def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) workspace = mt.getValue() workspaceid = mt.getVar("workspaceid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for host in mpost.getAllHosts(workspaceid): hostentity = mt.addEntity("maltego.IPv4Address", host.get("address")) hostentity.setValue(host.get("address")) for k, v in host.items(): if isinstance(v, datetime): hostentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) hostentity.addAdditionalFields("user", "User", False, user) hostentity.addAdditionalFields("password", "Password", False, password) hostentity.addAdditionalFields("db", "db", False, db) hostentity.addAdditionalFields("workspace", "Workspace Name", False, workspace) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) workspace = mt.getValue() workspaceid = mt.getVar("workspaceid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for session in mpost.getSessions(workspaceid): sessionentity = mt.addEntity( "msploitego.MeterpreterSession", "{}:{}".format(session.get("ip"), str(session.get("sessionid")))) sessionentity.setValue("{}:{}".format(session.get("ip"), str(session.get("sessionid")))) for k, v in session.items(): if isinstance(v, datetime): sessionentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v)) sessionentity.addAdditionalFields("user", "User", False, user) sessionentity.addAdditionalFields("password", "Password", False, password) sessionentity.addAdditionalFields("db", "db", False, db) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") body = mt.getVar("body") url = mt.getValue() details = None if body: details = body else: bashlog = bashrunner("wget -qO- {}".format(url)) if bashlog: details = "".join(bashlog) if details: webfile = mt.addEntity("msploitego.WebFile", url) webfile.setValue(url) webfile.addAdditionalFields("details", "Details", False, details) webfile.addAdditionalFields("url", "Site URL", False, url) webfile.addAdditionalFields("ip", "IP Address", False, ip) webfile.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) creds = mpost.getCredentials() for cred in mpost.getCredentials(): if cred.get("type") == "Metasploit::Credential::Password": entityname = "msploitego.Password" data = cred.get("data").split(":")[0] elif cred.get("type") == "Metasploit::Credential::NTLMHash": entityname = "msploitego.EncryptedPassword" data = cred.get("data") else: entityname = "msploitego.Credentials" data = cred.get("data") hostentity = mt.addEntity(entityname, data) hostentity.setValue(data) for k, v in cred.items(): if isinstance(v, datetime): hostentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getforHost(ip, "vulns"): vulnentity = mt.addEntity("maltego.Vulnerability", vuln.get("name")) vulnentity.setValue(vuln.get("name")) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) for k, v in vuln.items(): if isinstance(v, datetime): vulnentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() db = mt.getVar("db") user = mt.getVar("user") hostid = mt.getVar("id") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) # for loot in mpost.getLootforHost(ip): for loot in mpost.getLootforHost(hostid): if loot.get("name"): lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("name"),hostid)) lootentity.setValue("{}:{}".format(loot.get("name"),hostid)) else: lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("ltype"),hostid)) lootentity.setValue("{}:{}".format(loot.get("ltype"),hostid)) for k,v in loot.items(): if isinstance(v,datetime): lootentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): lootentity.addAdditionalFields(k, k.capitalize(), False, str(v)) if loot.get("path"): filecontents = getFileContents(loot.get("path")) if filecontents: lootentity.addAdditionalFields("details", "Details", False, "".join(filecontents)) lootentity.addAdditionalFields("user", "User", False, user) lootentity.addAdditionalFields("password", "Password", False, password) lootentity.addAdditionalFields("db", "db", False, db) lootentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) creds = mpost.getCredentials() for cred in mpost.getCredentials(): if cred.get("type") == "Metasploit::Credential::Password": entityname = "msploitego.Password" data = cred.get("data").split(":")[0] elif cred.get("type") == "Metasploit::Credential::NTLMHash": entityname = "msploitego.EncryptedPassword" data = cred.get("data") else: entityname = "msploitego.Credentials" data = cred.get("data") hostentity = mt.addEntity(entityname, data) hostentity.setValue(data) for k,v in cred.items(): if isinstance(v,datetime): hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") body = mt.getVar("body") url = mt.getValue() details = None if body: details = body else: bashlog = bashrunner("wget -qO- {}".format(url)) if bashlog: details = "".join(bashlog) if details: webfile = mt.addEntity("msploitego.WebFile", url) webfile.setValue(url) f = tempfile.NamedTemporaryFile(delete=False) f.file.write(details) f.file.close() webfile.addAdditionalFields("localfile","Local File",False, f.name) webfile.addAdditionalFields("url", "Site URL", False, url) webfile.addAdditionalFields("ip", "IP Address", False, ip) webfile.addAdditionalFields("port", "Port", False, port) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") vuln = mt.getValue() path = mt.getVar("path") msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) rankreg = re.compile("normal|manual|great|average|excellent|good|low") for ms in msreg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) for line in bashlog: if msreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) msfentity.addAdditionalFields("ip", "IP Address", False, ip) # bashlog = bashrunner("searchsploit -www {}".format(ms)) # for line in bashlog: # if re.search("http",line): # desc,link = line.split("|") # exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip()) # exploitentity.setValue(link.strip()) # exploitentity.addAdditionalFields("details", "Details", False, desc) # exploitentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") workspace = mt.getVar("workspace") password = mt.getVar("password").replace("\\", "") arch = mt.getVar("arch") osfamily = mt.getVar("os_family") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getVulnsForHost(hostid): vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("vulnname"), hostid)) vulnentity.setValue("{}:{}".format(vuln.get("vulnname"), hostid)) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("password", "Password", False, password) vulnentity.addAdditionalFields("db", "db", False, db) if arch: vulnentity.addAdditionalFields("arch", "Arch", False, arch) vulnentity.addAdditionalFields("workspace", "Workspace", False, workspace) vulnentity.addAdditionalFields("osfamily", "OS", False, osfamily) for k, v in vuln.items(): if isinstance(v, datetime): vulnentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) noteon = mt.getValue() noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon)) noteent.setValue("Note:{}".format(noteon)) noteent.addAdditionalFields("note", "Note", False, "") noteent.addAdditionalFields("link", "Link", False, "") inheritvalues(noteent, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") module = mt.getValue() falsepos = mt.addEntity("msploitego.FalsePositive", "{}:{}".format(module,ip,port)) falsepos.setValue("{}:{}".format(module,ip,port)) falsepos.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) filenmame = mt.getVar("localfile") if filenmame: if os.path.exists(filenmame): webbrowser.open("file://{}".format(filenmame)) else: url = mt.getValue() if validators.url(url): webbrowser.open(url) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") module = mt.getValue() falsepos = mt.addEntity("msploitego.Checked", "{}:{}".format(module,ip,port)) falsepos.setValue("{}:{}".format(module,ip,port)) falsepos.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) for workspace in mpost.getWorkspaces(): wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name")) wsentity.setValue(workspace.get("name")) wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id"))) wsentity.addAdditionalFields("db", "Database", False, db) inheritvalues(wsentity, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") proto = mt.getVar("proto") service = mt.getValue() rep = scriptrunner( port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip) if rep.hosts[0].status == "up": d = {} for res in rep.hosts[0].scripts_results: elems = res.get("elements") for k, v in elems.items(): if v and v.strip(): d.update({k: v}) server = d.get("server").split("\\")[0] workgroup = d.get("workgroup").split("\\")[0] sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server, workgroup)) sambaentity.setValue("{}:{}".format(server, workgroup)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("info", "Info", False, d.get("os")) sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn")) sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os")) sambaentity.addAdditionalFields("service.name", "Description", False, service) sambaentity.addAdditionalFields("properties.service", "Service", False, service) sambaentity.addAdditionalFields("proto", "Protocol", False, proto) for k, v in d.items(): if any(x in k for x in ["server", "workgroup"]): continue sambaentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") diry = mt.getValue() # website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry)) # website.setValue("http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("dir", "Directory", False, diry) # website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("ip", "IP Address", False, ip) # website.addAdditionalFields("port", "Port", False, port) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() db = mt.getVar("db") hostid = mt.getVar("id") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for page in mpost.getwebpagesforhost(hostid): urlstring = "http" if "ssl" in page.get("protoname"): urlstring += "s" urlstring += "://{}:{}{}".format(ip, page.get("port"), page.get("path")) pageent = mt.addEntity("msploitego.SiteURL", urlstring) pageent.setValue(urlstring) pageent.addAdditionalFields("ip", "IP Address", False, ip) pageent.addAdditionalFields("hostid", "Host Id", False, hostid) for k, v in page.items(): if isinstance(v, datetime): pageent.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): pageent.addAdditionalFields(k, k.capitalize(), False, str(v)) for form in mpost.getwebformsforhost(hostid): urlstring = "http" if "ssl" in form.get("protoname"): urlstring += "s" urlstring += "://{}:{}{}".format(ip, form.get("port"), form.get("path")) forment = mt.addEntity("msploitego.WebForm", urlstring) forment.setValue(urlstring) for k, v in form.items(): if isinstance(v, datetime): forment.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): forment.addAdditionalFields(k, k.capitalize(), False, str(v)) forment.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") diry = mt.getValue() # website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry)) # website.setValue("http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("dir", "Directory", False, diry) # website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("ip", "IP Address", False, ip) # website.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") fn = mt.getValue() path = mt.getVar("path") bashlog = bashrunner("cat {}".format(path)) details = "".join(bashlog) if details: fileent = mt.addEntity("msploitego.LootFile", fn) fileent.setValue(fn) fileent.addAdditionalFields("details", "Details", False, details) fileent.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") vuln = mt.getValue() path = mt.getVar("path") msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I) rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b") for ms in msreg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) msfentity.addAdditionalFields("ip", "IP Address", False, ip) for cve in cvereg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) # msfentity.addAdditionalFields("ip", "IP Address", False, ip) # bashlog = bashrunner("searchsploit -www {}".format(ms)) # for line in bashlog: # if re.search("http",line): # desc,link = line.split("|") # exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip()) # exploitentity.setValue(link.strip()) # exploitentity.addAdditionalFields("details", "Details", False, desc) # exploitentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) url = mt.getValue() ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") # gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/ bashlog = bashrunner("gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}".format(url)) for line in bashlog: webdir = mt.addEntity("maltego.WebDir", line.split()[0]) webdir.setValue(line.split()[0]) webdir.addAdditionalFields("ip", "IP Address", False, ip) webdir.addAdditionalFields("port", "Port", False, port) webdir.addAdditionalFields("url", "URL", False, url) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") fn = mt.getValue() path = mt.getVar("path") bashlog = bashrunner("cat {}".format(path)) details = "".join(bashlog) if details: fileent = mt.addEntity("msploitego.LootFile", fn) fileent.setValue(fn) fileent.addAdditionalFields("details", "Details", False, details) fileent.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") vuln = mt.getValue() db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}", re.I) rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b") mpost = MsploitPostgres(user, password, db) for ms in msreg.findall(vuln): # bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) ms = ms.replace("-", "_").lower() mods = mpost.queryModules() # for line in bashlog: # if rankreg.search(line): # rank = rankreg.search(line).group(0) # msfmod = re.split(" {2,}", line.lstrip()) # msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) # msfentity.setValue(msfmod[0]) # msfentity.addAdditionalFields("rank", "Rank", False, rank) # msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) # msfentity.addAdditionalFields("ip", "IP Address", False, ip) for cve in cvereg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) url = mt.getValue() ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") # gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/ bashlog = bashrunner( "gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}" .format(url)) for line in bashlog: webdir = mt.addEntity("maltego.WebDir", line.split()[0]) webdir.setValue(line.split()[0]) webdir.addAdditionalFields("ip", "IP Address", False, ip) webdir.addAdditionalFields("port", "Port", False, port) webdir.addAdditionalFields("url", "URL", False, url) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for session in mpost.getForAllHosts("sessions"): sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id"))) sessionentity.setValue(str(session.get("id"))) for k,v in session.items(): if isinstance(v,datetime): sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v)) sessionentity.addAdditionalFields("user", "User", False, user) sessionentity.addAdditionalFields("password", "Password", False, password) sessionentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") proto = mt.getVar("proto") service = mt.getValue() rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip) if rep.hosts[0].status == "up": d = {} for res in rep.hosts[0].scripts_results: elems = res.get("elements") for k,v in elems.items(): if v and v.strip(): d.update({k:v}) server = d.get("server").split("\\")[0] workgroup = d.get("workgroup").split("\\")[0] sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup)) sambaentity.setValue("{}:{}".format(server,workgroup)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("info", "Info", False, d.get("os")) sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn")) sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os")) sambaentity.addAdditionalFields("service.name", "Description", False, service) sambaentity.addAdditionalFields("properties.service", "Service", False, service) sambaentity.addAdditionalFields("proto", "Protocol", False, proto) for k,v in d.items(): if any(x in k for x in ["server","workgroup"]): continue sambaentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) sessionid = mt.getValue() db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for detail in mpost.getSessionDetails(sessionid): detailent = mt.addEntity("msploitego.SessionDetail", str(detail.get("id"))) detailent.setValue(str(detail.get("id"))) for k,v in detail.items(): if isinstance(v,datetime): detailent.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): detailent.addAdditionalFields(k, k.capitalize(), False, str(v)) detailent.addAdditionalFields("user", "User", False, user) detailent.addAdditionalFields("password", "Password", False, password) detailent.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getforHost(ip, "vulns"): vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("name"),hostid)) vulnentity.setValue("{}:{}".format(vuln.get("name"),hostid)) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) for k,v in vuln.items(): if isinstance(v,datetime): vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() mac = mt.getVar("mac") machinename = mt.getVar("name") os_family = mt.getVar("os_family") os_name = mt.getVar("os_name") os_sp = mt.getVar("os_sp") hostid = mt.getVar("id") if not hostid: hostid = mt.getVar("hostid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") # workspace = mt.getVar("workspace") mpost = MsploitPostgres(user, password, db) for service in mpost.getServices(hostid): entityname = getserviceentity(service) servicename = service.get("servicename") if not servicename: servicename = "unknown" hostservice = mt.addEntity( entityname, "{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.setValue("{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.addAdditionalFields("ip", "IP Address", True, ip) hostservice.addAdditionalFields( "service.name", "Description", True, "{}/{}:{}".format(servicename, service.get("port"), hostid)) if machinename: hostservice.addAdditionalFields("machinename", "Machine Name", True, machinename) if service.get("info"): hostservice.addAdditionalFields("banner.text", "Service Banner", True, service.get("info")) else: hostservice.addAdditionalFields("banner.text", "Service Banner", True, "") if servicename in [ "http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http", "http-proxy" ]: hostservice.addAdditionalFields("niktofile", "Nikto File", True, '') elif any(x in servicename for x in [ "samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns", "netbios-dgm" ]): hostservice.addAdditionalFields("enum4linux", "enum4linux File", True, '') for k, v in service.items(): if isinstance(v, datetime): hostservice.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostservice.addAdditionalFields(k, k.capitalize(), False, str(v)) hostservice.addAdditionalFields("user", "User", False, user) hostservice.addAdditionalFields("password", "Password", False, password) hostservice.addAdditionalFields("db", "db", False, db) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) # if machinename and re.match("^[a-zA-z]+", machinename): if machinename: hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) osentityname, osdescription = getosentity(os_family, os_name) if os_sp: osdescription += " {}".format(os_sp) osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() mac = mt.getVar("mac") machinename = mt.getVar("name") os_family = mt.getVar("os_family") os_name = mt.getVar("os_name") os_sp = mt.getVar("os_sp") hostid = mt.getVar("id") if not hostid: hostid = mt.getVar("hostid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for service in mpost.getforHost(ip, "services"): entityname = getserviceentity(service) servicename = service.get("name") if not servicename: servicename = "unknown" hostservice = mt.addEntity( entityname, "{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.setValue("{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.addAdditionalFields("ip", "IP Address", True, ip) if service.get("info"): hostservice.addAdditionalFields("banner.text", "Service Banner", True, service.get("info")) else: hostservice.addAdditionalFields("banner.text", "Service Banner", True, "") hostservice.addAdditionalFields( "service.name", "Description", True, "{}/{}".format(service.get("port"), servicename)) for k, v in service.items(): if isinstance(v, datetime): hostservice.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostservice.addAdditionalFields(k, k.capitalize(), False, str(v)) hostservice.addAdditionalFields("user", "User", False, user) hostservice.addAdditionalFields("password", "Password", False, password) hostservice.addAdditionalFields("db", "db", False, db) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) if machinename and re.match("^[a-zA-z]+", machinename): hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) osentityname, osdescription = getosentity(os_family, os_name) if os_sp: osdescription += " {}".format(os_sp) osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput() mt.addUIMessage("completed!")