def PersonToTelefonoCorreo_u5cm_hpr6(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#person=sys.argv[1]
person = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre'] == person):
celular = r[i]['celular']
email = r[i]['correo_electr_nico']
break
ent = TRX.addEntity('maltego.PhoneNumber', celular)
ent.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent2 = TRX.addEntity('maltego.EmailAddress', email)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def getCompany(me, query=None, trans=None):
me = MaltegoTransform()
#country = me.getVar("nemi.countrytoo")
#print countr
countryFrom = trans.loc[(trans.drzavaStranke == country.upper())]
if any(countryFrom['drzavaPrejemnika'].str.contains(query.upper())):
countryTo = countryFrom.loc[(trans.drzavaPrejemnika == query.upper())]
companyPrint = countryTo.prejemnik
allSums = getSum(companyPrint, countryTo)
for i in companyPrint:
sumCountry = countryTo[countryTo['prejemnik'] == i]['znesek'].sum()
address = countryFrom[countryTo['prejemnik'] ==
i]['sedezPrejemnika']
addressPrint = np.unique(address, return_index=False)
getReason = countryTo[countryTo['prejemnik'] == i]['namenNakazila']
comma = intWithCommas(sumCountry)
test = me.addEntity("Maltego.Phrase", i)
#test.addProperty('value','Sum transfer: ','strict', sumCountry)
#test.setLinkColor('0xFF0000')
test.addAdditionalFields("value", "Sum transfer EUR:", True,
str(comma))
for j in addressPrint:
test.addAdditionalFields("Address", "Address:", True, j)
#test.addAdditionalFields("value", "Reason: ", True, getReason)
else:
me.addUIMessage("Country not in the list")
return me
def CedulaToNombrei88y_d8rr(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("i88y-d8rr", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cedula'] == cedula):
nombres = r[i]['nombre']
apellidos = r[i]['apellidos']
full = nombres + " " + apellidos
break
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
nombres)
ent.addAdditionalFields("person.lastname", "Surname", True, apellidos)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CedulaToPuestoDeVotacion(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
#cedula='1026585665'
website = 'wsp.registraduria.gov.co/estadodocs/resultadobusqueda.php?cedula='
#port = m.getVar('ports')
#port = port.split(',')
#ssl = m.getVar('website.ssl-enabled')
try:
url = 'https://' + website + cedula
html = requests.get(url).text
soup = BeautifulSoup(html, 'html.parser')
#print r.text.encode('utf-8')
res = soup.findAll("table", {"class": "tabla_solicitud"})
lista = []
for i in res:
lista = i.find_all('b')
direccion = str(lista[1])
departamento = str(lista[2])
direccion = direccion.replace("<b>", "").replace("</b>", "")
departamento = departamento.replace("<b>", "").replace("</b>", "")
ent = TRX.addEntity('eci.LugarExpedicion', direccion)
ent.addAdditionalFields("properity.eci.departamento", "Departamento",
True, departamento)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def NombreToCargo(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre=m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("2gvv-khi3", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['nombre'] == nombre.upper()) :
cargo=r[i]['cargo']
direccion = r[i]['direccion']
email=r[i]['email']
telefono=r[i]['telefono']
break
ent=TRX.addEntity('eci.Cargo', cargo)
ent.addAdditionalFields("properity.direccion", "Direccion", True, direccion)
ent.addAdditionalFields("properity.email", "Email", True, email)
ent.addAdditionalFields("properity.telefono", "Telefono", True, telefono)
except Exception as e:
TRX.addUIMessage("Nombre no encontrado en la base de datos")
TRX.returnOutput()
def CedulaToConsejal(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
cedula = m.Value
#cedula=sys.argv[1]
#cedula = '91457340'
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cc'] == cedula):
genero = r[i]['genero']
partido = r[i]['partido_politico']
municipio = r[i]['municipio']
nombre_concejal = r[i]['nombre_concejal']
break
ent = TRX.addEntity('eci.Consejal', nombre_concejal)
ent.addAdditionalFields("properity.genero", "Genero", True, genero)
ent.addAdditionalFields("properity.partido", "Partido", True, partido)
ent.addAdditionalFields("properity.municipio", "Municipio", True,
municipio)
ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
return TRX.returnOutput()
def PersonToTelefonoDireccionCorreo_6kcx_kbuk(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6kcx-kbuk", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre'] == nombre):
cc = r[i]['doc_identidad']
partido = r[i]['partido_politico']
celular = r[i]['celular']
correo = r[i]['correo_electronico']
break
ent = TRX.addEntity('maltego.EmailAddress', correo)
ent1 = TRX.addEntity('maltego.PhoneNumber', celular)
ent1.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
ent3 = TRX.addEntity('eci.Cedula', cc)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def PersonToDireccion(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("3ard-sj8g", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre_prestador'] == nombre):
dir = r[i]['nombre_concejal']
barrio = r[i]['barrio']
l = r[i]['localizacion']['coordinates']
break
ent = TRX.addEntity('maltego.Location', dir)
ent.addAdditionalFields("country", "Country", True, "Colombia")
ent.addAdditionalFields("location.area", "Area", True, barrio)
ent.addAdditionalFields("streetaddress", "Street Address", True, dir)
ent.addAdditionalFields("longitude", "Longitude", True, l[0])
ent.addAdditionalFields("latitude", "Latituded", True, l[1])
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def EmailToTelefonoDirection_6hgq_bdxw(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#email=sys.argv[1]
email = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6hgq-bdxw", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
correos = r[i]['correo_electronico']
correos = correos.split(";")
if (email in correos):
telefono = r[i]['telefonos']
dir = r[i]['direccion']
break
ent = TRX.addEntity('maltego.PhoneNumber', telefono)
ent.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent2 = TRX.addEntity('maltego.Location', dir)
ent2.addAdditionalFields("country", "Country", True, "Colombia")
ent2.addAdditionalFields("streetaddress", "Street Address", True, dir)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def returnSuccess(etype,value,event=None, mt=None):
if not mt:
mt = MaltegoTransform()
if event:
mt.addUIMessage("[Info] Successful entry of %s with value %s into event %s" % (etype, value, event))
else:
mt.addUIMessage("[Info] Successful entry of %s with ID %s" % (etype, value))
mt.returnOutput()
def selectEvent(eventID):
s = shelve.open(eventDB)
s['id'] = eventID
s['age'] = datetime.today()
s.close()
mt = MaltegoTransform()
mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID)
mt.returnOutput()
def selectEvent(eventID):
s = shelve.open(eventDB)
s['id'] = eventID
s['age'] = datetime.today()
s.close()
mt = MaltegoTransform()
mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID)
mt.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
url = 'http://10.1.99.250:8125/api/v1.0/%s' % arg
try:
r = requests.get(url)
j = r.json()
print j
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def returnSuccess(etype, value, event=None, mt=None):
if not mt:
mt = MaltegoTransform()
if event:
mt.addUIMessage(
"[Info] Successful entry of %s with value %s into event %s" %
(etype, value, event))
else:
mt.addUIMessage("[Info] Successful entry of %s with ID %s" %
(etype, value))
mt.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.IPv4Address', i['ipaddr'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, arg)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.IPv4Address', i['ipaddr'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, arg)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName,None,MISP_EVENT_PUBLISH)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent',eid);
me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid )
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me);
returnSuccess("event", eid, None, mt)
def CorreoToPersonDireccionTelefono_mk5f_bdwx(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#email=sys.argv[1]
email = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['correo_electronico'] == email):
celular = r[i]['celular']
direccion = r[i]['direccion']
celular2 = r[i]['telefonos']
barrio = r[i]['municipio']
nombre = r[i]['nombre']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[
2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent2 = TRX.addEntity('maltego.PhoneNumber', celular)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent3 = TRX.addEntity('maltego.PhoneNumber', celular2)
ent3.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
m.parseArguments(arg)
ip = m.getVar('ipv4-address')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.AS', i['asn'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS,
eventName, None, MISP_EVENT_PUBLISH)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent', eid)
me.addAdditionalFields('EventLink', 'EventLink', False,
BASE_URL + '/events/view/' + eid)
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me)
returnSuccess("event", eid, None, mt)
def TelefonoToCorreoDireccionPerson_6kcx_kbuk(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#telefono=sys.argv[1]
telefono=m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6kcx-kbuk", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['celular'] == telefono) :
cc=r[i]['doc_identidad']
nombre=r[i]['nombre_concejal']
partido=r[i]['partido_politico']
correo_electronico= r[i]['correo_electronico']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico)
ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
ent3 = TRX.addEntity('eci.Cedula', cc)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CedulaToPartidoPolitico(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula=m.Value
partido=""
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['cc'] == cedula) :
partido = r[i]['partido_politico']
break
ent=TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CorreoToTelefonoPerson_u5mc_hpr6(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#correo=sys.argv[1]
correo = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['correo_electr_nico'] == correo):
nombre = r[i]['nombre']
telefono = r[i]['celular']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[
2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent2 = TRX.addEntity('maltego.PhoneNumber', telefono)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CedulaToDiscapacidadh2wr_su56(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("h2wr-su56", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
tempid = r[i]['identificacion'].replace(",", "")
tempid = tempid.replace(".", "")
tempid = tempid.replace("T.I.", "")
tempid = tempid.replace("NUIP ", "")
if (tempid == cedula):
direccion = r[i]['direccion']
discapacidad = r[i]['discapacidad']
fecha = r[i]['fecha_de_nacimiento']
nombres = r[i]['nombres_y_apellidos']
break
ent = TRX.addEntity('maltego.Person', nombres)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
nombres)
ent.addAdditionalFields("person.lastname", "Surname", True, "")
ent2 = TRX.addEntity('eci.Discapacidad', discapacidad)
ent2.addAdditionalFields("fechaNacimiento", "Born Date", True, fecha)
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, "")
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Nombre no encontrado en la base de datos")
TRX.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def CedulaToNombreDireccionTelefonoxbrx_42kw(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("xbrx-42kw", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['documento_de_identidad'] == cedula):
barrio = r[i]['barrio']
direccion = r[i]['direcci_n']
nombre = r[i]['nombres']
telefono = r[i]['tel_fono']
break
ent = TRX.addEntity('maltego.Person', nombre)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
nombre)
ent.addAdditionalFields("person.lastname", "Surname", True, "")
ent2 = TRX.addEntity('maltego.PhoneNumber', telefono)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CedulaToLocationConsejal(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cc'] == cedula):
municipio = r[i]['municipio']
break
ent = TRX.addEntity('maltego.Location', municipio)
ent.addAdditionalFields("country", "Country", True, "Colombia")
ent.addAdditionalFields("area", "Area", True, municipio)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def PersonToCorreoDireccionTelefono_mk5f_bdwx(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre'] == nombre):
celular = r[i]['celular']
correo_electronico = r[i]['correo_electronico']
direccion = r[i]['direccion']
celular2 = r[i]['telefonos']
barrio = r[i]['municipio']
break
ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico)
ent2 = TRX.addEntity('maltego.PhoneNumber', celular)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent3 = TRX.addEntity('maltego.PhoneNumber', celular2)
ent3.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
mispevent = MISPEvent()
mispevent.analysis = MISP_ANALYSIS
mispevent.date = datetime.now()
mispevent.distribution = MISP_DISTRIBUTION
mispevent.info = eventName
mispevent.threat_level_id = MISP_THREAT
mispevent.published = MISP_EVENT_PUBLISH
event = misp.add_event(mispevent)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent', eid)
me.addAdditionalFields('EventLink', 'EventLink', False,
BASE_URL + '/events/view/' + eid)
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me)
returnSuccess("event", eid, None, mt)
def PersonToTelefono(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("3ard-sj8g", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre_prestador'] == nombre):
telefono = r[i]['telefono']
break
ent = TRX.addEntity('maltego.PhoneNumber', telefono)
ent.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
#!/usr/bin/python
# Get Instance Information
from MaltegoTransform import *
import sys
import boto3
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')
instance_id = mt.getVar('InstanceId')
mt.addUIMessage("Region: " + REGION)
mt.addUIMessage("Instance: " + instance_id)
# Get Instance Info
try:
client = boto3.resource('ec2', region_name=REGION)
instance_info = client.Instance(id=instance_id)
ent = mt.addEntity('matterasmus.AmazonEC2InstanceType', str(instance_info.instance_type))
ent.addAdditionalFields("InstanceType", "Instance Type", True, str(instance_info.instance_type))
ent = mt.addEntity('matterasmus.AmazonEC2Key', str(instance_info.key_name))
ent.addAdditionalFields("InstanceAccessKey", "Access Key", True, str(instance_info.key_name))
ent = mt.addEntity('matterasmus.AmazonEC2Subnet', str(instance_info.subnet_id))
ent.addAdditionalFields("variable", "Subnet ID", True, str(instance_info.subnet_id))
# Get VPC Information
vpc_info = client.Vpc(id=instance_info.vpc_id)
ent = mt.addEntity('matterasmus.AmazonEC2VPC', str(vpc_info.cidr_block))
ent.addAdditionalFields("VpcId", "VPC ID", True, str(instance_info.vpc_id))
ent.addAdditionalFields("IPv4Address", "CIDR Block", True, str(vpc_info.cidr_block))
ent = mt.addEntity('maltego.IPv4Address', str(instance_info.private_ip_address))
m = MaltegoTransform()
repoName = sys.argv[1]
def get_captcha(driver, element, path):
chrome_options = Options()
driver = None
try:
driver = webdriver.Chrome(executable_path=os.path.abspath("chromedriver.exe"), chrome_options=chrome_options)
driver.get("https://www.google.com")
except Exception as e:
driver = webdriver.Chrome(executable_path=os.path.abspath("chromedriver"), chrome_options=chrome_options)
driver.get("https://www.google.com")
barraBusqueda = driver.find_element_by_name("q")
barraBusqueda.send_keys("github")
barraBusqueda.send_keys(Keys.ENTER)
buscarGITHUB = driver.find_element_by_id("nqsbq")
buscarGITHUB.send_keys(repoName)
buscarGITHUB.send_keys(Keys.ENTER)
link = driver.find_element_by_partial_link_text(repoName)
link.click()
linkRepos = driver.find_element_by_xpath("//span[@class='Counter']")
m.addUIMessage(linkRepos.text)
m.returnOutput()
driver.quit()
if __name__ == "__main__":
# Type of entity (1=IP, 2=Domain, 3=File)
entity_type = sys.argv[1]
query = ""
value = ""
if entity_type == 'ip' or entity_type == 'domain':
# Query
query = sys.argv[2]
# Entity value
value = sys.argv[3]
else:
# Entity value
value = sys.argv[2]
# Maltego Transform object
me = MaltegoTransform()
me.addUIMessage("[INFO] Querying VirusTotal...")
me.addUIMessage("[INFO] Input entity type: %s..." % entity_type)
me.addUIMessage("[INFO] Value: %s..." % value)
me.addUIMessage("[INFO] Query: %s..." % query)
# To Maltego entity
if entity_type == 'ip':
to_entity(query_ip(query, value))
elif entity_type == 'domain':
to_entity(query_domain(query, value))
elif entity_type == 'file':
query_file(value)
me.returnOutput()
#!/usr/bin/python
# Get all the instances in our Region
from MaltegoTransform import *
import sys
import boto3
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')
try:
client = boto3.resource('ec2', region_name=REGION)
instances = client.instances.all()
mt.addUIMessage("Getting instances in " + REGION)
for instance in instances:
ent = mt.addEntity('matterasmus.AmazonEC2Instance', instance.tags[0].get("Value"))
ent.addAdditionalFields("InstanceId", "Instance ID", "strict", str(instance.id))
ent.addAdditionalFields("InstanceType", "Instance Type", "strict", instance.instance_type)
ent.addAdditionalFields("KeyName", "Key Name", "strict", instance.key_name)
ent.addAdditionalFields("PrivateIp", "Private Ip", "strict", instance.private_ip_address)
ent.addAdditionalFields("RegionName", "Region Name", "strict", REGION)
ent.addAdditionalFields("InstanceState", "Instance State", True, str(instance.state['Name']))
ent.addAdditionalFields("LaunchDate", "Launch Date", True, str(instance.launch_time))
else:
mt.addUIMessage("Completed.")
except Exception as e:
mt.addUIMessage(str(e))
mt.returnOutput()
port = port.split(',')
ssl = m.getVar('website.ssl-enabled')
robots = []
try:
for c in port:
if ssl == 'true':
url = 'https://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
else:
url = 'http://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
from init import load_credentials
creds = load_credentials()
REGION = creds[2]
m = MaltegoTransform()
# TODO: Is there a better way to do this ?
try:
conn = boto.ec2.connect_to_region(REGION, aws_access_key_id=creds[0], aws_secret_access_key=creds[1])
reservations = conn.get_all_instances()
for i in reservations:
group_nums = len(i.instances[0].groups)
for z in range(group_nums):
group_id = i.instances[0].groups[z].id
sg_name = conn.get_all_security_groups(group_ids=group_id)[0]
sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1])
ent.addAdditionalFields("SecurityGroup", "Group ID", "strict", str(group_id))
rule_nums = len(sec_rules)
m.addUIMessage("Completed.")
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
response = urllib2.urlopen(url)
html = response.read()
for line in html.split("\r"):
if "," in line:
l = line.strip()
type = l.split(",")[0]
value = l.split(",")[1]
reference = l.split(",")[2]
if type == "DOMAIN":
m.addEntity("maltego.Domain", value)
if type == "IP":
m.addEntity("maltego.IPv4Address", value)
if type == "MD5":
m.addEntity("malformity.Hash", value)
if type == "EMAIL":
m.addEntity("maltego.EmailAddress", value)
return
if __name__ == "__main__":
m = MaltegoTransform()
m.addUIMessage("[INFO] Enriching malware name via ThreatCrowd")
try:
main()
except Exception as e:
m.addUIMessage("[Error] " + str(e))
m.returnOutput()
# rather than as a separate entity
import sys
import shodan
from api_key import load_key
from MaltegoTransform import *
API_KEY = load_key()
api = shodan.Shodan(API_KEY)
m = MaltegoTransform()
m.parseArguments(sys.argv)
try:
host = api.host(sys.argv[1])
if len(host) == 0:
m.addUIMessage('No data in Shodan')
else:
data = host['data']
portentity = m.addEntity('maltego.IPv4Address', str(sys.argv[1]))
for i, ports in enumerate(data):
port = host['data'][i]['port']
banner = host['data'][i]['data']
port_data = str(port) + ":" + str(banner)
port_banner_data = portentity.addAdditionalFields(str(port), "Port:Banner", True, str(port_data))
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def main():
mt = MaltegoTransform()
if len(sys.argv) != 5:
mt.addException("You appear to be missing your uid and secret. Here is what was in your path: {s}".format(
s=sys.argv))
mt.throwExceptions()
sha1 = sys.argv[3]
censys_uid = sys.argv[1]
censys_secret = sys.argv[2]
auth = (censys_uid, censys_secret)
page = 1
query = {'query': '443.https.tls.certificate.parsed.fingerprint_sha1: \"{s}\"'.format(s=sha1),
'fields': ['ip', '443.https.tls.certificate.parsed.subject.common_name',
'443.https.tls.certificate.parsed.issuer.common_name', 'updated_at'], 'page': page}
try:
request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query), auth=auth)
if request.status_code == 200:
results = request.json()
pages = results['metadata']['pages']
if results['metadata']['count'] > 0:
process_results(results['results'], mt)
if pages > 1 > 4:
mt.addUIMessage("Found more than one page. Getting up to the first 100 results")
for i in range(2, 5):
page = i
query['page'] = page
request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query),
auth=auth)
if request.status_code == 200:
results = request.json()
if results['metadata']['count'] > 0:
process_results(results['results'], mt)
else:
if request.status_code == 400:
results = request.json()
mt.addException(str(results['error']))
if request.status_code == 429:
results = request.json()
mt.addException(str(results['error']))
if request.status_code == 404:
mt.addException("No info found")
if request.status_code == 500:
mt.addException("There has been a server error!!!")
if pages < 5 > 1:
for i in range(2, pages):
page = i
query['page'] = page
request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query),
auth=auth)
if request.status_code == 200:
results = request.json()
if results['metadata']['count'] > 0:
process_results(results['results'], mt)
else:
if request.status_code == 400:
results = request.json()
mt.addException(str(results['error']))
if request.status_code == 429:
results = request.json()
mt.addException(str(results['error']))
if request.status_code == 404:
mt.addException("No info found")
if request.status_code == 500:
mt.addException("There has been a server error!!!")
else:
mt.addUIMessage("No IP addresses found with this ssl cert")
mt.returnOutput()
else:
if request.status_code == 400:
results = request.json()
mt.addException(str(results['error']))
if request.status_code == 429:
results = request.json()
mt.addException(str(results['error']))
if request.status_code == 404:
mt.addException("No info found")
if request.status_code == 500:
mt.addException("There has been a server error!!!")
mt.throwExceptions()
except requests.exceptions.RequestException as e:
mt.addException(str(e))
mt.throwExceptions()
ent = m.addEntity('matterasmus.AmazonEC2Subnet', str(instance[0].subnet_id))
ent.addAdditionalFields("variable", "Subnet ID", True, str(instance[0].subnet_id))
ent = m.addEntity('matterasmus.AmazonEC2VPC', str(instance[0].vpc_id))
ent.addAdditionalFields("variable", "VPC ID", True, str(instance[0].vpc_id))
ent = m.addEntity('maltego.IPv4Address', str(instance[0].ip_address))
ent.addAdditionalFields("variable", "IP Address", True, str(instance[0].ip_address))
ent = m.addEntity('maltego.IPv4Address', str(instance[0].private_ip_address))
ent.addAdditionalFields("variable", "Private IP Address", True, str(instance[0].private_ip_address))
ent = m.addEntity('matterasmus.AmazonEC2Platform', str(instance[0].platform))
ent.addAdditionalFields("variable", "Platform", True, str(instance[0].platform))
ent = m.addEntity('matterasmus.AmazonEC2LaunchTime', str(instance[0].launch_time))
ent.addAdditionalFields("variable", "Launch Time", True, str(instance[0].launch_time))
ent = m.addEntity('matterasmus.AmazonEC2Key', str(instance[0].key_name))
ent.addAdditionalFields("variable", "SSH Key", True, str(instance[0].key_name))
# Get Security Group Information
group_nums = len(instance[0].groups)
group_id = instance[0].groups[0].id
sg_name = conn.get_all_security_groups(group_ids=group_id)[0]
sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1])
ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
m.addUIMessage("Completed: Instance Info Fetch")
else:
pass
else:
m.addUIMessage("Completed")
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
# Maltego tranform to get FBID
from MaltegoTransform import *
import requests
import sys
from bs4 import BeautifulSoup
m = MaltegoTransform()
m.parseArguments(sys.argv)
try:
url = "http://www.findmyfbid.com/"
post_data = "https://www.facebook.com/" + sys.argv[1]
user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0"
headers = {'User-Agent': user_agent}
req = requests.post(url, headers=headers, data = { "url": post_data})
html_data = req.text
soup = BeautifulSoup(html_data, 'html.parser')
resp = str(soup.code)
ugly1 = resp.split(">")
ugly2 = ugly1[1].split("<")
if resp == "<code>https://www.facebook.com</code>":
m.addUIMessage("No ID found :(")
else:
m.addEntity('maltego.phrase', ugly2[0])
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
root = Tkinter.Tk()
root.lift()
root.withdraw()
sys.stderr.write("Click the Python icon to select a file.")
csvfilename = tkFileDialog.askopenfilename()
data = csv.DictReader(open(csvfilename), delimiter=',',fieldnames=('Event Id','Event Type','Event Title','Start Time','End Time','Precision','Count','First Published Time','Last Published Time','Sample Fragment','Entities','Locations','Source Count','Positive Sentiment','Negative Sentiment'))
next(data)
for row in data:
event = row['Event Type']+"-"+row['Event Id']
rfevent = mt.addEntity("recfut.RFEvent",event);
rfevent.addAdditionalFields("eid","Event ID",False,row['Event Id']);
rfevent.addAdditionalFields("etype","Event Type",False,row['Event Type']);
rfevent.addAdditionalFields("title","Event Title",False,row['Event Title']);
rfevent.addAdditionalFields("starttime","Start Time",False,row['Start Time']);
rfevent.addAdditionalFields("stoptime","Stop Time",False,row['End Time']);
rfevent.addAdditionalFields("fragment","Fragment",False,row['Sample Fragment']);
rfevent.addAdditionalFields("precision","Precision",False,row['Precision']);
rfevent.addAdditionalFields("count","Count",False,row['Count']);
rfevent.addAdditionalFields("firstpublished","First Published",False,row['First Published Time']);
rfevent.addAdditionalFields("lastpublished","Last Published",False,row['Last Published Time']);
rfevent.addAdditionalFields("sourcecount","Source Count",False,row['Source Count']);
rfevent.addAdditionalFields("pos_sentiment","Positive Sentiment",False,row['Positive Sentiment']);
rfevent.addAdditionalFields("neg_sentiment","Negative Sentiment",False,row['Negative Sentiment']);
mt.addUIMessage("RF event load completed!")
mt.returnOutput()
found_pulse = getPulse(general_result)
if found_pulse != '':
m.addEntity("otx.OTXPulse", found_pulse)
malware_result = otx.get_indicator_details_by_section(IndicatorTypes.IPv4, ip, 'malware')
pdns_result = otx.get_indicator_details_by_section(IndicatorTypes.IPv4, ip, 'passive_dns')
added_ips = 0
if 'passive_dns' in pdns_result:
for pdns in pdns_result['passive_dns']:
added_ips +=1
# Dont add too many IPs if fast flux etc
if added_ips < 50:
hostname = pdns['hostname']
m.addEntity("maltego.Domain", hostname)
if 'data' in malware_result:
for malware in malware_result['data']:
hash = malware['hash']
m.addEntity("maltego.Hash", hash)
return
if __name__ == '__main__':
m = MaltegoTransform()
m.addUIMessage("[INFO] Enriching IP via OTX")
try:
main()
except Exception as e:
m.addUIMessage("[Error] " + str(e) + '\n' + traceback.format_exc())
m.returnOutput()
for line in html.split('\r'):
if "," in line:
l = line.strip()
type = l.split(',')[0]
value = l.split(',')[1]
reference = l.split(',')[2]
if type == "Domain":
m.addEntity("maltego.Domain", value)
if type == "IP":
m.addEntity("maltego.IPv4Address", value)
if type == "MD5":
m.addEntity("malformity.Hash", value)
if type == "EMAIL":
m.addEntity("maltego.EmailAddress", value)
return
if __name__ == '__main__':
m = MaltegoTransform()
m.addUIMessage("[INFO] Enriching domain via ThreatCrowd")
try:
main()
except Exception as e:
m.addUIMessage("[Error] " + str(e))
m.returnOutput()
internetresource = ''.join(("organisation:", sys.argv[2]))
elif sys.argv[1] == "MNT":
internetresource = ''.join(("mntner:", sys.argv[2]))
else:
argument = sys.argv[1]
argumentList = argument.split('#')
ipaddress = argumentList[0].split('=')
internetresource = argumentList[0]
try:
url = "https://stat.ripe.net/data/historical-whois/data.json?resource=" + internetresource
response = json.loads(urllib2.urlopen(url).read())
except:
m = MaltegoTransform()
m.addUIMessage(
"There was an issue fetching the WHOIS data:" + internetresource,
"Inform")
m.returnOutput()
sys.exit(0)
try:
amountVersions = response['data']['num_versions']
startVersion = response['data']['versions'][0]['version'] - response[
'data']['num_versions'] + 1
except:
m = MaltegoTransform()
m.addUIMessage(
"There was an issue with the WHOIS response. Likely the authoritative resource information is not held in the RIPE Database.",
"Inform")
m.returnOutput()
sys.exit(0)
# Get Shodan results for our host
import sys
import shodan
from api_key import load_key
from MaltegoTransform import *
API_KEY = load_key()
api = shodan.Shodan(API_KEY)
m = MaltegoTransform()
m.parseArguments(sys.argv)
try:
host = api.host(sys.argv[1])
if len(host) == 0:
m.addUIMessage('No data in Shodan')
else:
open_ports = host['ports']
for port in open_ports:
m.addEntity('undeadsecurity.Port', str(port))
m.addEntity('maltego.company', host.get('isp'))
hostnames = host.get('hostnames')
for hosts in hostnames:
m.addEntity('maltego.DNSName', str(hosts))
m.addEntity('maltego.Location', host.get('country_name'))
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
import sys
import urllib2
import json
from MaltegoTransform import *
HIBP = "https://haveibeenpwned.com/api/breachedaccount/"
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
email = mt.getValue()
mt = MaltegoTransform()
getrequrl = HIBP + email
try:
response = urllib2.urlopen(getrequrl)
data = json.load(response)
response = data
for rep in response:
mt.addEntity("maltego.Phrase","Pwned at " + rep)
except urllib2.URLError, e: # "Response Codes" within https://haveibeenpwned.com/API/v1
if e.code == 400:
mt.addUIMessage("The e-mail account does not comply with an acceptable format",messageType="PartialError")
if e.code == 404:
UIMessage = email + " could not be found and has therefore not been pwned"
mt.addUIMessage(UIMessage,messageType="Inform")
mt.returnOutput()
