def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-csrf", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
csrfentity = mt.addEntity(
"msploitego.CSFR", "{}:{}".format(scriptrun.get("id"), hostid))
csrfentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
csrfentity.addAdditionalFields("data", "Data", True, output)
csrfentity.addAdditionalFields("servicename", "Service Name", True,
servicename)
csrfentity.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
csrfentity.addAdditionalFields("hostid", "Host Id", True, hostid)
csrfentity.addAdditionalFields("workspace", "Workspace", True,
workspace)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(
port,
"http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ",
ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability",
"{}:{}".format(res.get("id"), hostid))
apachevuln.setValue("{}:{}".format(res.get("id"), hostid))
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
apachevuln.addAdditionalFields(hostid, "Host Id", False, hostid)
inheritvalues(apachevuln, mt.values)
for k, v in res.get("elements").items():
if isinstance(v, dict):
apachevuln.addAdditionalFields("vuln", "Vuln", False, k)
for key, value in v.items():
if value and value.strip():
apachevuln.addAdditionalFields(
key, key.capitalize(), False, value.strip())
elif v and v.strip():
apachevuln.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-mbenum", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s{2}\w")
bucket = bucketparser(regex,output,sep=" ")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header,hostid))
shareentity.setValue("{}:{}".format(header,hostid))
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k,v in item.items():
if k == "Header" or k == "Details":
continue
shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k,v))
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
cve = res.get("elements").popitem()
if len(cve) > 0:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability", cve[0])
apachevuln.setValue(cve[0])
if isinstance(cve[1],dict):
details = cve[1]
for key,value in details.items():
if value and value.strip():
apachevuln.addAdditionalFields(key, key, False, value.strip())
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex,output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False, "\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex, output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability",
res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k, v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False,
"\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(
k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex, output)
for item in bucket:
serviceent = mt.addEntity(
"maltego.Service", "{}:{}".format(item.get("Header"),
hostid))
serviceent.setValue("{}:{}".format(item.get("Header"), hostid))
serviceent.addAdditionalFields("displayname", "Service Name",
False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-groups", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
for item in output:
d = item.split()
groupentity = mt.addEntity("msploitego.UserGroup", d[0])
groupentity.setValue(d[0])
groupentity.addAdditionalFields("groupname", "Group Name",
False, d[0])
groupentity.addAdditionalFields("details", "Details", False,
" ".join(d[1::]))
groupentity.addAdditionalFields("ip", "IP Address", False, ip)
groupentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner("53,5353", "dns-random-srcport,dns-random-txid,dns-recursion,dns-service-discovery", ip, args="-sU")
if rep:
for service in rep.hosts[0].services:
for res in service.scripts_results:
output = res.get("output")
dnsinfo = mt.addEntity("msploitego.DNSInformation", "{}:{}".format(res.get("id"),hostid))
dnsinfo.setValue("{}:{}".format(res.get("id"),hostid))
dnsinfo.addAdditionalFields("data", "Data", True, output)
dnsinfo.addAdditionalFields("servicename", "Service Name", True, servicename)
dnsinfo.addAdditionalFields("serviceid", "Service Id", True, serviceid)
dnsinfo.addAdditionalFields("hostid", "Host Id", True, hostid)
dnsinfo.addAdditionalFields("workspace", "Workspace", True, workspace)
dnsinfo.addAdditionalFields("ip", "IP Address", False, ip)
dnsinfo.addAdditionalFields("port", "Port", False, str(service.port))
dnsinfo.addAdditionalFields("protocol", "Protocol", False, service.protocol)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-sitemap-generator", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^\s{4}/")
for line in output:
if regex.match(line):
webdir = mt.addEntity(
"maltego.WebDir",
"{}:{}".format(line.strip().lstrip(), hostid))
webdir.setValue("{}:{}".format(line.strip().lstrip(),
hostid))
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-robots.txt", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
for line in output.split("\n"):
if line.lstrip()[0] == "/":
for d in line.lstrip().strip().split():
webdirentity = mt.addEntity(
"maltego.WebDir",
"{}:{}:{}".format(d, hostid, port))
webdirentity.setValue("{}:{}:{}".format(
d, hostid, port))
webdirentity.addAdditionalFields(
"ip", "IP Address", False, ip)
webdirentity.addAdditionalFields(
"port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-shares", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex, output, method="search")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.SambaShare", header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name",
False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share",
False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
if res.get("elements"):
for key, elem in res.get("elements").items():
vulnentity = mt.addEntity("msploitego.XSSVulnerability", elem.get("title"))
vulnentity.setValue(res.get("title"))
vulnentity.addAdditionalFields("vulnid", "Vuln ID", False, res.get("id"))
vulnentity.addAdditionalFields("description", "Description", False, res.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in elem.items():
if v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-mbenum", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s{2}\w")
bucket = bucketparser(regex, output, sep=" ")
for item in bucket:
header = item.get("Header")
shareentity = mt.addEntity("msploitego.WindowsMasterBrowser",
"{}:{}".format(header, hostid))
shareentity.setValue("{}:{}".format(header, hostid))
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
if k == "Header" or k == "Details":
continue
shareentity.addAdditionalFields(k.lower(), k, False,
"{}/{}".format(k, v))
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(
port,
"ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor",
ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
scriptid = scriptrun.get("id")
if scriptid.lower() == "ftp-vuln-cve2010-4221":
scriptid = "cve-2010-4221"
vulnentity = mt.addEntity("msploitego.FTPVulnerability",
"{}:{}".format(scriptid, hostid))
vulnentity.setValue("{}:{}".format(scriptid, hostid))
vulnentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding on this port")
mt.returnOutput()
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-security-headers", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").strip()
if output:
secheader = mt.addEntity("msploitego.httpsecureheaders",
"{}:{}".format(res.get("id"), hostid))
secheader.setValue("{}:{}".format(res.get("id"), hostid))
secheader.addAdditionalFields("details", "Details", False,
output)
secheader.addAdditionalFields("servicename", "Service Name",
True, servicename)
secheader.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
secheader.addAdditionalFields("hostid", "Host Id", True,
hostid)
secheader.addAdditionalFields("workspace", "Workspace", True,
workspace)
secheader.addAdditionalFields("ip", "IP Address", False, ip)
secheader.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-comments-displayer", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
regex = re.compile("^\s+Path:")
results = bucketparser(regex, scriptrun.get("output").split("\n"))
for res in results:
k, v = res.get("Header").split(":", 1)
commententity = mt.addEntity("msploitego.SourceCodeComment", v)
commententity.setValue(v)
commententity.addAdditionalFields(
"comment", "Comment", False, "\n".join(res.get("Details")))
commententity.addAdditionalFields("linenumber",
"Line Number", False,
res.get("Line number"))
commententity.addAdditionalFields("path", "Path", False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(
port,
"smtp-commands,smtp-enum-users,smtp-open-relay,smtp-vuln-cve2011-1764",
ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity(
"msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
infoentity.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port,
"ssh-auth-methods,ssh-hostkey",
ip,
scriptargs="ssh_hostkey=all")
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity(
"msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
if res.get("elements"):
for key, elem in res.get("elements").items():
vulnentity = mt.addEntity("msploitego.XSSVulnerability",
elem.get("title"))
vulnentity.setValue(res.get("title"))
vulnentity.addAdditionalFields("vulnid", "Vuln ID", False,
res.get("id"))
vulnentity.addAdditionalFields("description",
"Description", False,
res.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False,
ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k, v in elem.items():
if v.strip():
vulnentity.addAdditionalFields(
k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-sitemap-generator", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
webdir = mt.addEntity(
"msploitego.WebDirectoryInfo",
"{}:{}:{}".format(res.get("id"), hostid, port))
webdir.setValue("{}:{}:{}".format(res.get("id"), hostid, port))
webdir.addAdditionalFields("data", "Data", True, output)
webdir.addAdditionalFields("servicename", "Service Name", True,
servicename)
webdir.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
webdir.addAdditionalFields("hostid", "Host Id", True, hostid)
webdir.addAdditionalFields("workspace", "Workspace", True,
workspace)
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-users", ip)
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\")
bucket = bucketparser(regex, output)
for item in bucket:
userentity = mt.addEntity("msploitego.SambaUser",
item.get("Header"))
userentity.setValue(item.get("Header"))
userentity.addAdditionalFields("ip", "IP Address", False, ip)
userentity.addAdditionalFields("port", "Port", False, port)
for k, v in item.items():
userentity.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-users", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\")
bucket = bucketparser(regex,output)
for item in bucket:
userentity = mt.addEntity("msploitego.SambaUser", item.get("Header"))
userentity.setValue(item.get("Header"))
userentity.addAdditionalFields("ip", "IP Address", False, ip)
userentity.addAdditionalFields("port", "Port", False, port)
for k,v in item.items():
userentity.addAdditionalFields(k, k.capitalize(), False, v.strip())
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-robots.txt", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
for line in output.split("\n"):
if line.lstrip()[0] == "/":
for d in line.lstrip().strip().split():
webdirentity = mt.addEntity("maltego.WebDir", d)
webdirentity.setValue(d)
webdirentity.addAdditionalFields(
"ip", "IP Address", False, ip)
webdirentity.addAdditionalFields(
"port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
name = mt.getVar("name")
rep = scriptrunner(port, "http-csrf", ip)
tags = ["Path", "Form id", "Form action"]
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
csrfentity = None
for line in output.split("\n"):
if any(x in line for x in tags):
sline = line.split(":")
tag = sline[0].lstrip()
data = ":".join(sline[1::])
if tag == "Path":
csrfentity = mt.addEntity("msploitego.CSFR", data)
csrfentity.setValue(data)
elif tag == "Form id":
csrfentity.addAdditionalFields("formid", "Form ID", True, data)
elif tag == "Form action":
csrfentity.addAdditionalFields("formaction", "Form Action", True, data)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(port, "msrpc-enum", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
popent = mt.addEntity("msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
popent.setValue("{}:{}".format(scriptrun.get("id"), hostid))
popent.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
popent.addAdditionalFields("ip", "IP Address", False, ip)
popent.addAdditionalFields("port", "Port", False, port)
popent.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(
port,
"http-adobe-coldfusion-apsa1301,http-aspnet-debug,http-axis2-dir-traversal,http-cookie-flags,http-cross-domain-policy,http-dlink-backdoor,http-dombased-xss,http-fileupload-exploiter,http-frontpage-login,http-git,http-huawei-hg5xx-vuln,http-iis-webdav-vuln,http-internal-ip-disclosure,http-jsonp-detection,http-litespeed-sourcecode-download,http-majordomo2-dir-traversal,http-method-tamper,http-phpmyadmin-dir-traversal,http-shellshock,http-slowloris-check,http-sql-injection,http-tplink-dir-traversal,http-trace,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds",
ip,
args="-n -sS -sV")
if rep:
for res in rep.hosts[0].services[0].scripts_results:
if res.get("id") == "http-server-header":
continue
elements = res.get("elements")
if elements:
for cve, d in elements.items():
vuln = mt.addEntity("maltego.Vulnerability",
"{}:{}".format(cve, hostid))
vuln.setValue("{}:{}".format(cve, hostid))
vuln.addAdditionalFields("details", "Details", False,
res.get("output"))
for k, v in d.items():
if v and v.strip():
vuln.addAdditionalFields(k, k.capitalize(), False,
v)
else:
vid = res.get("id")
vuln = mt.addEntity("maltego.Vulnerability", vid)
vuln.setValue(vid)
vuln.addAdditionalFields("details", "Details", False,
res.get("output"))
vuln.addAdditionalFields("servicename", "Service Name", True,
servicename)
vuln.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
vuln.addAdditionalFields("hostid", "Host Id", True, hostid)
vuln.addAdditionalFields("workspace", "Workspace", True, workspace)
vuln.addAdditionalFields("ip", "IP Address", False, ip)
vuln.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
proto = mt.getVar("proto")
service = mt.getValue()
rep = scriptrunner(
port,
"smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info",
ip)
if rep.hosts[0].status == "up":
d = {}
for res in rep.hosts[0].scripts_results:
elems = res.get("elements")
for k, v in elems.items():
if v and v.strip():
d.update({k: v})
server = d.get("server").split("\\")[0]
workgroup = d.get("workgroup").split("\\")[0]
sambaentity = mt.addEntity("msploitego.SambaServer",
"{}:{}".format(server, workgroup))
sambaentity.setValue("{}:{}".format(server, workgroup))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False,
workgroup)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("info", "Info", False, d.get("os"))
sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn"))
sambaentity.addAdditionalFields("banner.text", "Service Banner", False,
d.get("os"))
sambaentity.addAdditionalFields("service.name", "Description", False,
service)
sambaentity.addAdditionalFields("properties.service", "Service", False,
service)
sambaentity.addAdditionalFields("proto", "Protocol", False, proto)
for k, v in d.items():
if any(x in k for x in ["server", "workgroup"]):
continue
sambaentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "dns-nsid", ip, args="-sSU")
for res in rep.hosts[0].services[0].scripts_results:
id = res.get("id")
if id:
dnsnsid = mt.addEntity("msploitego.dnsnsid", "{}:{}".format(id,hostid))
dnsnsid.setValue("{}:{}".format(id,hostid))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "imap-capabilities,imap-ntlm-info", ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"),hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"),hostid))
infoentity.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "dns-nsid", ip, args="-sSU")
for res in rep.hosts[0].services[0].scripts_results:
id = res.get("id")
if id:
dnsnsid = mt.addEntity("msploitego.dnsnsid",
"{}:{}".format(id, hostid))
dnsnsid.setValue("{}:{}".format(id, hostid))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
workspaceid = mt.getVar("workspaceid")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
rep = scriptrunner(
port,
"http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ",
ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
cve = res.get("elements").popitem()
if len(cve) > 0:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability",
"{}:{}".format(cve[0], hostid))
apachevuln.setValue("{}:{}".format(cve[0], hostid))
if isinstance(cve[1], dict):
details = cve[1]
for key, value in details.items():
if value and value.strip():
apachevuln.addAdditionalFields(
key, key, False, value.strip())
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
apachevuln.addAdditionalFields(hostid, "Host Id", False,
hostid)
apachevuln.addAdditionalFields(workspace, "Workspace", False,
workspace)
apachevuln.addAdditionalFields(workspaceid, "Workspace Id",
False, workspaceid)
apachevuln.addAdditionalFields(servicename, "Servicename",
False, servicename)
apachevuln.addAdditionalFields(serviceid, "Service Id", False,
serviceid)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all")
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, scripts, ip, scriptargs="unsafe=1")
for scriptrun in rep.hosts[0].scripts_results:
id = scriptrun.get("id")
if id and "ERROR" not in scriptrun.get("output"):
smbvuln = mt.addEntity("msploitego.SambaVulnerability", "{}:{}".format(id,hostid))
smbvuln.setValue("{}:{}".format(id,hostid))
smbvuln.addAdditionalFields("description", "Description", False, scriptrun.get("output"))
smbvuln.addAdditionalFields("IP", "IP Address", False, ip)
smbvuln.addAdditionalFields("Port", "Port", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smtp-enum-users", ip)
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
for username in output.split(","):
username = username.strip().lstrip()
userentity = mt.addEntity("maltego.Alias", username)
userentity.setValue(username)
userentity.addAdditionalFields("sourceip", "Source IP", False, ip)
userentity.addAdditionalFields("sourceport", "Source Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
machinename = mt.getVar("machinename")
rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS")
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex, output, method="search")
for item in bucket:
warning = item.get("Warning")
if warning and re.search("denied", warning, re.I):
enitiyname = "msploitego.AccessDenied"
else:
enitiyname = "msploitego.SambaShare"
header = item.get("Header")
shareentity = mt.addEntity(enitiyname, header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name",
False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share",
False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
if machinename:
shareentity.addAdditionalFields("machinename",
"Machine Name", False,
machinename)
for k, v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smtp-enum-users", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
for username in output.split(","):
username = username.strip().lstrip()
userentity = mt.addEntity("maltego.Alias", username)
userentity.setValue(username)
userentity.addAdditionalFields("sourceip", "Source IP", False, ip)
userentity.addAdditionalFields("sourceport", "Source Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
scriptid = scriptrun.get("id")
if scriptid.lower() == "ftp-vuln-cve2010-4221":
scriptid = "cve-2010-4221"
vulnentity = mt.addEntity("msploitego.FTPVulnerability", scriptid)
vulnentity.setValue(scriptid)
vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-security-headers", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
lines = output.split("\n")
for line in lines:
if not line.strip():
lines.remove(line)
secheader = mt.addEntity("msploitego.httpsecureheaders", output)
secheader.setValue(output[0:25])
secheader.addAdditionalFields("details", "Details", False, output)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-security-headers", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
lines = output.split("\n")
for line in lines:
if not line.strip():
lines.remove(line)
secheader = mt.addEntity("msploitego.httpsecureheaders", output)
secheader.setValue(output[0:25])
secheader.addAdditionalFields("details", "Details", False, output)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, scripts, ip, scriptargs="unsafe=1")
for scriptrun in rep.hosts[0].scripts_results:
id = scriptrun.get("id")
if id and "ERROR" not in scriptrun.get("output"):
smbvuln = mt.addEntity("msploitego.SambaVulnerability",
"{}:{}".format(id, hostid))
smbvuln.setValue("{}:{}".format(id, hostid))
smbvuln.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
smbvuln.addAdditionalFields("IP", "IP Address", False, ip)
smbvuln.addAdditionalFields("Port", "Port", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
proto = mt.getVar("proto")
service = mt.getValue()
rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip)
if rep.hosts[0].status == "up":
d = {}
for res in rep.hosts[0].scripts_results:
elems = res.get("elements")
for k,v in elems.items():
if v and v.strip():
d.update({k:v})
server = d.get("server").split("\\")[0]
workgroup = d.get("workgroup").split("\\")[0]
sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup))
sambaentity.setValue("{}:{}".format(server,workgroup))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("info", "Info", False, d.get("os"))
sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn"))
sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os"))
sambaentity.addAdditionalFields("service.name", "Description", False, service)
sambaentity.addAdditionalFields("properties.service", "Service", False, service)
sambaentity.addAdditionalFields("proto", "Protocol", False, proto)
for k,v in d.items():
if any(x in k for x in ["server","workgroup"]):
continue
sambaentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
machinename = mt.getVar("machinename")
rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS")
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex,output,method="search")
for item in bucket:
warning = item.get("Warning")
if warning and re.search("denied",warning, re.I):
enitiyname = "msploitego.AccessDenied"
else:
enitiyname = "msploitego.SambaShare"
header = item.get("Header")
shareentity = mt.addEntity(enitiyname, header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name", False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share", False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
if machinename:
shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename)
for k,v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(port, "msrpc-enum", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
popent = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"),hostid))
popent.setValue("{}:{}".format(scriptrun.get("id"),hostid))
popent.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
popent.addAdditionalFields("ip", "IP Address", False, ip)
popent.addAdditionalFields("port", "Port", False, port)
popent.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-robots.txt", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
for line in output.split("\n"):
if line.lstrip()[0] == "/":
for d in line.lstrip().strip().split():
webdirentity = mt.addEntity("maltego.WebDir", d)
webdirentity.setValue(d)
webdirentity.addAdditionalFields("ip", "IP Address", False, ip)
webdirentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex,output)
for item in bucket:
serviceent = mt.addEntity("maltego.Service", "{}:{}".format(item.get("Header"),hostid))
serviceent.setValue("{}:{}".format(item.get("Header"),hostid))
serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-groups", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].scripts_results:
output = res.get("output").strip().split("\n")
for item in output:
d = item.split()
groupentity = mt.addEntity("msploitego.UserGroup", d[0])
groupentity.setValue(d[0])
groupentity.addAdditionalFields("groupname", "Group Name", False, d[0])
groupentity.addAdditionalFields("details", "Details", False, " ".join(d[1::]))
groupentity.addAdditionalFields("ip", "IP Address", False, ip)
groupentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
