
if found is not None:
sid = found[0]
# checking database, whois
c.execute("SELECT * FROM whois where sid=? and source='domains'", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity registrant
if registrant != '':
entity = MaltegoEntity()
entity.setType("ran2.registrant")
entity.setValue(registrant)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
entity.addAdditionalFields('notes#', '', True, tel)
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
# checking database, passive_domain table
c.execute("SELECT * FROM passive_domains where domain=?", ((domain),))
found = c.fetchone()
if found is not None:
sid = found[0]
# checking database, passive_whois
c.execute("SELECT * FROM passive_whois where sid=? and source='passive_domains'", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity registrant
if registrant != '':
entity = MaltegoEntity()
entity.setType("ran2.registrant")
entity.setValue(registrant)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x0000FF')
entity.addAdditionalFields('notes#', '', True, tel)
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x0000FF')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x0000FF')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
dns = input[1]
else:
dns = input[0]
# checking database, passive_dns table
c.execute("SELECT * FROM passive_dns where dns=?", ((dns),))
found = c.fetchone()
if found is not None:
# adding entity ip ...
id = found[0]
sid = found[1]
source = found[2]
resolve_date = found[4]
# checking database, ip
if source == 'c2':
c.execute("SELECT * FROM c2 where id=?", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][2]
ip_addr = found1[i][4]
# adding entity ip (resolve_date)
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, resolve_date)
me.addEntityToMessage(entity)
# checking database, c2 table
c.execute("SELECT * FROM c2 where dns=?", ((dns),))
found = c.fetchone()
if found is not None:
# adding entity ip ...
id = found[0]
sid = found[1]
scan_date = found[2]
ip_addr = found[4]
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
me.returnOutput()
conn.commit()
c.close()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
dns = input[1]
else:
dns = input[0]
# checking database, passive_dns table
c.execute("SELECT * FROM passive_dns where dns=?", ((dns), ))
found = c.fetchone()
if found is not None:
# adding entity ip ...
id = found[0]
sid = found[1]
source = found[2]
resolve_date = found[4]
# checking database, ip
if source == 'c2':
c.execute("SELECT * FROM c2 where id=?", ((sid), ))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][2]
ip_addr = found1[i][4]
# adding entity ip (resolve_date)
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '',
True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808080')
entity.addAdditionalFields('notes#', '', True,
resolve_date)
me.addEntityToMessage(entity)
# checking database, c2 table
c.execute("SELECT * FROM c2 where dns=?", ((dns), ))
found = c.fetchone()
if found is not None:
# adding entity ip ...
id = found[0]
sid = found[1]
scan_date = found[2]
ip_addr = found[4]
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0xFF0000')
me.addEntityToMessage(entity)
me.returnOutput()
conn.commit()
c.close()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
# checking database, ip table
c.execute("SELECT * FROM ip where ip_addr=?", ((ip_addr),))
found = c.fetchone()
if found is not None:
# adding entity domains...
sid = found[0]
# checking database, domains
c.execute("SELECT * FROM domains where sid=? and source='ip'", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][3]
domain = found1[i][4]
Cname = found1[i][5]
# adding entity domain (Cname)
entity = MaltegoEntity()
entity.setType("ran2.c2Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
entity.addAdditionalFields('notes#', '', True, Cname)
me.addEntityToMessage(entity)
# adding entity passive domains...
c.execute("SELECT * FROM passive_domains where sid=? and source='ip'", ((sid),))
found2 = c.fetchall()
#print "records =" + str(len(found2))
if found2 is not None:
for j in range(0, len(found2)):
scan_date = found2[j][3]
domain = found2[j][4]
Cname = found2[j][5]
# adding entity domain (Cname)
entity = MaltegoEntity()
entity.setType("maltego.Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', False, Cname)
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()