def get_host_attribute_trackers(trx, context):
"""Get tracker data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_trackers(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
entity_name = "pt.tracker%s" % item.get('attributeType')
ent = trx.addEntity(entity_name,
safe_symbols(item.get('attributeValue')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_TRACKER_TYPE, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('attributeType')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME, 'loose',
safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_host_attribute_components(trx, context):
"""Get component data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_components(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
entity_value = "%s (%s)" % (item.get('label'), item.get('category'))
ent = trx.addEntity(MALTEGO_PT_COMPONENT, safe_symbols(entity_value))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('category')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME, 'loose',
safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_whois_details(trx, context):
"""Get WHOIS data."""
query_value = context.Value
client = load_client(context)
response = client.get_whois_details(query=query_value, compact_record=True)
if 'error' in response:
return error_response(trx, response)
nameservers = response.get('nameServers', [])
for item in nameservers:
trx.addEntity(MALTEGO_PT_NAMESERVER, safe_symbols(item))
fields = ['registrar', 'registered', 'registryUpdatedAt', 'expiresAt']
for item in fields:
entity_name = "pt.whois%s" % upper_first(item)
trx.addEntity(entity_name, safe_symbols(response.get(item)))
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(response.get('domain', '')))
results = response.get('compact', {})
for entity, value in results.iteritems():
if len(value.get('raw', [])) == 0:
continue
entity_name = "pt.whois%s" % upper_first(entity)
for item in value.get('raw', []):
trx.addEntity(entity_name, safe_symbols(item))
return maltego_response(trx)
def get_host_attribute_trackers(trx, context):
"""Get tracker data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_trackers(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(response)
for item in results:
entity_name = "pt.tracker%s" % item.get('attributeType')
ent = trx.addEntity(entity_name,
safe_symbols(item.get('attributeValue')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_TRACKER_TYPE, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('attributeType')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME,
'loose', safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_host_attribute_components(trx, context):
"""Get component data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_components(query=query_value)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(response)
for item in results:
entity_value = "%s (%s)" % (item.get('label'), item.get('category'))
ent = trx.addEntity(MALTEGO_PT_COMPONENT, safe_symbols(entity_value))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('category')))
ent.addProperty(LABEL_HOSTNAME, LABEL_HOSTNAME,
'loose', safe_symbols(item.get('hostname')))
return maltego_response(trx)
def get_malware(trx, context):
"""Get malware for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_malware(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
trx.addEntity(MALTEGO_PHRASE, safe_symbols(item.get('source')))
trx.addEntity(MALTEGO_URL, safe_symbols(item.get('sourceUrl')))
trx.addEntity(MALFORMITY_HASH, safe_symbols(item.get('sample')))
return maltego_response(trx)
def get_malware(trx, context):
"""Get malware for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_malware(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
trx.addEntity(MALTEGO_PHRASE, safe_symbols(item.get('source')))
trx.addEntity(MALTEGO_URL, safe_symbols(item.get('sourceUrl')))
trx.addEntity(MALTEGO_HASH, safe_symbols(item.get('sample')))
return maltego_response(trx)
def get_osint(trx, context):
"""Get OSINT for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_osint(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
trx.addEntity(MALTEGO_PHRASE, safe_symbols(item.get('source')))
trx.addEntity(MALTEGO_URL, safe_symbols(item.get('sourceUrl')))
for tag in item.get('tags', []):
trx.addEntity(MALTEGO_PT_TAG, safe_symbols(tag))
return maltego_response(trx)
def get_osint(trx, context):
"""Get OSINT for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_osint(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
trx.addEntity(MALTEGO_PHRASE, safe_symbols(item.get('source')))
trx.addEntity(MALTEGO_URL, safe_symbols(item.get('sourceUrl')))
for tag in item.get('tags', []):
trx.addEntity(MALTEGO_PT_TAG, safe_symbols(tag))
return maltego_response(trx)
def get_osint_details(trx, context):
"""Get OSINT for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_osint(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
for value in item.get('inReport', []):
if value_type(value) == 'ip':
trx.addEntity(MALTEGO_IP, safe_symbols(value))
else:
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(value))
return maltego_response(trx)
def get_osint_details(trx, context):
"""Get OSINT for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_osint(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
for value in item.get('inReport', []):
if value_type(value) == 'ip':
trx.addEntity(MALTEGO_IP, safe_symbols(value))
else:
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(value))
return maltego_response(trx)
def get_ssl_certificate_history_by_ip(trx, context):
"""Get unique passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_ssl_certificate_history(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
ent = trx.addEntity(MALTEGO_PT_SSL_CERT,
safe_symbols(item.get('sha1')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
return maltego_response(trx)
def get_ssl_certificate_history_by_ip(trx, context):
"""Get unique passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_ssl_certificate_history(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('results', []):
ent = trx.addEntity(MALTEGO_PT_SSL_CERT,
safe_symbols(item.get('sha1')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
return maltego_response(trx)
def run_tracker_search(trx, context, field):
"""Abstract runner to search tracker data."""
query_value = context.Value
client = load_client(context)
response = client.search_trackers(query=query_value, type=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('hostname')))
ent.addProperty(LABEL_BLACKLISTED, LABEL_BLACKLISTED,
'loose', safe_symbols(item.get('everBlacklisted',)))
return maltego_response(trx)
def get_passive_dns(trx, context):
"""Get passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_passive_dns(query=query_value, timeout=10)
if 'error' in response:
return error_response(trx, response)
query_type = response.get('queryType')
for item in response.get('results', []):
resolution = item.get('resolve', 'N/A')
ent = trx.addEntity(type_map[query_type], safe_symbols(resolution))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_SOURCES, LABEL_SOURCES, 'loose',
safe_symbols(', '.join(item.get('source', []))))
return maltego_response(trx)
def get_passive_dns(trx, context):
"""Get passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_passive_dns(query=query_value, timeout=10)
if 'error' in response:
return error_response(trx, response)
query_type = response.get('queryType')
for item in response.get('results', []):
resolution = item.get('resolve', 'N/A')
ent = trx.addEntity(type_map[query_type], safe_symbols(resolution))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_SOURCES, LABEL_SOURCES, 'loose',
safe_symbols(', '.join(item.get('source', []))))
return maltego_response(trx)
def get_tags(trx, context):
"""Get tags for query value."""
query_value = context.Value
client = load_client(context)
response = client.get_tags(query=query_value)
if 'error' in response:
return error_response(trx, response)
for tag in response.get('tags', []):
trx.addEntity(MALTEGO_PT_TAG, safe_symbols(tag))
return maltego_response(trx)
def get_classification(trx, context):
"""Get classification for query value."""
query_value = context.Value
client = load_client(context)
response = client.get_classification_status(query=query_value)
if 'error' in response:
return error_response(trx, response)
content = response.get('classification', 'N/A')
trx.addEntity(MALTEGO_PHRASE, safe_symbols(content))
return maltego_response(trx)
def run_tracker_search(trx, context, field):
"""Abstract runner to search tracker data."""
query_value = context.Value
client = load_client(context)
response = client.search_trackers(query=query_value, type=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('hostname')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
return maltego_response(trx)
def get_subdomains(trx, context):
"""Get subdomains for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_subdomains(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('subdomains', []):
entity_value = "%s.%s" % (item, query_value)
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(entity_value))
return maltego_response(trx)
def get_unique_passive_dns(trx, context):
"""Get unique passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_unique_resolutions(query=query_value, timeout=10)
if 'error' in response:
return error_response(trx, response)
query_type = response.get('queryType')
for item in response.get('results', []):
trx.addEntity(type_map[query_type], safe_symbols(item))
return maltego_response(trx)
def get_subdomains(trx, context):
"""Get subdomains for a query."""
query_value = context.Value
client = load_client(context)
response = client.get_subdomains(query=query_value)
if 'error' in response:
return error_response(trx, response)
for item in response.get('subdomains', []):
entity_value = "%s.%s" % (item, query_value)
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(entity_value))
return maltego_response(trx)
def get_unique_passive_dns(trx, context):
"""Get unique passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_unique_resolutions(query=query_value, timeout=10)
if 'error' in response:
return error_response(trx, response)
query_type = response.get('queryType')
for item in response.get('results', []):
trx.addEntity(type_map[query_type], safe_symbols(item))
return maltego_response(trx)
def get_ever_compromised(trx, context):
"""Get ever-compromised for query value."""
query_value = context.Value
client = load_client(context)
response = client.get_ever_compromised_status(query=query_value)
if 'error' in response:
return error_response(trx, response)
content = "Unknown"
if response.get('everCompromised', False):
content = "Been Compromised"
trx.addEntity(MALTEGO_PHRASE, safe_symbols(content))
return maltego_response(trx)
def get_dynamic_dns(trx, context):
"""Get dynamic-dns for query value."""
query_value = context.Value
client = load_client(context)
response = client.get_dynamic_dns_status(query=query_value)
if 'error' in response:
return error_response(trx, response)
content = "Unknown"
if response.get('dynamicDns', False):
content = "Dynamic DNS"
trx.addEntity(MALTEGO_PHRASE, safe_symbols(content))
return maltego_response(trx)
def get_monitor(trx, context):
"""Get monitor status for query value."""
query_value = context.Value
client = load_client(context)
response = client.get_monitor_status(query=query_value)
if 'error' in response:
return error_response(trx, response)
content = "Unknown"
if response.get('monitor', False):
content = "Monitoring"
trx.addEntity(MALTEGO_PHRASE, safe_symbols(content))
return maltego_response(trx)
def get_sinkhole(trx, context):
"""Get sinkhole for query value."""
query_value = context.Value
client = load_client(context)
response = client.get_sinkhole_status(query=query_value)
if 'error' in response:
return error_response(trx, response)
content = "Unknown"
if response.get('sinkhole', False):
content = "Sinkholed"
trx.addEntity(MALTEGO_PHRASE, safe_symbols(content))
return maltego_response(trx)
def get_host_attribute_child_pairs(trx, context):
"""Get pair data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_pairs(query=query_value,
direction="children")
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('child')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN, 'loose',
safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN, 'loose',
safe_symbols(item.get('cause')))
ent.setLinkLabel(safe_symbols(item.get('cause')))
return maltego_response(trx)
def get_host_attribute_child_pairs(trx, context):
"""Get pair data."""
query_value = context.Value
client = load_client(context)
response = client.get_host_attribute_pairs(query=query_value,
direction="children")
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
ent = trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('child')))
ent.addProperty(LABEL_FIRST_SEEN, LABEL_FIRST_SEEN,
'loose', safe_symbols(item.get('firstSeen', 'N/A')))
ent.addProperty(LABEL_LAST_SEEN, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('lastSeen', 'N/A')))
ent.addProperty(LABEL_COMPONENT_TYPE, LABEL_LAST_SEEN,
'loose', safe_symbols(item.get('cause')))
ent.setLinkLabel(safe_symbols(item.get('cause')))
return maltego_response(trx)
def run_whois_search(trx, context, field):
"""Abstract runner to search whois data."""
query_value = context.Value
client = load_client(context)
response = client.search_whois_by_field(query=query_value, field=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(item.get('domain')))
return maltego_response(trx)
def get_osint_passive_dns(trx, context):
"""Get OSINT passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_unique_resolutions(query=query_value, timeout=10)
if 'error' in response:
return error_response(trx, response)
eclient = load_enrichment(context)
unique_items = response.get('results', [])
osint = eclient.get_bulk_osint(query=unique_items)
query_type = response.get('queryType')
for key, value in osint.get('results', {}).iteritems():
if value['hasOsint']:
trx.addEntity(type_map[query_type], safe_symbols(key))
return maltego_response(trx)
def get_ssl_certificate_details(trx, context):
"""Get SSL certificate data."""
query_value = context.Value
client = load_client(context)
response = client.get_ssl_certificate_details(query=query_value)
if 'error' in response:
return error_response(trx, response)
for entity, value in response.iteritems():
if value == '' or not value:
continue
entity_name = "pt.ssl%s" % upper_first(entity)
ent = trx.addEntity(entity_name, safe_symbols(value))
ent.addProperty(LABEL_PROPERTY, LABEL_PROPERTY,
'loose', upper_first(entity))
return maltego_response(trx)
def run_ssl_certificate_search(trx, context, field):
"""Abstract runner to search certificate data."""
query_value = context.Value
client = load_client(context)
response = client.search_ssl_certificate_by_field(query=query_value,
field=field)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
trx.addEntity(MALTEGO_PT_SSL_CERT, safe_symbols(item.get('sha1')))
return maltego_response(trx)
def get_ssl_certificate_details(trx, context):
"""Get SSL certificate data."""
query_value = context.Value
client = load_client(context)
response = client.get_ssl_certificate_details(query=query_value)
if 'error' in response:
return error_response(trx, response)
for entity, value in response.iteritems():
if value == '' or not value:
continue
entity_name = "pt.ssl%s" % upper_first(entity)
ent = trx.addEntity(entity_name, safe_symbols(value))
ent.addProperty(LABEL_PROPERTY, LABEL_PROPERTY, 'loose',
upper_first(entity))
return maltego_response(trx)
def get_osint_passive_dns(trx, context):
"""Get OSINT passive DNS data."""
query_value = context.Value
client = load_client(context)
response = client.get_unique_resolutions(query=query_value, timeout=10)
if 'error' in response:
return error_response(trx, response)
eclient = load_enrichment(context)
unique_items = response.get('results', [])
osint = eclient.get_bulk_osint(query=unique_items)
query_type = response.get('queryType')
for key, value in osint.get('results', {}).iteritems():
if value['hasOsint']:
trx.addEntity(type_map[query_type], safe_symbols(key))
return maltego_response(trx)
def run_ssl_certificate_search(trx, context, field):
"""Abstract runner to search certificate data."""
query_value = context.Value
client = load_client(context)
response = client.search_ssl_certificate_by_field(
query=query_value,
field=field
)
if 'error' in response:
return error_response(trx, response)
results = response.get('results', [])
if len(results) == 0:
return blank_response(trx, response)
for item in results:
trx.addEntity(MALTEGO_PT_SSL_CERT, safe_symbols(item.get('sha1')))
return maltego_response(trx)
def get_enrichment(trx, context):
"""Get tracker data."""
query_value = context.Value
client = load_client(context)
response = client.get_enrichment(query=query_value)
if 'error' in response:
return error_response(trx, response)
query_type = response.get('queryType')
if query_type == 'ip':
as_number = response.get('autonomousSystemNumber')
ent = trx.addEntity(MALTEGO_AS_NUMBER, safe_symbols(as_number))
ent = trx.addEntity(MALTEGO_NETBLOCK,
safe_symbols(response.get('network')))
as_name = response.get('autonomousSystemName')
ent = trx.addEntity(MALTEGO_PHRASE, safe_symbols(as_name))
ent = trx.addEntity(MALTEGO_LOCATION,
safe_symbols(response.get('country')))
ent.addProperty(LABEL_LATITUDE, LABEL_LATITUDE, 'loose',
safe_symbols(response.get('latitude')))
ent.addProperty(LABEL_LONGITUDE, LABEL_LONGITUDE, 'loose',
safe_symbols(response.get('longitude')))
if response.get('sinkhole', False):
trx.addEntity(MALTEGO_PHRASE, safe_symbols('Sinkholed'))
else:
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(response.get('tld')))
if response.get('dynamicDns', False):
trx.addEntity(MALTEGO_PHRASE, safe_symbols('Dynamic DNS'))
if response.get('primaryDomain', '') != query_type:
trx.addEntity(MALTEGO_DOMAIN,
safe_symbols(response.get('primaryDomain')))
if response.get('everCompromised', False):
ent = trx.addEntity(MALTEGO_PHRASE, safe_symbols('Been compromised'))
for tag in response.get('tags', []):
ent = trx.addEntity(MALTEGO_PT_TAG, safe_symbols(tag))
return maltego_response(trx)
def get_enrichment(trx, context):
"""Get tracker data."""
query_value = context.Value
client = load_client(context)
response = client.get_enrichment(query=query_value)
if 'error' in response:
return error_response(trx, response)
query_type = response.get('queryType')
if query_type == 'ip':
as_number = response.get('autonomousSystemNumber')
ent = trx.addEntity(MALTEGO_AS_NUMBER, safe_symbols(as_number))
ent = trx.addEntity(MALTEGO_NETBLOCK,
safe_symbols(response.get('network')))
as_name = response.get('autonomousSystemName')
ent = trx.addEntity(MALTEGO_PHRASE, safe_symbols(as_name))
ent = trx.addEntity(MALTEGO_LOCATION,
safe_symbols(response.get('country')))
ent.addProperty(LABEL_LATITUDE, LABEL_LATITUDE, 'loose',
safe_symbols(response.get('latitude')))
ent.addProperty(LABEL_LONGITUDE, LABEL_LONGITUDE, 'loose',
safe_symbols(response.get('longitude')))
if response.get('sinkhole', False):
trx.addEntity(MALTEGO_PHRASE, safe_symbols('Sinkholed'))
else:
trx.addEntity(MALTEGO_DOMAIN, safe_symbols(response.get('tld')))
if response.get('dynamicDns', False):
trx.addEntity(MALTEGO_PHRASE, safe_symbols('Dynamic DNS'))
if response.get('primaryDomain', '') != query_type:
trx.addEntity(MALTEGO_DOMAIN,
safe_symbols(response.get('primaryDomain')))
if response.get('everCompromised', False):
ent = trx.addEntity(MALTEGO_PHRASE, safe_symbols('Been compromised'))
for tag in response.get('tags', []):
ent = trx.addEntity(MALTEGO_PT_TAG, safe_symbols(tag))
return maltego_response(trx)
