Пример #1
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")
    body = mt.getVar("body")
    url = mt.getValue()
    details = None
    if body:
        details = body
    else:
        bashlog = bashrunner("wget -qO-  {}".format(url))
        if bashlog:
            details = "".join(bashlog)
    if details:
        webfile = mt.addEntity("msploitego.WebFile", url)
        webfile.setValue(url)
        f = tempfile.NamedTemporaryFile(delete=False)
        f.file.write(details)
        f.file.close()
        webfile.addAdditionalFields("localfile","Local File",False, f.name)
        webfile.addAdditionalFields("url", "Site URL", False, url)
        webfile.addAdditionalFields("ip", "IP Address", False, ip)
        webfile.addAdditionalFields("port", "Port", False, port)
    mt.returnOutput()
Пример #2
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")

    bashlog = bashrunner(
        "wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format(
            ip, port))
    # regp = re.compile("^\[i]\s", re.I)
    results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog)

    for res in results:
        if res.get("Header"):
            header = sanitizefield(res.get("Header"))
            wpent = mt.addEntity("msploitego.WordpressInfo", header)
            wpent.setValue(header)
            for k, v in res.items():
                if not k or not k.strip() or k == "Header":
                    continue
                k = sanitizefield(k)
                v = sanitizefield(v)
                if v and v.strip() and k and k.strip():
                    wpent.addAdditionalFields(k, k.capitalize(), False, v)
    mt.returnOutput()
Пример #3
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")
    body = mt.getVar("body")
    url = mt.getValue()
    details = None
    if body:
        details = body
    else:
        bashlog = bashrunner("wget -qO-  {}".format(url))
        if bashlog:
            details = "".join(bashlog)
    if details:
        webfile = mt.addEntity("msploitego.WebFile", url)
        webfile.setValue(url)
        webfile.addAdditionalFields("details", "Details", False, details)
        webfile.addAdditionalFields("url", "Site URL", False, url)
        webfile.addAdditionalFields("ip", "IP Address", False, ip)
        webfile.addAdditionalFields("port", "Port", False, port)
    mt.returnOutput()
    mt.addUIMessage("completed!")
Пример #4
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("address")
    hostid = mt.getVar("hostid")
    vuln = mt.getValue()
    path = mt.getVar("path")
    msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
    rankreg = re.compile("normal|manual|great|average|excellent|good|low")
    for ms in msreg.findall(vuln):
        bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
        for line in bashlog:
            if msreg.search(line):
                rank = rankreg.search(line).group(0)
                msfmod = re.split(" {2,}", line.lstrip())
                msfentity = mt.addEntity("msploitego.MetasploitModule",
                                         msfmod[0])
                msfentity.setValue(msfmod[0])
                msfentity.addAdditionalFields("rank", "Rank", False, rank)
                msfentity.addAdditionalFields("details", "Details", False,
                                              msfmod[-1])
                msfentity.addAdditionalFields("ip", "IP Address", False, ip)
        # bashlog = bashrunner("searchsploit -www {}".format(ms))
        # for line in bashlog:
        #     if re.search("http",line):
        #         desc,link = line.split("|")
        #         exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
        #         exploitentity.setValue(link.strip())
        #         exploitentity.addAdditionalFields("details", "Details", False, desc)
        #         exploitentity.addAdditionalFields("ip", "IP Address", False, ip)

    mt.returnOutput()
    mt.addUIMessage("completed!")
Пример #5
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("address")
    hostid = mt.getVar("hostid")
    vuln = mt.getValue()
    path = mt.getVar("path")
    msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
    cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I)
    rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
    for ms in msreg.findall(vuln):
        bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
        for line in bashlog:
            if rankreg.search(line):
                rank = rankreg.search(line).group(0)
                msfmod = re.split(" {2,}", line.lstrip())
                msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
                msfentity.setValue(msfmod[0])
                msfentity.addAdditionalFields("rank", "Rank", False, rank)
                msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
                msfentity.addAdditionalFields("ip", "IP Address", False, ip)
    for cve in cvereg.findall(vuln):
        bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
        for line in bashlog:
            if rankreg.search(line):
                rank = rankreg.search(line).group(0)
                msfmod = re.split(" {2,}", line.lstrip())
                msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
                msfentity.setValue(msfmod[0])
                msfentity.addAdditionalFields("rank", "Rank", False, rank)
                msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
                # msfentity.addAdditionalFields("ip", "IP Address", False, ip)
        # bashlog = bashrunner("searchsploit -www {}".format(ms))
        # for line in bashlog:
        #     if re.search("http",line):
        #         desc,link = line.split("|")
        #         exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
        #         exploitentity.setValue(link.strip())
        #         exploitentity.addAdditionalFields("details", "Details", False, desc)
        #         exploitentity.addAdditionalFields("ip", "IP Address", False, ip)

    mt.returnOutput()
    mt.addUIMessage("completed!")
Пример #6
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("address")
    hostid = mt.getVar("hostid")
    fn = mt.getValue()
    path = mt.getVar("path")

    bashlog = bashrunner("cat {}".format(path))
    details = "".join(bashlog)
    if details:
        fileent = mt.addEntity("msploitego.LootFile", fn)
        fileent.setValue(fn)
        fileent.addAdditionalFields("details", "Details", False, details)
        fileent.addAdditionalFields("ip", "IP Address", False, ip)

    mt.returnOutput()
Пример #7
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("address")
    hostid = mt.getVar("hostid")
    fn = mt.getValue()
    path = mt.getVar("path")

    bashlog = bashrunner("cat {}".format(path))
    details = "".join(bashlog)
    if details:
        fileent = mt.addEntity("msploitego.LootFile", fn)
        fileent.setValue(fn)
        fileent.addAdditionalFields("details", "Details", False, details)
        fileent.addAdditionalFields("ip", "IP Address", False, ip)

    mt.returnOutput()
    mt.addUIMessage("completed!")
Пример #8
0
def dotransform(args):
    mt = MaltegoTransform()
    mt.debug(pprint(args))
    mt.parseArguments(args)
    url = mt.getValue()
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")
    # gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
    bashlog = bashrunner("gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}".format(url))
    for line in bashlog:
        webdir = mt.addEntity("maltego.WebDir", line.split()[0])
        webdir.setValue(line.split()[0])
        webdir.addAdditionalFields("ip", "IP Address", False, ip)
        webdir.addAdditionalFields("port", "Port", False, port)
        webdir.addAdditionalFields("url", "URL", False, url)

    mt.returnOutput()
    mt.addUIMessage("completed!")
Пример #9
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("address")
    hostid = mt.getVar("hostid")
    vuln = mt.getValue()
    db = mt.getVar("db")
    user = mt.getVar("user")
    password = mt.getVar("password").replace("\\", "")
    msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
    cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}", re.I)
    rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
    mpost = MsploitPostgres(user, password, db)
    for ms in msreg.findall(vuln):
        # bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
        ms = ms.replace("-", "_").lower()
        mods = mpost.queryModules()

        # for line in bashlog:
        #     if rankreg.search(line):
        #         rank = rankreg.search(line).group(0)
        #         msfmod = re.split(" {2,}", line.lstrip())
        #         msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
        #         msfentity.setValue(msfmod[0])
        #         msfentity.addAdditionalFields("rank", "Rank", False, rank)
        #         msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
        #         msfentity.addAdditionalFields("ip", "IP Address", False, ip)
    for cve in cvereg.findall(vuln):
        bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
        for line in bashlog:
            if rankreg.search(line):
                rank = rankreg.search(line).group(0)
                msfmod = re.split(" {2,}", line.lstrip())
                msfentity = mt.addEntity("msploitego.MetasploitModule",
                                         msfmod[0])
                msfentity.setValue(msfmod[0])
                msfentity.addAdditionalFields("rank", "Rank", False, rank)
                msfentity.addAdditionalFields("details", "Details", False,
                                              msfmod[-1])

    mt.returnOutput()
Пример #10
0
def dotransform(args):
    mt = MaltegoTransform()
    mt.debug(pprint(args))
    mt.parseArguments(args)
    url = mt.getValue()
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")
    # gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/
    bashlog = bashrunner(
        "gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}"
        .format(url))
    for line in bashlog:
        webdir = mt.addEntity("maltego.WebDir", line.split()[0])
        webdir.setValue(line.split()[0])
        webdir.addAdditionalFields("ip", "IP Address", False, ip)
        webdir.addAdditionalFields("port", "Port", False, port)
        webdir.addAdditionalFields("url", "URL", False, url)

    mt.returnOutput()
Пример #11
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")

    bashlog = bashrunner("snmp-check -w {}".format(ip))
    regex = re.compile("^\[\*\]")
    results = bucketparser(regex, bashlog, sep=" ")

    for res in results:
        origheader = res.get("Header")
        header = res.get("Header").lower()
        if "write access permitted" in header:
            phrase = mt.addEntity("msploitego.RelevantInformation",
                                  "{}:{}".format(origheader, hostid))
            phrase.setValue("{}:{}".format(origheader, hostid))
        elif "system information" in header:
            if res.get("Domain"):
                dname = res.get("Domain").lstrip(":")
                domain = mt.addEntity("maltego.Domain", dname)
                domain.setValue(dname)
                domain.addAdditionalFields("ip", "IP Address", True, ip)
                domain.addAdditionalFields("port", "Port", True, port)
            if res.get("Hostname"):
                hname = res.get("Hostname").lstrip(":")
                hostname = mt.addEntity("msploitego.Hostname", hname)
                hostname.setValue(hname)
                hostname.addAdditionalFields("ip", "IP Address", True, ip)
                hostname.addAdditionalFields("port", "Port", True, port)
        elif "user accounts" in header:
            for user in res.keys():
                if any(x in user for x in ["Details", "Header"]):
                    continue
                alias = mt.addEntity("maltego.Alias", user)
                alias.setValue(user)
                alias.addAdditionalFields("ip", "IP Address", True, ip)
        elif "routing information" in header:
            ipprefix = ".".join(ip.split(".")[0:2])
            for k, v in res.items():
                if any(x in k for x in ["Details", "Header", "Destination"]):
                    continue
                for ipr in v.split():
                    if re.search(ipprefix, ipr) and ipr != ip:
                        iprout = mt.addEntity("msploitego.RoutingIP", ipr)
                        iprout.setValue(ipr)
                        iprout.addAdditionalFields("ip", "IP Address", True,
                                                   ip)
        elif "network services" in header:
            for k, v in res.items():
                if any(x in k for x in ["Details", "Header", "Index"]):
                    continue
                nservice = mt.addEntity("msploitego.NetworkService",
                                        "{}:{}".format(v, hostid))
                nservice.setValue("{}:{}".format(v, hostid))
                nservice.addAdditionalFields("ip", "IP Address", True, ip)
        elif "processes" in header:
            for k, v in res.items():
                if any(x in k for x in ["Details", "Header"]):
                    continue
                if "running" in v.lower():
                    process = mt.addEntity(
                        "msploitego.Process",
                        "{}:{}".format(v.split()[-1], hostid))
                    process.setValue("{}:{}".format(v.split()[-1], hostid))
                    process.addAdditionalFields("ip", "IP Address", True, ip)
                    process.addAdditionalFields("pid", "Process ID", True, k)
        elif "device information" in header:
            for k, v in res.items():
                if any(x in k for x in ["Details", "Header", "Id"]):
                    continue
                if any(x in v for x in ["unknown", "running"]):
                    device = mt.addEntity(
                        "maltego.Device",
                        "{}:{}".format(" ".join(v.split()[2::]), hostid))
                    device.setValue("{}:{}".format(" ".join(v.split()[2::]),
                                                   hostid))
                    device.addAdditionalFields("ip", "IP Address", True, ip)
        elif "software components" in header:
            for k, v in res.items():
                if any(x in k for x in ["Details", "Index", "Header"]):
                    continue
                iprout = mt.addEntity("msploitego.SotwareComponents",
                                      "{}:{}".format(v, hostid))
                iprout.setValue("{}:{}".format(v, hostid))
                iprout.addAdditionalFields("ip", "IP Address", True, ip)
        elif "share" in header:
            path = res.get("Path").lstrip(":")
            name = res.get("Name").lstrip(":")
            networkshare = mt.addEntity("msploitego.NetworkShare", path)
            networkshare.setValue(path)
            networkshare.addAdditionalFields("ip", "IP Address", True, ip)
            networkshare.addAdditionalFields("name", "Share Name", True, name)

    mt.returnOutput()
Пример #12
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(sys.argv))
    mt.parseArguments(args)
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    servicename = mt.getVar("servicename")
    serviceid = mt.getVar("serviceid")
    hostid = mt.getVar("hostid")
    workspace = mt.getVar("workspace")

    contents = bashrunner("")
    regex = re.compile("^\|\s+")
    ignore = re.compile(
        "={3,}|Looking\s|padding\d|unknown_\d|logon_hrs|\[V\]\sAttempting\sto\sget|\*unknown\*|\[V\]\sassuming\sthat\suser|\[V\]\sprocessing\ssid\s|\[E\]",
        re.I)
    headsignore = re.compile("target\sinformation|getting\sprinter", re.I)
    results = bucketparser(regex, contents, ignoreg=ignore)
    for res in results:
        header = res.get("Header")
        if headsignore.search(header):
            continue
        if re.search("enumerating\sworkgroup", header, re.I):
            for k, v in res.items():
                if re.search("got\sdomain", k, re.I):
                    doment = mt.addEntity("maltego.Domain", v)
                    doment.setValue(v)
                    doment.addAdditionalFields("ip", "IP Address", True, ip)
                    doment.addAdditionalFields("hostid", "Host Id", True,
                                               hostid)
        elif re.search("nbtstat\sinformation", header, re.I):
            h = header.replace("|", "").lstrip().rstrip()
            nbstat = mt.addEntity("msploitego.nbstatinformation", h)
            nbstat.setValue(h)
            nbstat.addAdditionalFields("data", "Data", False,
                                       "\n".join(res.get("Details")))
            nbstat.addAdditionalFields("ip", "IP Address", True, ip)
            nbstat.addAdditionalFields("hostid", "Host Id", True, hostid)
        elif re.search("session\scheck\son", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                sessioncheck = mt.addEntity("msploitego.nbstatinformation", h)
                sessioncheck.setValue(h)
                sessioncheck.addAdditionalFields("data", "Data", False,
                                                 "\n".join(data))
                sessioncheck.addAdditionalFields("ip", "IP Address", True, ip)
                sessioncheck.addAdditionalFields("hostid", "Host Id", True,
                                                 hostid)
        elif re.search("getting\sdomain\ssid", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                domainsid = mt.addEntity("msploitego.RelevantInformation", h)
                domainsid.setValue(h)
                domainsid.addAdditionalFields("data", "Data", False,
                                              "\n".join(data))
                domainsid.addAdditionalFields("ip", "IP Address", True, ip)
                domainsid.addAdditionalFields("hostid", "Host Id", True,
                                              hostid)
        elif re.search("os\sinformation\son", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                osinfo = mt.addEntity("msploitego.SambaOSInformation", h)
                osinfo.setValue(h)
                osinfo.addAdditionalFields("data", "Data", False,
                                           "\n".join(data))
                osinfo.addAdditionalFields("ip", "IP Address", True, ip)
                osinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
        elif re.search("\svia\srid\scyling", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                ridinfo = mt.addEntity("msploitego.SambaAccountInformation", h)
                ridinfo.setValue(h)
                ridinfo.addAdditionalFields("data", "Data", False,
                                            "\n".join(data))
                ridinfo.addAdditionalFields("ip", "IP Address", True, ip)
                ridinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
        elif re.search("\susers\son\s", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                userinfo = mt.addEntity("msploitego.SambaAccountInformation",
                                        h)
                userinfo.setValue(h)
                userinfo.addAdditionalFields("data", "Data", False,
                                             "\n".join(data))
                userinfo.addAdditionalFields("ip", "IP Address", True, ip)
                userinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
        elif re.search("\smacine\senumeration\s", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                machineinfo = mt.addEntity(
                    "msploitego.SambaMachineEnumeration", h)
                machineinfo.setValue(h)
                machineinfo.addAdditionalFields("data", "Data", False,
                                                "\n".join(data))
                machineinfo.addAdditionalFields("ip", "IP Address", True, ip)
                machineinfo.addAdditionalFields("hostid", "Host Id", True,
                                                hostid)
        elif re.search("\sshare\senumeration\son\s", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                shareinfo = mt.addEntity("msploitego.SambaShareInformation", h)
                shareinfo.setValue(h)
                shareinfo.addAdditionalFields("data", "Data", False,
                                              "\n".join(data))
                shareinfo.addAdditionalFields("ip", "IP Address", True, ip)
                shareinfo.addAdditionalFields("hostid", "Host Id", True,
                                              hostid)
        elif re.search("\spassword\spolicy\sinformation\s", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                passinfo = mt.addEntity("msploitego.SambaPasswordPolicyInfo",
                                        h)
                passinfo.setValue(h)
                passinfo.addAdditionalFields("data", "Data", False,
                                             "\n".join(data))
                passinfo.addAdditionalFields("ip", "IP Address", True, ip)
                passinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
        elif re.search("\sgroups\son\s", header, re.I):
            data = packandroll(res)
            if data:
                h = header.replace("|", "").lstrip().rstrip()
                passinfo = mt.addEntity("msploitego.SambaGroupInformation", h)
                passinfo.setValue(h)
                passinfo.addAdditionalFields("data", "Data", False,
                                             "\n".join(data))
                passinfo.addAdditionalFields("ip", "IP Address", True, ip)
                passinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
    mt.returnOutput()
Пример #13
0
def dotransform(args):
    mt = MaltegoTransform()
    # mt.debug(pprint(args))
    mt.parseArguments(args)
    ip = mt.getVar("ip")
    port = mt.getVar("port")
    hostid = mt.getVar("hostid")

    bashlog = bashrunner("snmp-check -w {}".format(ip))
    regex = re.compile("^\[\*\]")
    results = bucketparser(regex, bashlog, sep=" ")

    for res in results:
        origheader = res.get("Header")
        header = res.get("Header").lower()
        if "write access permitted" in header:
            phrase = mt.addEntity("maltego.Pharse", origheader)
            phrase.setValue(origheader)
        elif "system information" in header:
            if res.get("Domain"):
                dname = res.get("Domain").lstrip(":")
                domain = mt.addEntity("maltego.Domain", dname)
                domain.setValue(dname)
                domain.addAdditionalFields("ip", "IP Address", True, ip)
                domain.addAdditionalFields("port", "Port", True, port)
            if res.get("Hostname"):
                hname = res.get("Hostname").lstrip(":")
                hostname = mt.addEntity("msploitego.Hostname", hname)
                hostname.setValue(hname)
                hostname.addAdditionalFields("ip", "IP Address", True, ip)
                hostname.addAdditionalFields("port", "Port", True, port)
        elif "user accounts" in header:
            for user in res.keys():
                if any(x in user for x in ["Details", "Header"]):
                    continue
                alias = mt.addEntity("maltego.Alias", user)
                alias.setValue(user)
                alias.addAdditionalFields("ip", "IP Address", True, ip)
        elif "routing information" in header:
            ipprefix = ".".join(ip.split(".")[0:2])
            for k,v in res.items():
                if any(x in k for x in ["Details", "Header","Destination"]):
                    continue
                for ipr in v.split():
                    if re.search(ipprefix,ipr) and ipr != ip:
                        iprout = mt.addEntity("msploitego.RoutingIP", ipr)
                        iprout.setValue(ipr)
                        iprout.addAdditionalFields("ip", "IP Address", True, ip)
        elif "network services" in header:
            for k,v in res.items():
                if any(x in k for x in ["Details", "Header","Index"]):
                    continue
                nservice = mt.addEntity("msploitego.NetworkService", v)
                nservice.setValue(v)
                nservice.addAdditionalFields("ip", "IP Address", True, ip)
        elif "processes" in header:
            for k,v in res.items():
                if any(x in k for x in ["Details", "Header"]):
                    continue
                if "running" in v.lower():
                    process = mt.addEntity("msploitego.Process", v.split()[-1])
                    process.setValue(v.split()[-1])
                    process.addAdditionalFields("ip", "IP Address", True, ip)
                    process.addAdditionalFields("pid","Process ID", True, k)
        elif "device information" in header:
            for k,v in res.items():
                if any(x in k for x in ["Details", "Header", "Id"]):
                    continue
                if any(x in v for x in ["unknown","running"]):
                    device = mt.addEntity("maltego.Device", " ".join(v.split()[2::]))
                    device.setValue(" ".join(v.split()[2::]))
                    device.addAdditionalFields("ip", "IP Address", True, ip)
        elif "software components" in header:
            for k,v in res.items():
                if any(x in k for x in ["Details","Index","Header"]):
                    continue
                iprout = mt.addEntity("msploitego.SotwareComponents", v)
                iprout.setValue(v)
                iprout.addAdditionalFields("ip", "IP Address", True, ip)
        elif "share" in header:
            path = res.get("Path").lstrip(":")
            name = res.get("Name").lstrip(":")
            networkshare = mt.addEntity("msploitego.NetworkShare", path)
            networkshare.setValue(path)
            networkshare.addAdditionalFields("ip", "IP Address", True, ip)
            networkshare.addAdditionalFields("name", "Share Name", True, name)

    mt.returnOutput()
    mt.addUIMessage("completed!")