def main(): # open database and create a cursor object # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide an ip_addr!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: ip_addr = input[1] else: ip_addr = input[0] if ip_addr != "": ip = ip_addr.split('.') ip_addr = ip[0] + "." + ip[1] + "." + ip[2] input = '"%' + ip_addr + '%"' sql1 = "SELECT * FROM ip where ip_addr like " + input # checking database, ip table c.execute(sql1) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): source = found1[i][2] ip_addr = found1[i][5] # adding entity IP Entity if ip_addr != '' and ip_addr != sys.argv[1]: entity = MaltegoEntity() entity.setType("maltego.IPv4Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def main(): # open database and create a cursor object # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): # print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide an ip_addr!") sys.exit() else: input = sys.argv[1].split("=") if len(input) == 2: ip_addr = input[1] else: ip_addr = input[0] if ip_addr != "": ip = ip_addr.split(".") ip_addr = ip[0] + "." + ip[1] + "." + ip[2] input = '"%' + ip_addr + '%"' sql1 = "SELECT * FROM ip where ip_addr like " + input # checking database, ip table c.execute(sql1) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): source = found1[i][2] ip_addr = found1[i][5] # adding entity IP Entity if ip_addr != "" and ip_addr != sys.argv[1]: entity = MaltegoEntity() entity.setType("maltego.IPv4Address") entity.setValue(ip_addr) entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080") me.addEntityToMessage(entity) else: # print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def createEvent(eventName): mt = MaltegoTransform() mt.addUIMessage("[Info] Creating event with the name %s" % eventName) event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName,None,MISP_EVENT_PUBLISH) eid = event['Event']['id'] einfo = event['Event']['info'] eorgc = event['Event']['orgc_id'] me = MaltegoEntity('maltego.MISPEvent',eid); me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid ) me.addAdditionalFields('Org', 'Org', False, eorgc) me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo) mt.addEntityToMessage(me); returnSuccess("event", eid, None, mt)
def createEvent(eventName): mt = MaltegoTransform() mt.addUIMessage("[Info] Creating event with the name %s" % eventName) event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName, None, MISP_EVENT_PUBLISH) eid = event['Event']['id'] einfo = event['Event']['info'] eorgc = event['Event']['orgc_id'] me = MaltegoEntity('maltego.MISPEvent', eid) me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid) me.addAdditionalFields('Org', 'Org', False, eorgc) me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo) mt.addEntityToMessage(me) returnSuccess("event", eid, None, mt)
def createEvent(eventName): mt = MaltegoTransform() mt.addUIMessage("[Info] Creating event with the name %s" % eventName) mispevent = MISPEvent() mispevent.analysis = MISP_ANALYSIS mispevent.date = datetime.now() mispevent.distribution = MISP_DISTRIBUTION mispevent.info = eventName mispevent.threat_level_id = MISP_THREAT mispevent.published = MISP_EVENT_PUBLISH event = misp.add_event(mispevent) eid = event['Event']['id'] einfo = event['Event']['info'] eorgc = event['Event']['orgc_id'] me = MaltegoEntity('maltego.MISPEvent', eid) me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid) me.addAdditionalFields('Org', 'Org', False, eorgc) me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo) mt.addEntityToMessage(me) returnSuccess("event", eid, None, mt)
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: registrant = input[1] else: registrant = input[0] # checking database, whois table c.execute("SELECT * FROM whois where registrant=?", ((registrant), )) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): domain = found1[i][3] scan_date = found1[i][4] c_date = found1[i][5] registrar = found1[i][6] nameServer = found1[i][7] email = found1[i][8] tel = found1[i][9] registrant = found1[i][10] # adding entity domain if domain != '': entity = MaltegoEntity() entity.setType("maltego.Domain") entity.setValue(domain) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # adding entity nameServer if nameServer != '': entity = MaltegoEntity() entity.setType("maltego.NSRecord") entity.setValue(nameServer) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # checking database, passive_whois table c.execute("SELECT * FROM passive_whois where registrant=?", ((registrant), )) found2 = c.fetchall() if found2 is not None: for i in range(0, len(found2)): domain = found2[i][3] scan_date = found2[i][4] c_date = found2[i][5] registrar = found2[i][6] nameServer = found2[i][7] email = found2[i][8] tel = found2[i][9] registrant = found2[i][10] # adding entity domain if domain != '': entity = MaltegoEntity() entity.setType("maltego.Domain") entity.setValue(domain) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # adding entity nameServer if nameServer != '': entity = MaltegoEntity() entity.setType("maltego.NSRecord") entity.setValue(nameServer) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def main(): # open database and create a cursor object # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: email = input[1] else: email = input[0] e = email.split('@') input = '"%' + e[1] + '%"' sql1 = "SELECT * FROM whois where email like " + input sql2 = "SELECT * FROM passive_whois where email like " + input # checking database, whois table c.execute(sql1) found1 = c.fetchall() if found1 is not None: for i in range(0, len(found1)): domain = found1[i][3] scan_date = found1[i][4] c_date = found1[i][5] registrar = found1[i][6] nameServer = found1[i][7] email = found1[i][8] tel = found1[i][9] registrant = found1[i][10] # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # checking database, passive_whois table c.execute(sql2) found2 = c.fetchall() if found2 is not None: for i in range(0, len(found2)): domain = found2[i][3] scan_date = found2[i][4] c_date = found2[i][5] registrar = found2[i][6] nameServer = found2[i][7] email = found2[i][8] tel = found2[i][9] registrant = found2[i][10] # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: name = input[1] else: name = input[0] #print "Checking ... " + name c.execute("SELECT * FROM samples where name=?", ((name), )) found = c.fetchone() if found is not None: sid = found[0] md5sum = found[1] # checking database, detects c.execute( "SELECT * FROM detects where sid=? and (vendor='AcAfee' or vendor='Kaspersky' or vendor='F-Secure')", ((sid), )) found1 = c.fetchone() if found1 is not None: result = found1[3] entity = MaltegoEntity() entity.setType("ran2.exploits") entity.setValue(result) entity.addAdditionalFields('notes#', '', True, md5sum) me.addEntityToMessage(entity) # checking database, c2 table c.execute("SELECT * FROM c2 where sid=?", ((sid), )) found2 = c.fetchall() if found2 is not None: for i in range(0, len(found2)): scan_date = found2[i][2] dns = found2[i][3] ip_addr = found2[i][4] # adding entity hostname + ip_addr (scan_date) ... entity = MaltegoEntity() entity.setType("ran2.c2Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) entity = MaltegoEntity() entity.setType("ran2.c2Hostname") entity.setValue(dns) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") me.returnOutput() conn.commit() c.close()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: name = input[1] else: name = input[0] #print "Checking ... " + name c.execute("SELECT * FROM samples where name=?", ((name),)) found = c.fetchone() if found is not None: sid = found[0] md5sum = found[1] # checking database, detects c.execute("SELECT * FROM detects where sid=? and (vendor='AcAfee' or vendor='Kaspersky' or vendor='F-Secure')", ((sid),)) found1 = c.fetchone() if found1 is not None: result = found1[3] entity = MaltegoEntity() entity.setType("ran2.exploits") entity.setValue(result) entity.addAdditionalFields('notes#', '', True, md5sum) me.addEntityToMessage(entity) # checking database, c2 table c.execute("SELECT * FROM c2 where sid=?", ((sid),)) found2 = c.fetchall() if found2 is not None: for i in range(0, len(found2)): scan_date = found2[i][2] dns = found2[i][3] ip_addr = found2[i][4] # adding entity hostname + ip_addr (scan_date) ... entity = MaltegoEntity() entity.setType("ran2.c2Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) entity = MaltegoEntity() entity.setType("ran2.c2Hostname") entity.setValue(dns) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", name + " is not found") me.returnOutput() conn.commit() c.close()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: domain = input[1] else: domain = input[0] # checking database, domain table c.execute("SELECT * FROM domains where domain=?", ((domain),)) found = c.fetchone() if found is not None: sid = found[0] # checking database, whois c.execute("SELECT * FROM whois where sid=? and source='domains'", ((sid),)) found1 = c.fetchall() #print "records =" + str(len(found1)) if found1 is not None: for i in range(0, len(found1)): scan_date = found1[i][4] c_date = found1[i][5] registrar = found1[i][6] nameServer = found1[i][7] email = found1[i][8] tel = found1[i][9] registrant = found1[i][10] # adding entity registrant if registrant != '': entity = MaltegoEntity() entity.setType("ran2.registrant") entity.setValue(registrant) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') entity.addAdditionalFields('notes#', '', True, tel) me.addEntityToMessage(entity) # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # adding entity nameServer if nameServer != '': entity = MaltegoEntity() entity.setType("maltego.NSRecord") entity.setValue(nameServer) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") # checking database, passive_domain table c.execute("SELECT * FROM passive_domains where domain=?", ((domain),)) found = c.fetchone() if found is not None: sid = found[0] # checking database, passive_whois c.execute("SELECT * FROM passive_whois where sid=? and source='passive_domains'", ((sid),)) found1 = c.fetchall() #print "records =" + str(len(found1)) if found1 is not None: for i in range(0, len(found1)): scan_date = found1[i][4] c_date = found1[i][5] registrar = found1[i][6] nameServer = found1[i][7] email = found1[i][8] tel = found1[i][9] registrant = found1[i][10] # adding entity registrant if registrant != '': entity = MaltegoEntity() entity.setType("ran2.registrant") entity.setValue(registrant) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x0000FF') entity.addAdditionalFields('notes#', '', True, tel) me.addEntityToMessage(entity) # adding entity email if email != '': entity = MaltegoEntity() entity.setType("maltego.EmailAddress") entity.setValue(email) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x0000FF') me.addEntityToMessage(entity) # adding entity registrar if registrar != '': entity = MaltegoEntity() entity.setType("ran2.registrar") entity.setValue(registrar) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x0000FF') entity.addAdditionalFields('notes#', '', True, c_date) me.addEntityToMessage(entity) # adding entity nameServer if nameServer != '': entity = MaltegoEntity() entity.setType("maltego.NSRecord") entity.setValue(nameServer) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: dns = input[1] else: dns = input[0] # checking database, passive_dns table c.execute("SELECT * FROM passive_dns where dns=?", ((dns),)) found = c.fetchone() if found is not None: # adding entity ip ... id = found[0] sid = found[1] source = found[2] resolve_date = found[4] # checking database, ip if source == 'c2': c.execute("SELECT * FROM c2 where id=?", ((sid),)) found1 = c.fetchall() #print "records =" + str(len(found1)) if found1 is not None: for i in range(0, len(found1)): scan_date = found1[i][2] ip_addr = found1[i][4] # adding entity ip (resolve_date) entity = MaltegoEntity() entity.setType("ran2.c2Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, resolve_date) me.addEntityToMessage(entity) # checking database, c2 table c.execute("SELECT * FROM c2 where dns=?", ((dns),)) found = c.fetchone() if found is not None: # adding entity ip ... id = found[0] sid = found[1] scan_date = found[2] ip_addr = found[4] entity = MaltegoEntity() entity.setType("ran2.c2Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) me.returnOutput() conn.commit() c.close()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: dns = input[1] else: dns = input[0] # checking database, passive_dns table c.execute("SELECT * FROM passive_dns where dns=?", ((dns), )) found = c.fetchone() if found is not None: # adding entity ip ... id = found[0] sid = found[1] source = found[2] resolve_date = found[4] # checking database, ip if source == 'c2': c.execute("SELECT * FROM c2 where id=?", ((sid), )) found1 = c.fetchall() #print "records =" + str(len(found1)) if found1 is not None: for i in range(0, len(found1)): scan_date = found1[i][2] ip_addr = found1[i][4] # adding entity ip (resolve_date) entity = MaltegoEntity() entity.setType("ran2.c2Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', True, resolve_date) me.addEntityToMessage(entity) # checking database, c2 table c.execute("SELECT * FROM c2 where dns=?", ((dns), )) found = c.fetchone() if found is not None: # adding entity ip ... id = found[0] sid = found[1] scan_date = found[2] ip_addr = found[4] entity = MaltegoEntity() entity.setType("ran2.c2Address") entity.setValue(ip_addr) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') me.addEntityToMessage(entity) me.returnOutput() conn.commit() c.close()
def main(): # init Maltego me = MaltegoTransform() # open database and create a cursor object if not os.path.isfile(DBNAME): #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "Database file not found " + DBNAME) conn = sqlite3.connect(DBNAME) conn.text_factory = str c = conn.cursor() if len(sys.argv) == 1: me.addEntity("maltego.Phrase", "You must provide a Sample name!") sys.exit() else: input = sys.argv[1].split('=') if len(input) == 2: ip_addr = input[1] else: ip_addr = input[0] # checking database, ip table c.execute("SELECT * FROM ip where ip_addr=?", ((ip_addr),)) found = c.fetchone() if found is not None: # adding entity domains... sid = found[0] # checking database, domains c.execute("SELECT * FROM domains where sid=? and source='ip'", ((sid),)) found1 = c.fetchall() #print "records =" + str(len(found1)) if found1 is not None: for i in range(0, len(found1)): scan_date = found1[i][3] domain = found1[i][4] Cname = found1[i][5] # adding entity domain (Cname) entity = MaltegoEntity() entity.setType("ran2.c2Domain") entity.setValue(domain) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000') entity.addAdditionalFields('notes#', '', True, Cname) me.addEntityToMessage(entity) # adding entity passive domains... c.execute("SELECT * FROM passive_domains where sid=? and source='ip'", ((sid),)) found2 = c.fetchall() #print "records =" + str(len(found2)) if found2 is not None: for j in range(0, len(found2)): scan_date = found2[j][3] domain = found2[j][4] Cname = found2[j][5] # adding entity domain (Cname) entity = MaltegoEntity() entity.setType("maltego.Domain") entity.setValue(domain) entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date) entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080') entity.addAdditionalFields('notes#', '', False, Cname) me.addEntityToMessage(entity) else: #print "Collecting intelligence from the Internet ..." me.addEntity("maltego.Phrase", "no sample info found ...") me.returnOutput() conn.commit() c.close()