def parsereport(page): xform = MaltegoTransform() try: try: single = page.find(text='To mark the presence in the system, the following Mutex object was created:').findNext('ul').li.text except: single = None try: multiple = page.find(text='To mark the presence in the system, the following Mutex objects were created:').findNext('ul') except: multiple = None if single is not None: entity = xform.addEntity("maltego.IPv4Address", single) if multiple is not None: for mutex in multiple.findAll('li'): entity = xform.addEntity("maltego.Phrase", mutex.text) elif multiple is not None: for mutex in multiple.findAll('li'): entity = xform.addEntity("maltego.Phrase", mutex.text) else: sys.exit("No Mutexes Reported") except: sys.exit("Error finding Mutexes.") xform.returnOutput()
def PersonToTelefonoDireccionCorreo_6kcx_kbuk(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6kcx-kbuk", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == nombre): cc = r[i]['doc_identidad'] partido = r[i]['partido_politico'] celular = r[i]['celular'] correo = r[i]['correo_electronico'] break ent = TRX.addEntity('maltego.EmailAddress', correo) ent1 = TRX.addEntity('maltego.PhoneNumber', celular) ent1.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido) ent3 = TRX.addEntity('eci.Cedula', cc) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def EmailToTelefonoDirection_6hgq_bdxw(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #email=sys.argv[1] email = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6hgq-bdxw", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): correos = r[i]['correo_electronico'] correos = correos.split(";") if (email in correos): telefono = r[i]['telefonos'] dir = r[i]['direccion'] break ent = TRX.addEntity('maltego.PhoneNumber', telefono) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('maltego.Location', dir) ent2.addAdditionalFields("country", "Country", True, "Colombia") ent2.addAdditionalFields("streetaddress", "Street Address", True, dir) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(argv): if argv[1] == "caseyso": namesList = ["bobbyo", "jjc", "alf", "courtp"] elif argv[1] == "jjc": namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"] elif argv[1] == "alf": namesList = ["mrclean", "jjc", "alf", "courtp", "joe"] elif argv[1] == "bobbyo": namesList = ["jjc", "caseyso", "brat322"] else: users = twitterSearch.getFollowers(argv[1]) if DEBUG: print users searchString = "" for i in range(len(users["users"])): searchString += str(users["users"][i]["id"]) + "," if DEBUG: print searchString[:-1] names = twitterSearch.idToUsername(searchString[:-1]) namesList = [] for name in names: namesList.append(name["screen_name"]) if DEBUG: print namesList mt = MaltegoTransform() for user_name in namesList: if DEBUG: print user_name mt.addEntity("maltego.Twit", user_name) mt.returnOutput()
def main(argv): if (argv[1] == "caseyso"): namesList = ["bobbyo", "jjc", "alf", "courtp"] elif (argv[1] == "jjc"): namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"] elif (argv[1] == "alf"): namesList = ["mrclean", "jjc", "alf", "courtp", "joe"] elif (argv[1] == "bobbyo"): namesList = ["jjc", "caseyso", "brat322"] else: users = twitterSearch.getFollowers(argv[1]) if (DEBUG): print users searchString = '' for i in range(len(users['users'])): searchString += str(users['users'][i]['id']) + ',' if (DEBUG): print searchString[:-1] names = twitterSearch.idToUsername(searchString[:-1]) namesList = [] for name in names: namesList.append(name['screen_name']) if (DEBUG): print namesList mt = MaltegoTransform() for user_name in namesList: if (DEBUG): print user_name mt.addEntity("maltego.Twit", user_name) mt.returnOutput()
def PersonToTelefonoCorreo_u5cm_hpr6(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #person=sys.argv[1] person = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre'] == person): celular = r[i]['celular'] email = r[i]['correo_electr_nico'] break ent = TRX.addEntity('maltego.PhoneNumber', celular) ent.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent2 = TRX.addEntity('maltego.EmailAddress', email) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(argv): myURLs = LinkedIn(sys.argv[1]) mt = MaltegoTransform(); for urls in myURLs: mt.addEntity("maltego.Alias", urls) mt.returnOutput()
def extractAllEntitiesFromI3visioText(argv): ''' Method that obtains all the entities in a given i3visio.Object that contains an i3visio.text property. :param argv: the serialized entity. :return: Nothing is returned but the code of the entities is created. ''' me = MaltegoTransform() #me.parseArguments(argv); #data = sys.argv[1] # Trying to recover all the possible i3visio entities found_fields = {} #data = me.getVar("i3visio.text") data = sys.argv[1] entities = entify.getEntitiesByRegexp(data=data) # This returns a dictionary like: # {'email': {'reg_exp': ['[a-zA-Z0-9\\.\\-]+@[a-zA-Z0-9\\.\\-]+\\.[a-zA-Z]+'], 'found_exp': ['*****@*****.**', '*****@*****.**']}} #print entities #print json.dumps(entities, indent=2) for type_regexp in entities: for k in type_regexp.keys(): for element in type_regexp[k]['found_exp']: if k == "i3visio.bitcoin.address": bitcoinAddress = str(element) newEnt = me.addEntity(k, str(element)) # Looking for information on Blockchain jsonData = blockchain.getBitcoinAddressDetails( address=bitcoinAddress) # Adding the fields newEnt.setDisplayInformation( json.dumps(jsonData, sort_keys=True, indent=2)) newEnt.addAdditionalFields("Final balance (nanobitcoins)", "Final balance (nanobitcoins)", True, str(jsonData["final_balance"])) newEnt.addAdditionalFields("Total sent (nanobitcoins)", "Total sent (nanobitcoins)", True, str(jsonData["total_sent"])) newEnt.addAdditionalFields( "Total received (nanobitcoins)", "Total received (nanobitcoins)", True, str(jsonData["total_received"])) newEnt.addAdditionalFields("Number of transactions", "Number of transactions", True, str(jsonData["n_tx"])) else: newEnt = me.addEntity(k, str(element)) # Returning the output text... me.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. #db.echo=True #Need to implement outer join at some point: # s=select([cookies.c.client_mac]).outerjoin(vends, cookies.c.client_mac == vends.c.mac) #Outer join sl = select([leases.c.mac, leases.c.hostname]).distinct() lease_list = dict(db.execute(sl).fetchall()) #filters.append(cookies.c.client_mac == vends.c.mac) # Replaced with JOIN j = cookies.outerjoin(vends, cookies.c.client_mac == vends.c.mac) s = select([cookies.c.client_mac, vends.c.vendor, vends.c.vendorLong], and_(*filters)).select_from(j).distinct() logging.debug(s) #s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)) if ssid: nfilters = [] nfilters.append(ssids.c.ssid == ssid) nfilters.append(ssids.c.mac == vends.c.mac) s = select([ssids.c.mac, vends.c.vendor, vends.c.vendorLong], and_(*nfilters)) #logging.debug(s) #s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(cookies.c.client_mac == vends.c.mac, cookies.c.num_probes>1 ) ).distinct() cwdF = [cookies.c.run_id == sess.c.run_id] cw = select([cookies.c.client_mac], and_(*cwdF)) logging.debug(cw) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() for mac, vendor, vendorLong in results: hostname = lease_list.get(mac) if hostname: NewEnt = TRX.addEntity("snoopy.Client", "%s\n(%s)" % (vendor, hostname)) else: NewEnt = TRX.addEntity("snoopy.Client", "%s\n(%s)" % (vendor, mac[6:])) NewEnt.addAdditionalFields("mac", "mac address", "strict", mac) NewEnt.addAdditionalFields("vendor", "vendor", "nostrict", vendor) NewEnt.addAdditionalFields("vendorLong", "vendorLong", "nostrict", vendorLong) TRX.returnOutput()
def CorreoToPersonDireccionTelefono_mk5f_bdwx(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #email=sys.argv[1] email = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("u5mc-hpr6", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['correo_electronico'] == email): celular = r[i]['celular'] direccion = r[i]['direccion'] celular2 = r[i]['telefonos'] barrio = r[i]['municipio'] nombre = r[i]['nombre'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[ 2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent2 = TRX.addEntity('maltego.PhoneNumber', celular) ent2.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent3 = TRX.addEntity('maltego.PhoneNumber', celular2) ent3.addAdditionalFields("phonenumber.countrycode", "Country Code", True, "57") ent4 = TRX.addEntity('maltego.Location', direccion) ent4.addAdditionalFields("country", "Country", True, "Colombia") ent4.addAdditionalFields("location.area", "Area", True, barrio) ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. #db.echo=True #Need to implement outer join at some point: # s=select([cookies.c.client_mac]).outerjoin(vends, cookies.c.client_mac == vends.c.mac) #Outer join sl = select([leases.c.mac, leases.c.hostname]).distinct() lease_list = dict ( db.execute(sl).fetchall() ) #filters.append(cookies.c.client_mac == vends.c.mac) # Replaced with JOIN j = cookies.outerjoin(vends, cookies.c.client_mac == vends.c.mac) s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)).select_from(j).distinct() logging.debug(s) #s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)) if ssid: nfilters=[] nfilters.append(ssids.c.ssid == ssid) nfilters.append(ssids.c.mac == vends.c.mac) s = select([ssids.c.mac,vends.c.vendor, vends.c.vendorLong], and_(*nfilters)) #logging.debug(s) #s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(cookies.c.client_mac == vends.c.mac, cookies.c.num_probes>1 ) ).distinct() cwdF = [cookies.c.run_id == sess.c.run_id] cw = select([cookies.c.client_mac], and_(*cwdF)) logging.debug(cw) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() for mac,vendor,vendorLong in results: hostname = lease_list.get(mac) if hostname: NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,hostname)) else: NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,mac[6:])) NewEnt.addAdditionalFields("mac","mac address", "strict",mac) NewEnt.addAdditionalFields("vendor","vendor", "nostrict", vendor) NewEnt.addAdditionalFields("vendorLong","vendorLong", "nostrict", vendorLong) TRX.returnOutput()
def emailToBreachedAccounts(email=None): ''' Method that checks if the given email is stored in the HIBP website. :param email: email to verify. ''' me = MaltegoTransform() jsonData = HIBP.checkIfHackedInHIBP(email=email) # This returns a dictionary like: # [{"Title":"Adobe","Name":"Adobe","Domain":"adobe.com","BreachDate":"2013-10-4","AddedDate":"2013-12-04T00:12Z","PwnCount":152445165,"Description":"The big one. In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href=\"http://stricture-group.com/files/adobe-top100.txt\" target=\"_blank\">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href=\"http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html\" target=\"_blank\">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.","DataClasses":["Email addresses","Password hints","Passwords","Usernames"]}] #print json.dumps(entities, indent=2) for breach in jsonData: newEnt = me.addEntity("i3visio.breach",breach["Title"]) newEnt.setDisplayInformation("<h3>" + breach["Title"] +"</h3><p>" + json.dumps(breach, sort_keys=True, indent=2) + "!</p>"); for field in breach.keys(): if field != "Title": pass # [TO-DO] Appending all the information from the json: #newEnt.addAdditionalFields(field,field,True,breach[field]) # Returning the output text... me.returnOutput()
def bitcoinAddressToBlockchainDetails(bitcoinAddress=None): ''' Method that checks if the given bitcoinAddress is stored in the HIBP website. :param bitcoinAddress: bitcoinAddress to verify. ''' jsonData = blockchain.getBitcoinAddressDetails(address=bitcoinAddress) me = MaltegoTransform() # Adding the data to the current Bitcoin address newEnt = me.addEntity("i3visio.bitcoin.address", bitcoinAddress) newEnt.setDisplayInformation(json.dumps(jsonData, sort_keys=True, indent=2)) newEnt.addAdditionalFields("Final balance (nanobitcoins)", "Final balance (nanobitcoins)", True, str(jsonData["final_balance"])) newEnt.addAdditionalFields("Total sent (nanobitcoins)", "Total sent (nanobitcoins)", True, str(jsonData["total_sent"])) newEnt.addAdditionalFields("Total received (nanobitcoins)", "Total received (nanobitcoins)", True, str(jsonData["total_received"])) newEnt.addAdditionalFields("Number of transactions", "Number of transactions", True, str(jsonData["n_tx"])) # In this case, no new entity is added... # newEnt = me.addEntity(<name_of_i3visio_entity>,<value_of_the_entity>) # Returning the output text... me.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend( (cookies.c.client_mac == mac, cookies.c.baseDomain == domain)) s = select([cookies.c.name, cookies.c.value], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for cookie in results: logging.debug(cookie) name, value = cookie NewEnt = TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value", "Value", "strict", value) NewEnt.addAdditionalFields("fqdn", "Domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] mac2 = "" for x in xrange(0, 11, 2): mac2 += mac[x] + mac[x + 1] if x < 10: mac2 += ":" filters.append(leases.c.mac == mac2) s = select([leases.c.ip], and_(*filters)) logging.debug(s) logging.debug(mac2) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for ip in results: NewEnt = TRX.addEntity("maltego.IPv4Address", ip) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac) NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip) TRX.returnOutput()
def NombreToCargo(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("2gvv-khi3", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['nombre'] == nombre.upper()) : cargo=r[i]['cargo'] direccion = r[i]['direccion'] email=r[i]['email'] telefono=r[i]['telefono'] break ent=TRX.addEntity('eci.Cargo', cargo) ent.addAdditionalFields("properity.direccion", "Direccion", True, direccion) ent.addAdditionalFields("properity.email", "Email", True, email) ent.addAdditionalFields("properity.telefono", "Telefono", True, telefono) except Exception as e: TRX.addUIMessage("Nombre no encontrado en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip == ip) s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() #logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for res in results: logging.debug(res) url, cookies = res #logging.debug(cookies) NewEnt = TRX.addEntity("maltego.URL", url) NewEnt.addAdditionalFields("url", "URL", "strict", url) TRX.returnOutput()
def CedulaToPuestoDeVotacion(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value #cedula='1026585665' website = 'wsp.registraduria.gov.co/estadodocs/resultadobusqueda.php?cedula=' #port = m.getVar('ports') #port = port.split(',') #ssl = m.getVar('website.ssl-enabled') try: url = 'https://' + website + cedula html = requests.get(url).text soup = BeautifulSoup(html, 'html.parser') #print r.text.encode('utf-8') res = soup.findAll("table", {"class": "tabla_solicitud"}) lista = [] for i in res: lista = i.find_all('b') direccion = str(lista[1]) departamento = str(lista[2]) direccion = direccion.replace("<b>", "").replace("</b>", "") departamento = departamento.replace("<b>", "").replace("</b>", "") ent = TRX.addEntity('eci.LugarExpedicion', direccion) ent.addAdditionalFields("properity.eci.departamento", "Departamento", True, departamento) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def PersonToDireccion(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #nombre=sys.argv[1] nombre = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("3ard-sj8g", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['nombre_prestador'] == nombre): dir = r[i]['nombre_concejal'] barrio = r[i]['barrio'] l = r[i]['localizacion']['coordinates'] break ent = TRX.addEntity('maltego.Location', dir) ent.addAdditionalFields("country", "Country", True, "Colombia") ent.addAdditionalFields("location.area", "Area", True, barrio) ent.addAdditionalFields("streetaddress", "Street Address", True, dir) ent.addAdditionalFields("longitude", "Longitude", True, l[0]) ent.addAdditionalFields("latitude", "Latituded", True, l[1]) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip==ip) s = select([weblogs.c.useragent], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for ua in results: logging.debug(ua) if str(ua).find('None') < 1: NewEnt=TRX.addEntity("snoopy.useragent", str(ua)) NewEnt.addAdditionalFields("ip","Client IP", "strict",ip) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(cookies.c.client_mac==mac) #s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL. s = select([cookies.c.host], and_(*filters)) logging.debug(s) logging.debug(mac) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for domain in results: domain = illegal_xml_re.sub('', domain) NewEnt=TRX.addEntity("maltego.Domain", domain) NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain) NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac) TRX.returnOutput()
def getCompany(me, query=None, trans=None): me = MaltegoTransform() #country = me.getVar("nemi.countrytoo") #print countr countryFrom = trans.loc[(trans.drzavaStranke == country.upper())] if any(countryFrom['drzavaPrejemnika'].str.contains(query.upper())): countryTo = countryFrom.loc[(trans.drzavaPrejemnika == query.upper())] companyPrint = countryTo.prejemnik allSums = getSum(companyPrint, countryTo) for i in companyPrint: sumCountry = countryTo[countryTo['prejemnik'] == i]['znesek'].sum() address = countryFrom[countryTo['prejemnik'] == i]['sedezPrejemnika'] addressPrint = np.unique(address, return_index=False) getReason = countryTo[countryTo['prejemnik'] == i]['namenNakazila'] comma = intWithCommas(sumCountry) test = me.addEntity("Maltego.Phrase", i) #test.addProperty('value','Sum transfer: ','strict', sumCountry) #test.setLinkColor('0xFF0000') test.addAdditionalFields("value", "Sum transfer EUR:", True, str(comma)) for j in addressPrint: test.addAdditionalFields("Address", "Address:", True, j) #test.addAdditionalFields("value", "Reason: ", True, getReason) else: me.addUIMessage("Country not in the list") return me
def hashToMD5crackDotCom(hash=None): ''' Method that checks if the given email is stored in the md5crack.com. :param email: email to verify. ''' me = MaltegoTransform() jsonData = md5crack.checkIfCrackedInMD5crack(hash=hash) # This returns a dictionary like: """ { "phrase": "4d186321c1a7f0f354b297e8914ab240", "code": 6, "parsed": "hola", "response": "The MD5 hash was cracked." }""" #print json.dumps(entities, indent=2) if not jsonData["parsed"] == "": newEnt = me.addEntity("i3visio.text", jsonData["parsed"]) newEnt.setDisplayInformation( "<h3>" + jsonData["parsed"] + "</h3><p>" + json.dumps(jsonData, sort_keys=True, indent=2) + "</p>") for field in jsonData.keys(): if field != "parsed": pass # [TO-DO] Appending all the information from the json: #newEnt.addAdditionalFields(field,field,True,breach[field]) # Returning the output text... me.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. # s = select([proxs.c.drone], and_(*filters)).distinct() s = select([sess.c.drone], and_(*filters)).distinct() logging.debug(filters) logging.debug(s) r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() for drone in results: logging.debug(drone) NewEnt=TRX.addEntity("snoopy.Drone", drone) NewEnt.addAdditionalFields("properties.drone","drone", "strict",drone) NewEnt.addAdditionalFields("start_time", "start_time", "strict", start_time) NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time) #NewEnt.addAdditionalFields("drone", "drone", "strict", drone) #NewEnt.addAdditionalFields("location", "location", "strict", location) TRX.returnOutput()
def CedulaToNombrei88y_d8rr(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #cedula=sys.argv[1] cedula = m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("i88y-d8rr", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cedula'] == cedula): nombres = r[i]['nombre'] apellidos = r[i]['apellidos'] full = nombres + " " + apellidos break ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, nombres) ent.addAdditionalFields("person.lastname", "Surname", True, apellidos) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip==ip) s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() #logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for res in results: logging.debug(res) url, cookies = res #logging.debug(cookies) NewEnt=TRX.addEntity("maltego.URL", url) NewEnt.addAdditionalFields("url","URL", "strict",url) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend((cookies.c.client_mac==mac, cookies.c.baseDomain==domain)) s = select([cookies.c.name, cookies.c.value], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for cookie in results: logging.debug(cookie) name, value = cookie NewEnt=TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value","Value", "strict",value) NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain) NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(cookies.c.client_mac == mac) #s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL. s = select([cookies.c.host], and_(*filters)) logging.debug(s) logging.debug(mac) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for domain in results: domain = illegal_xml_re.sub('', domain) NewEnt = TRX.addEntity("maltego.Domain", domain) NewEnt.addAdditionalFields("fqdn", "Domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", mac) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. # s = select([proxs.c.drone], and_(*filters)).distinct() s = select([sess.c.drone], and_(*filters)).distinct() logging.debug(filters) logging.debug(s) r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() for drone in results: logging.debug(drone) NewEnt = TRX.addEntity("snoopy.Drone", drone) NewEnt.addAdditionalFields("properties.drone", "drone", "strict", drone) NewEnt.addAdditionalFields("start_time", "start_time", "strict", start_time) NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time) #NewEnt.addAdditionalFields("drone", "drone", "strict", drone) #NewEnt.addAdditionalFields("location", "location", "strict", location) TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip == ip) s = select([weblogs.c.useragent], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for ua in results: logging.debug(ua) if str(ua).find('None') < 1: NewEnt = TRX.addEntity("snoopy.useragent", str(ua)) NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip) TRX.returnOutput()
def CedulaToConsejal(m): TRX = MaltegoTransform() #TRX.parseArguments(sys.argv) cedula = m.Value #cedula=sys.argv[1] #cedula = '91457340' try: client = Socrata("www.datos.gov.co", None) r = client.get("gnvi-fbsz", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if (r[i]['cc'] == cedula): genero = r[i]['genero'] partido = r[i]['partido_politico'] municipio = r[i]['municipio'] nombre_concejal = r[i]['nombre_concejal'] break ent = TRX.addEntity('eci.Consejal', nombre_concejal) ent.addAdditionalFields("properity.genero", "Genero", True, genero) ent.addAdditionalFields("properity.partido", "Partido", True, partido) ent.addAdditionalFields("properity.municipio", "Municipio", True, municipio) ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") return TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters.append(ssids.c.mac==mac) s = select([ssids.c.ssid], and_(*filters)) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for ssid in results: #ssid = b64decode(ssid) ssid=escape(ssid) ssid = illegal_xml_re.sub('', ssid) if not ssid.isspace() and ssid: NewEnt=TRX.addEntity("snoopy.SSID", ssid) NewEnt.addAdditionalFields("properties.ssid","ssid", "strict",ssid) TRX.returnOutput()
def main(argv): url = sys.argv[1] html = urllib.urlopen(url).read() emails = collectAllEmail(html) #print emails #myfile = open('emails.csv', 'wb') #wr = csv.writer(myfile, quoting=csv.QUOTE_ALL) #wr.writerow(emails) mt = MaltegoTransform() for email in emails: mt.addEntity("maltego.EmailAddress", email) mt.returnOutput()
def main(argv): url = sys.argv[1]; html = urllib.urlopen(url).read() emails = collectAllEmail(html) #print emails #myfile = open('emails.csv', 'wb') #wr = csv.writer(myfile, quoting=csv.QUOTE_ALL) #wr.writerow(emails) mt = MaltegoTransform(); for email in emails: mt.addEntity("maltego.EmailAddress", email) mt.returnOutput()
def TelefonoToCorreoDireccionPerson_6kcx_kbuk(m): TRX = MaltegoTransform() #m.parseArguments(sys.argv) #telefono=sys.argv[1] telefono=m.Value try: client = Socrata("www.datos.gov.co", None) r = client.get("6kcx-kbuk", limit=2000) #for key, value in data.items(): #print key, value for i in range(len(r)): if ( r[i]['celular'] == telefono) : cc=r[i]['doc_identidad'] nombre=r[i]['nombre_concejal'] partido=r[i]['partido_politico'] correo_electronico= r[i]['correo_electronico'] break nombre = nombre.split(" ") if (len(nombre) == 4): firts = nombre[0] + " " + nombre[1] last = nombre[2] + " " + nombre[3] full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3] else: firts = nombre[0] last = nombre[1] + " " + nombre[2] full = nombre[0] + " " + nombre[1] + " " + nombre[2] ent = TRX.addEntity('maltego.Person', full) ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts) ent.addAdditionalFields("person.lastname", "Surname", True, last) ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico) ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido) ent3 = TRX.addEntity('eci.Cedula', cc) except Exception as e: TRX.addUIMessage("Cedula no encontrada en la base de datos") TRX.returnOutput()
def handleNessusScanEntity(entityValue="", properties=""): global allHosts global pluginIncludeList nessusFiles = [] pluginfilter = "" fileStr = None #parse calling entity properties nessusScanProps = properties.split("#") for prop in nessusScanProps: if NESSUSSCANPATHPROP in prop: nessusScansDirProp = prop.split("=") if len(nessusScansDirProp) > 1: fileStr = sanitize(nessusScansDirProp[1], [("\\\\", "\\")]) if "pluginfilter" in prop: pluginFilterProp = prop.split("=") if len(pluginFilterProp) > 1: pluginfilter = pluginFilterProp[1] #prompt user for nessus files if not already specified fileStr, nessusFiles = getNessusScanFiles(fileStr) #prompt user for user for plugin selections if len(pluginfilter) < 1: parseNessus(nessusFiles, GATHERPLUGINMODE) data = getSelectedPlugins() for plugin in data: pluginIncludeList.append(plugin[0]) else: pluginIncludeList = eval(pluginfilter) #start creation of Maltego message MaltegoMessage = MaltegoTransform() #ensure properties of calling entity updated ent = MaltegoMessage.addEntity("securifera.NessusScan", entityValue) ent.addProperty(NESSUSSCANPATHPROP, NESSUSSCANPATHPROPDIS, value=fileStr) ent.addProperty("pluginfilter", "PluginFilter", value=str(pluginIncludeList)) #parse files for IPv4Address entity creation parseNessus(nessusFiles, IPENTITYMODE) for host in allHosts: host.addCustomProperty( EntityProperty(NESSUSSCANPATHPROP, "NessusPath", fileStr)) host.addCustomProperty( EntityProperty("includelist", "IncludeList", str(pluginIncludeList))) host.addEntity(MaltegoMessage) xmlStr = MaltegoMessage.returnOutput() return xmlStr
def main(): filters.append(wigle.c.ssid == ssid) filters.append(wigle.c.overflow == 0) s = select([wigle], and_(*filters)).distinct().limit(limit) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for address in results: if len(results) > 20: break #ssid = b64decode(ssid) #ssid=escape(ssid) #ssid = illegal_xml_re.sub('', ssid) logging.debug(type(address)) street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address['lat']),str(address['long'])) street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long'])) map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long'])) flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper() #NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8')) NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8')) NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8')) NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8')) NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8')) NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat'])) NewEnt.addAdditionalFields("long","long", "strict", str(address['long'])) NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8')) NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode']) NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8')) NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8')) NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid']) NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8')) NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8')) NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url) NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2) #NewEnt.setIconURL(flag_img) logging.debug(street_view_url1) NewEnt.setIconURL(street_view_url1) NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view") NewEnt.addDisplayInformation("one","two") #try: TRX.returnOutput()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) global TRX ip = TRX.getVar("properties.client_ip") if TRX.getVar("client_ip"): ip = TRX.getVar("client_ip") domain = TRX.getVar("domain") filters = [] if ip: filters.append(sslstrip.c.client == ip) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.key, sslstrip.c.value], and_(*filters)).distinct() results = db.execute(s).fetchall() for res in results: key, value = res NewEnt = TRX.addEntity("snoopy.sslstripResult", key) NewEnt.addAdditionalFields("key", "key", "strict", value) NewEnt.addAdditionalFields("value", "Value", "strict", value) TRX.returnOutput() #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip)) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters)) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() illegal_xml_re = re.compile( u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]' ) for res in results: domain, client_mac, client_ip = res NewEnt = TRX.addEntity("snoopy.Site", domain) NewEnt.addAdditionalFields("domain", "domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac) NewEnt.addAdditionalFields("client_ip", "Client IP", "strict", client_ip) TRX.returnOutput()
def parsereport(page): xform = MaltegoTransform() table = page.find("div", {"id" : "network_hosts"}).findNext('table') elements = table.findAll('td', {"class" : "row"}) for element in elements: text = element.find(text=True) entity = xform.addEntity("maltego.IPv4Address", text) xform.returnOutput()
def parsereport(page): xform = MaltegoTransform() try: for element in page.findAll(text=re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")): entity = xform.addEntity("maltego.IPv4Address", element) except: sys.exit("Report contains no IPs.") xform.returnOutput()
def main(argv): url = sys.argv[1]; html = urllib.urlopen(url).read() emails = collectAllEmail(html) #print emails #myfile = open('emails.csv', 'wb') #wr = csv.writer(myfile, quoting=csv.QUOTE_ALL) #wr.writerow(emails) mt = MaltegoTransform(); for email in emails: index = email.find('@'); alias = email[:index] mt.addEntity("maltego.Alias", alias) mt.returnOutput()
def new_transform(arg): m = MaltegoTransform() url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.IPv4Address', i['ipaddr']) ent.addAdditionalFields('workspace', 'Workspace ID', True, arg) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() # reading samples table ... c.execute("SELECT * FROM samples") found = c.fetchall() if found is not None: for i in range(0, len(found)): # adding Sample entity name = found[i][2] me.addEntity("ran2.Sample", name) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") me.returnOutput() conn.commit() c.close()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) global TRX ip = TRX.getVar("properties.client_ip") if TRX.getVar("client_ip"): ip = TRX.getVar("client_ip") domain = TRX.getVar("domain") filters = [] if ip: filters.append(sslstrip.c.client == ip) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.key, sslstrip.c.value], and_(*filters)).distinct() results = db.execute(s).fetchall() for res in results: key, value = res NewEnt = TRX.addEntity("snoopy.sslstripResult", key) NewEnt.addAdditionalFields("key", "key", "strict", value) NewEnt.addAdditionalFields("value", "Value", "strict", value) TRX.returnOutput() # Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip)) if domain: filters.append(sslstrip.c.domain == domain) s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters)) r = db.execute(s) results = r.fetchall() TRX = MaltegoTransform() illegal_xml_re = re.compile(u"[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]") for res in results: domain, client_mac, client_ip = res NewEnt = TRX.addEntity("snoopy.Site", domain) NewEnt.addAdditionalFields("domain", "domain", "strict", domain) NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac) NewEnt.addAdditionalFields("client_ip", "Client IP", "strict", client_ip) TRX.returnOutput()
def new_transform(arg): m = MaltegoTransform() m.parseArguments(arg) ip = m.getVar('ipv4-address') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: ent = m.addEntity('maltego.AS', i['asn']) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
def main(): # open database and create a cursor object # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): # print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide an ip_addr!") sys.exit() else: input = sys.argv[1].split("=") if len(input) == 2: ip_addr = input[1] else: ip_addr = input[0] if ip_addr != "": ip = ip_addr.split(".") ip_addr = ip[0] + "." + ip[1] + "." + ip[2] input = '"%' + ip_addr + '%"' sql1 = "SELECT * FROM ip where ip_addr like " + input # checking database, ip table c.execute(sql1) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): source = found1[i][2] ip_addr = found1[i][5] # adding entity IP Entity if ip_addr != "" and ip_addr != sys.argv[1]: entity = MaltegoEntity() entity.setType("maltego.IPv4Address") entity.setValue(ip_addr) entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080") me.addEntityToMessage(entity) else: # print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def main(): # print "Content-type: xml\n\n"; # MaltegoXML_in = sys.stdin.read() # logging.debug(MaltegoXML_in) # if MaltegoXML_in <> '': # m = MaltegoMsg(MaltegoXML_in) #Custom query per transform, but apply filter with and_(*filters) from transformCommon. filters = [] filters.append(weblogs.c.client_ip==ip) s = select([weblogs.c.host, weblogs.c.path, weblogs.c.cookies], and_(*filters)) logging.debug(s) #s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct() r = db.execute(s) results = r.fetchall() logging.debug(results) #results = [t[0] for t in results] TRX = MaltegoTransform() illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]') for res in results: #logging.debug(res) host, path, cookies = res logging.debug(host) #logging.debug(path) logging.debug(cookies) if len(cookies) > 2: foo = cookies.split(", ") for cookie in foo: name, value = cookie.split(": ") name = name.split('"')[1] value = value.split('"')[1] logging.debug(name) logging.debug(value) NewEnt=TRX.addEntity("snoopy.Cookie", name) NewEnt.addAdditionalFields("value","Value", "strict",value) NewEnt.addAdditionalFields("fqdn","Domain", "strict",host) #NewEnt.addAdditionalFields("path","Path", "strict",path) NewEnt.addAdditionalFields("ip","Client IP", "strict",ip) TRX.returnOutput()
def new_transform(arg): emails = [] m = MaltegoTransform() m.parseArguments(arg) domain = m.getVar('fqdn') ip = m.getVar('ipaddr') wrkspc = m.getVar('workspace') url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip) try: r = requests.get(url) j = r.json() for i in j['items']: if domain in i['domain']: for x in i['data']['emails']: if x not in emails: emails.append(x) for t in emails: ent = m.addEntity('maltego.EmailAddress', t) ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc) except Exception as e: m.addUIMessage(str(e)) m.returnOutput()
hosts = re.findall(r'.+', output) host = [] for i in hosts: if i[0] == '"': host.append(i[1:-1]) else: host.append(i) # Remove header value host.remove('host') # Adding new Host entities and properties. for a in host: ent = me.addEntity("munk.Host",a) ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A') # If status is set, ping the server and set the bookmark color based on response. if status == "1": try: status = subprocess.check_output('ping -c 1 ' + a, shell=True) if "bytes from" in status: ent.addAdditionalFields('bookmark#','Bookmark','',"1") elif "cannot" in status: ent.addAdditionalFields('bookmark#','Bookmark','',"4") except subprocess.CalledProcessError, e: ent.addAdditionalFields('bookmark#','Bookmark','',"4") else: pass
#!/usr/bin/env python import sys import urllib2 from MaltegoTransform import * mt = MaltegoTransform() mt.parseArguments(sys.argv) SearchString = mt.getValue() mt = MaltegoTransform() url = 'http://api.predator.wtf/resolver/?arguments='+SearchString ipaddress = urllib2.urlopen(url).read() mt.addEntity("maltego.IPv4Address",ipaddress) mt.returnOutput()
website = m.getVar('fqdn') port = m.getVar('ports') port = port.split(',') ssl = m.getVar('website.ssl-enabled') robots = [] try: for c in port: if ssl == 'true': url = 'https://' + website + ':' + str(c) + '/robots.txt' r = requests.get(url) if r.status_code == 200: robots = str(r.text).split('\n') for i in robots: ent = m.addEntity('maltego.Phrase', i) ent.addAdditionalFields("url","Original URL",True,url) else: m.addUIMessage("No Robots.txt found..") else: url = 'http://' + website + ':' + str(c) + '/robots.txt' r = requests.get(url) if r.status_code == 200: robots = str(r.text).split('\n') for i in robots: ent = m.addEntity('maltego.Phrase', i) ent.addAdditionalFields("url","Original URL",True,url) else: m.addUIMessage("No Robots.txt found..") except Exception as e: m.addUIMessage(str(e))
# Determine which REST call to make based on authentication setting. if auth == "1": output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k --data-urlencode search="search index=' + sourcetype + ' earliest=' + timeframe + ' | table sourcetype | dedup sourcetype" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True) else: output = subprocess.check_output('curl -s -k --data-urlencode search="search index=' + sourcetype + ' earliest=' + timeframe + ' | table sourcetype | dedup sourcetype" -d "output_mode=csv" https://' + searchhead + ':' + management + '/servicesNS/admin/search/search/jobs/export', shell=True) # Regex to find Sourcetype sourcetype = re.findall(r'.+', output) sourcetypes = [] for i in sourcetype: if i[0] == '"': sourcetypes.append(i[1:-1]) else: sourcetypes.append(i) # Remove header value sourcetypes.remove('sourcetype') # Adding new Sourcetype entities and properties. for source in sourcetypes: ent = me.addEntity("munk.Sourcetype",source) ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A') # Return Maltego Output me.returnOutput()
else: output = subprocess.check_output('curl -u ' + username + ':' + password + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True) else: if proxy == "1": output = subprocess.check_output('curl --socks5 ' + proxy_ip + ':' + proxy_port + ' -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True) else: output = subprocess.check_output('curl -s -k https://' + ds + ':' + dsport + '/services/deployment/server/clients', shell=True) # XML Parsing with ElementTree root = ET.fromstring(output) entry = root.find('{http://www.w3.org/2005/Atom}entry') content = entry.find('{http://www.w3.org/2005/Atom}content') dic = content.find('{http://dev.splunk.com/ns/rest}dict') app = ".//{http://dev.splunk.com/ns/rest}key[@name='" + application + "']" app2 = content.find(app) app_d = app2[0] sc = app_d.find(".//{http://dev.splunk.com/ns/rest}key[@name='serverclasses']") serverclass = sc[0][0].text # Adding new Server Class entities and properties based on XML results. ent = me.addEntity("munk.ServerClass",serverclass) ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A') ent.addAdditionalFields('ds','DS IP','',ds) ent.addAdditionalFields('dsport', 'DS Port','',dsport) # Return Maltego Output me.returnOutput()
from mcrits_utils import * crits = mcrits() me = MaltegoTransform() me.parseArguments(sys.argv) id_ = me.getVar('id') crits_type = me.getVar('crits_type') for result in crits.get_related(crits_type, id_, 'Actor'): # For each related object, get the details. obj = crits.get_single_obj('Actor', result[1]) # For each identifer, get the name. identifiers = [] for id_dict in obj['identifiers']: id_obj = crits.get_single_obj('ActorIdentifier', id_dict['identifier_id']) identifiers.append(id_obj['name']) ent = me.addEntity(result[0], obj['name']) ent.addAdditionalFields(fieldName='id', displayName='id', value=result[1]) ent.addAdditionalFields(fieldName='aliases', displayName='Aliases', value=obj['aliases']) ent.addAdditionalFields(fieldName='identifiers', displayName='Identifiers', value=identifiers) me.returnOutput()
MT = MaltegoTransform() MT.parseArguments(sys.argv) ######################################### ## lookup fieldname of sending request ## ######################################### field = None filepath = None for x in MT.values: if x == 'properties.fireampbaseentity': continue if x.startswith('properties.'): field = fa.fieldLookup(x) if x.startswith('CSV File'): filepath = MT.values[x].replace("\\\\", "\\") ############################# ## Get the correlated data ## ############################# data = fa.parseCSV(filepath) query = fa.correlate(data, field, value) result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here #################### ## Submit Results ## #################### for entry in result: e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre e.addAdditionalFields("CSV File",filepath,True,filepath) MT.returnOutput()
from init import load_credentials creds = load_credentials() REGION = creds[2] m = MaltegoTransform() # TODO: Is there a better way to do this ? try: conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1]) reservations = conn.get_all_instances() for i in reservations: group_nums = len(i.instances[0].groups) for z in range(group_nums): group_id = i.instances[0].groups[z].id sg_name = conn.get_all_security_groups(group_ids=group_id)[0] sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1]) ent.addAdditionalFields("SecurityGroup", "Group ID", "strict", str(group_id)) rule_nums = len(sec_rules) m.addUIMessage("Completed.") except Exception as e: m.addUIMessage(str(e)) m.returnOutput()