def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(cookies.c.client_mac==mac)
#s = select([cookies.c.baseDomain], and_(*filters)) #Bug: baseDomain being returned as full URL.
s = select([cookies.c.host], and_(*filters))
logging.debug(s)
logging.debug(mac)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for domain in results:
domain = illegal_xml_re.sub('', domain)
NewEnt=TRX.addEntity("maltego.Domain", domain)
NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain)
NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac)
TRX.returnOutput()
def main(argv):
if argv[1] == "caseyso":
namesList = ["bobbyo", "jjc", "alf", "courtp"]
elif argv[1] == "jjc":
namesList = ["caseyso", "jjc", "alf", "courtp", "mrclean"]
elif argv[1] == "alf":
namesList = ["mrclean", "jjc", "alf", "courtp", "joe"]
elif argv[1] == "bobbyo":
namesList = ["jjc", "caseyso", "brat322"]
else:
users = twitterSearch.getFollowers(argv[1])
if DEBUG:
print users
searchString = ""
for i in range(len(users["users"])):
searchString += str(users["users"][i]["id"]) + ","
if DEBUG:
print searchString[:-1]
names = twitterSearch.idToUsername(searchString[:-1])
namesList = []
for name in names:
namesList.append(name["screen_name"])
if DEBUG:
print namesList
mt = MaltegoTransform()
for user_name in namesList:
if DEBUG:
print user_name
mt.addEntity("maltego.Twit", user_name)
mt.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip==ip)
s = select([weblogs.c.full_url, weblogs.c.cookies], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
#logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for res in results:
logging.debug(res)
url, cookies = res
#logging.debug(cookies)
NewEnt=TRX.addEntity("maltego.URL", url)
NewEnt.addAdditionalFields("url","URL", "strict",url)
TRX.returnOutput()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
# reading samples table ...
c.execute("SELECT * FROM samples")
found = c.fetchall()
if found is not None:
for i in range(0, len(found)):
# adding Sample entity
name = found[i][2]
me.addEntity("ran2.Sample", name)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
me.returnOutput()
conn.commit()
c.close()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip==ip)
s = select([weblogs.c.useragent], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for ua in results:
logging.debug(ua)
if str(ua).find('None') < 1:
NewEnt=TRX.addEntity("snoopy.useragent", str(ua))
NewEnt.addAdditionalFields("ip","Client IP", "strict",ip)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters.append(ssids.c.mac==mac)
s = select([ssids.c.ssid], and_(*filters))
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for ssid in results:
#ssid = b64decode(ssid)
ssid=escape(ssid)
ssid = illegal_xml_re.sub('', ssid)
if not ssid.isspace() and ssid:
NewEnt=TRX.addEntity("snoopy.SSID", ssid)
NewEnt.addAdditionalFields("properties.ssid","ssid", "strict",ssid)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.extend((cookies.c.client_mac==mac, cookies.c.baseDomain==domain))
s = select([cookies.c.name, cookies.c.value], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for cookie in results:
logging.debug(cookie)
name, value = cookie
NewEnt=TRX.addEntity("snoopy.Cookie", name)
NewEnt.addAdditionalFields("value","Value", "strict",value)
NewEnt.addAdditionalFields("fqdn","Domain", "strict",domain)
NewEnt.addAdditionalFields("mac","Client Mac", "strict",mac)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
# s = select([proxs.c.drone], and_(*filters)).distinct()
s = select([sess.c.drone], and_(*filters)).distinct()
logging.debug(filters)
logging.debug(s)
r = db.execute(s)
results = r.fetchall()
results = [t[0] for t in results]
TRX = MaltegoTransform()
for drone in results:
logging.debug(drone)
NewEnt=TRX.addEntity("snoopy.Drone", drone)
NewEnt.addAdditionalFields("properties.drone","drone", "strict",drone)
NewEnt.addAdditionalFields("start_time", "start_time", "strict", start_time)
NewEnt.addAdditionalFields("end_time", "end_time", "strict", end_time)
#NewEnt.addAdditionalFields("drone", "drone", "strict", drone)
#NewEnt.addAdditionalFields("location", "location", "strict", location)
TRX.returnOutput()
def parsereport(page):
xform = MaltegoTransform()
try:
try:
single = page.find(text='To mark the presence in the system, the following Mutex object was created:').findNext('ul').li.text
except:
single = None
try:
multiple = page.find(text='To mark the presence in the system, the following Mutex objects were created:').findNext('ul')
except:
multiple = None
if single is not None:
entity = xform.addEntity("maltego.IPv4Address", single)
if multiple is not None:
for mutex in multiple.findAll('li'):
entity = xform.addEntity("maltego.Phrase", mutex.text)
elif multiple is not None:
for mutex in multiple.findAll('li'):
entity = xform.addEntity("maltego.Phrase", mutex.text)
else:
sys.exit("No Mutexes Reported")
except:
sys.exit("Error finding Mutexes.")
xform.returnOutput()
def returnSuccess(etype,value,event=None, mt=None):
if not mt:
mt = MaltegoTransform()
if event:
mt.addUIMessage("[Info] Successful entry of %s with value %s into event %s" % (etype, value, event))
else:
mt.addUIMessage("[Info] Successful entry of %s with ID %s" % (etype, value))
mt.returnOutput()
def selectEvent(eventID):
s = shelve.open(eventDB)
s['id'] = eventID
s['age'] = datetime.today()
s.close()
mt = MaltegoTransform()
mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID)
mt.returnOutput()
def main(argv):
myURLs = LinkedIn(sys.argv[1])
mt = MaltegoTransform();
for urls in myURLs:
mt.addEntity("maltego.Alias", urls)
mt.returnOutput()
def main():
filters.append(wigle.c.ssid == ssid)
filters.append(wigle.c.overflow == 0)
s = select([wigle], and_(*filters)).distinct().limit(limit)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for address in results:
if len(results) > 20:
break
#ssid = b64decode(ssid)
#ssid=escape(ssid)
#ssid = illegal_xml_re.sub('', ssid)
logging.debug(type(address))
street_view_url1 = "http://maps.googleapis.com/maps/api/streetview?size=800x800&sensor=false&location=%s,%s" % (str(address['lat']),str(address['long']))
street_view_url2 = "https://maps.google.com/maps?q=&layer=c&cbp=11,0,0,0,0&cbll=%s,%s " % (str(address['lat']),str(address['long']))
map_url = "http://maps.google.com/maps?t=h&q=%s,%s"%(str(address['lat']),str(address['long']))
flag_img = "http://www.geognos.com/api/en/countries/flag/%s.png" % str(address['code']).upper()
#NewEnt=TRX.addEntity("maltego.Location", address['shortaddress'].encode('utf-8'))
NewEnt=TRX.addEntity("snoopy.ssidLocation", address['shortaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("city","city", "strict", address['city'].encode('utf-8'))
NewEnt.addAdditionalFields("countrycode","countrycode", "strict", address['code'].encode('utf-8'))
NewEnt.addAdditionalFields("country","country", "strict", address['country'].encode('utf-8'))
NewEnt.addAdditionalFields("lat","lat", "strict", str(address['lat']))
NewEnt.addAdditionalFields("long","long", "strict", str(address['long']))
NewEnt.addAdditionalFields("longaddress","longaddress", "strict", address['longaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("location.areacode","Area Code", "strict", address['postcode'])
NewEnt.addAdditionalFields("road","Road", "strict", address['road'].encode('utf-8'))
NewEnt.addAdditionalFields("streetaddress","streetaddress", "strict", address['shortaddress'].encode('utf-8'))
NewEnt.addAdditionalFields("ssid","SSID", "strict", address['ssid'])
NewEnt.addAdditionalFields("state","State", "strict", address['state'].encode('utf-8'))
NewEnt.addAdditionalFields("area","Area", "strict", address['suburb'].encode('utf-8'))
NewEnt.addAdditionalFields("googleMap", "Google map", "nostrict", map_url)
NewEnt.addAdditionalFields("streetView", "Street View", "nostrict", street_view_url2)
#NewEnt.setIconURL(flag_img)
logging.debug(street_view_url1)
NewEnt.setIconURL(street_view_url1)
NewEnt.addDisplayInformation("<a href='%s'>Click for map </a>" % street_view_url2, "Street view")
NewEnt.addDisplayInformation("one","two")
#try:
TRX.returnOutput()
def parsereport(page):
xform = MaltegoTransform()
table = page.find("div", {"id" : "network_hosts"}).findNext('table')
elements = table.findAll('td', {"class" : "row"})
for element in elements:
text = element.find(text=True)
entity = xform.addEntity("maltego.IPv4Address", text)
xform.returnOutput()
def parsereport(page):
xform = MaltegoTransform()
try:
for element in page.findAll(text=re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")):
entity = xform.addEntity("maltego.IPv4Address", element)
except:
sys.exit("Report contains no IPs.")
xform.returnOutput()
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide an ip_addr!")
sys.exit()
else:
input = sys.argv[1].split("=")
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
if ip_addr != "":
ip = ip_addr.split(".")
ip_addr = ip[0] + "." + ip[1] + "." + ip[2]
input = '"%' + ip_addr + '%"'
sql1 = "SELECT * FROM ip where ip_addr like " + input
# checking database, ip table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
source = found1[i][2]
ip_addr = found1[i][5]
# adding entity IP Entity
if ip_addr != "" and ip_addr != sys.argv[1]:
entity = MaltegoEntity()
entity.setType("maltego.IPv4Address")
entity.setValue(ip_addr)
entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080")
me.addEntityToMessage(entity)
else:
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def new_transform(arg):
m = MaltegoTransform()
url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.IPv4Address', i['ipaddr'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, arg)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
global TRX
ip = TRX.getVar("properties.client_ip")
if TRX.getVar("client_ip"):
ip = TRX.getVar("client_ip")
domain = TRX.getVar("domain")
filters = []
if ip:
filters.append(sslstrip.c.client == ip)
if domain:
filters.append(sslstrip.c.domain == domain)
s = select([sslstrip.c.key, sslstrip.c.value], and_(*filters)).distinct()
results = db.execute(s).fetchall()
for res in results:
key, value = res
NewEnt = TRX.addEntity("snoopy.sslstripResult", key)
NewEnt.addAdditionalFields("key", "key", "strict", value)
NewEnt.addAdditionalFields("value", "Value", "strict", value)
TRX.returnOutput()
# Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.extend((leases.c.mac == mac, sslstrip.c.client == leases.c.ip))
if domain:
filters.append(sslstrip.c.domain == domain)
s = select([sslstrip.c.domain, leases.c.mac, leases.c.ip], and_(*filters))
r = db.execute(s)
results = r.fetchall()
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u"[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]")
for res in results:
domain, client_mac, client_ip = res
NewEnt = TRX.addEntity("snoopy.Site", domain)
NewEnt.addAdditionalFields("domain", "domain", "strict", domain)
NewEnt.addAdditionalFields("mac", "Client Mac", "strict", client_mac)
NewEnt.addAdditionalFields("client_ip", "Client IP", "strict", client_ip)
TRX.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
#db.echo=True
#Need to implement outer join at some point:
# s=select([cookies.c.client_mac]).outerjoin(vends, cookies.c.client_mac == vends.c.mac) #Outer join
sl = select([leases.c.mac, leases.c.hostname]).distinct()
lease_list = dict ( db.execute(sl).fetchall() )
#filters.append(cookies.c.client_mac == vends.c.mac) # Replaced with JOIN
j = cookies.outerjoin(vends, cookies.c.client_mac == vends.c.mac)
s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters)).select_from(j).distinct()
logging.debug(s)
#s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(*filters))
if ssid:
nfilters=[]
nfilters.append(ssids.c.ssid == ssid)
nfilters.append(ssids.c.mac == vends.c.mac)
s = select([ssids.c.mac,vends.c.vendor, vends.c.vendorLong], and_(*nfilters))
#logging.debug(s)
#s = select([cookies.c.client_mac,vends.c.vendor, vends.c.vendorLong], and_(cookies.c.client_mac == vends.c.mac, cookies.c.num_probes>1 ) ).distinct()
cwdF = [cookies.c.run_id == sess.c.run_id]
cw = select([cookies.c.client_mac], and_(*cwdF))
logging.debug(cw)
r = db.execute(s)
results = r.fetchall()
TRX = MaltegoTransform()
for mac,vendor,vendorLong in results:
hostname = lease_list.get(mac)
if hostname:
NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,hostname))
else:
NewEnt=TRX.addEntity("snoopy.Client", "%s\n(%s)" %(vendor,mac[6:]))
NewEnt.addAdditionalFields("mac","mac address", "strict",mac)
NewEnt.addAdditionalFields("vendor","vendor", "nostrict", vendor)
NewEnt.addAdditionalFields("vendorLong","vendorLong", "nostrict", vendorLong)
TRX.returnOutput()
def metasearch(query):
m = MaltegoTransform()
for page in range(1, settings.MAX_PAGES):
url = '{0}{1}&format=json&pageno={2}'.format(settings.SEARX, query,
page)
response = requests.post(url).json()
for r in response['results']:
ent = m.addEntity('maltego.URL', r['url'])
ent.addAdditionalFields('url', 'URL', True, r['url'])
if r.get('title'):
ent.addAdditionalFields('title', 'Title', True, r['title'])
if r.get('content'):
ent.addAdditionalFields('content', 'Content', True,
r['content'])
m.returnOutput()
def new_transform(arg):
m = MaltegoTransform()
m.parseArguments(arg)
ip = m.getVar('ipv4-address')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
ent = m.addEntity('maltego.AS', i['asn'])
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def CedulaToConsejal(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
cedula = m.Value
#cedula=sys.argv[1]
#cedula = '91457340'
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cc'] == cedula):
genero = r[i]['genero']
partido = r[i]['partido_politico']
municipio = r[i]['municipio']
nombre_concejal = r[i]['nombre_concejal']
break
ent = TRX.addEntity('eci.Consejal', nombre_concejal)
ent.addAdditionalFields("properity.genero", "Genero", True, genero)
ent.addAdditionalFields("properity.partido", "Partido", True, partido)
ent.addAdditionalFields("properity.municipio", "Municipio", True,
municipio)
ent.addAdditionalFields("properity.cedula", "Cedula", True, cedula)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
return TRX.returnOutput()
def uriToI3visioEntities(argv):
'''
Method that obtains all the entities in a given profile.
:param argv: the serialized entity.
:return: Nothing is returned but the code of the entities is created.
'''
me = MaltegoTransform()
#me.parseArguments(argv);
uri = sys.argv[1]
# Trying to recover all the possible i3visio entities
found_fields = {}
import urllib2
data = urllib2.urlopen(uri).read()
entities = processing.getEntitiesByRegexp(data=data)
# This returns a dictionary like the following:
"""
[{
'attributes': [],
'type': 'i3visio.sha256',
'value': 'a9b8c5d848205db514d4097d2b78f4528d01a79f39601e0f9c5c40ed689471'
}, {
'attributes': [],
'type': 'i3visio.sha256',
'value': 'b28b896e6eeb8d651cacd5f4a4d1490fbe9d05dbc92221609350b0ce7a68e9'
}, {
'attributes': [],
'type': 'i3visio.sha256',
'value': 'd727fed4d969b14b28165c75ad12d7dddd56c0198fa70cedc3fdad7ac395b2'
}, {
'attributes': [],
'type': 'i3visio.sha256',
'value': '3e9a2204fcfc6f7dde250e61ca35353411880024102cba14a0bd45f05f1e74'
}]
"""
#print json.dumps(entities, indent=2)
for elem in entities:
newEnt = me.addEntity(elem["type"], elem["value"])
newEnt.addAdditionalFields("i3visio.attributes", "i3visio.attributes",
True, str(elem["attributes"]))
# Returning the output text...
me.returnOutput()
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip == ip)
s = select([weblogs.c.host, weblogs.c.path, weblogs.c.cookies],
and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(
u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]'
)
for res in results:
#logging.debug(res)
host, path, cookies = res
logging.debug(host)
#logging.debug(path)
logging.debug(cookies)
if len(cookies) > 2:
foo = cookies.split(", ")
for cookie in foo:
name, value = cookie.split(": ")
name = name.split('"')[1]
value = value.split('"')[1]
logging.debug(name)
logging.debug(value)
NewEnt = TRX.addEntity("snoopy.Cookie", name)
NewEnt.addAdditionalFields("value", "Value", "strict", value)
NewEnt.addAdditionalFields("fqdn", "Domain", "strict", host)
#NewEnt.addAdditionalFields("path","Path", "strict",path)
NewEnt.addAdditionalFields("ip", "Client IP", "strict", ip)
TRX.returnOutput()
def main(argv):
url = sys.argv[1];
html = urllib.urlopen(url).read()
emails = collectAllEmail(html)
#print emails
#myfile = open('emails.csv', 'wb')
#wr = csv.writer(myfile, quoting=csv.QUOTE_ALL)
#wr.writerow(emails)
mt = MaltegoTransform();
for email in emails:
mt.addEntity("maltego.EmailAddress", email)
mt.returnOutput()
def main(argv):
url = sys.argv[1]
html = urllib.urlopen(url).read()
emails = collectAllEmail(html)
#print emails
#myfile = open('emails.csv', 'wb')
#wr = csv.writer(myfile, quoting=csv.QUOTE_ALL)
#wr.writerow(emails)
mt = MaltegoTransform()
for email in emails:
mt.addEntity("maltego.EmailAddress", email)
mt.returnOutput()
def main():
parser = argparse.ArgumentParser(description="Jumpstart Maltego graph of C2 infrastructure off domain or IP.", epilog="spidermal.py -l paloaltonetworks.com -s 2014-09-12 -e 2015-12-1 -r 2 -o pan.mgtx -a PT")
parser.add_argument("-s", "--start", help="Start date for range; \"YYYY-MM-DD\".", metavar="YYYY-MM-DD")
parser.add_argument("-e", "--end", help="End date for range; \"YYYY-MM-DD\".", metavar="YYYY-MM-DD")
parser.add_argument("-l", "--lookup", help="Value you start search with.", required=True, metavar="IP|DOMAIN")
parser.add_argument("-o", "--out", help="Output file name (will append \"mtgx\" if not present.", default="malgraph.mtgx", metavar="filename.mtgx")
parser.add_argument("-r", "--recurse", help="Number of levels to recurse. Default is 1; be careful with hosting sites.", default=1, metavar="LEVEL")
parser.add_argument("-a", "--api", help="Choose API to use. Default is PassiveTotal.", default="PT", choices=["PT"])
parser.add_argument("-t", "--transform", help="Run in Maltego Transform mode (run from inside Maltego client).", action="store_true")
parser.add_argument("-v", "--verbose", help="Print additional data (tags/class/dynamic fields).", action="store_true")
args, unknown = parser.parse_known_args() # Make sure to collect the unknown arguments since Maltego will pass them in "#" format
global verbose
verbose = args.verbose
target_start = datetime.date(1970, 1, 1) # Default start date for range
target_end = datetime.date.today() # Default end date for range
if args.transform == True:
if transform == 0: # Check to make sure the MaltegoTransform.py file is there, otherwise notify user within Maltego
print """<MaltegoMessage><MaltegoTransformResponseMessage><Entities></Entities><UIMessages><UIMessage MessageType="FatalError">MaltegoTransform.py Module Not Found!</UIMessage></UIMessages></MaltegoTransformResponseMessage></MaltegoMessage>"""
sys.exit()
unknownargs = unknown[0].split("#") # Peel off any dates sent by Maltego in the "Before" or "After" fields
for argument in unknownargs:
if argument.startswith("After"):
target_start = date_convert(argument.split("=")[1], "user")
elif argument.startswith("Before"):
target_end = date_convert(argument.split("=")[1], "user")
else:
pass
global maltrans # Build maltego transform to pipe data back if transform is selected
maltrans = MaltegoTransform()
final_list, type = api_query(args.lookup, target_start, target_end, "1", "PT", args.transform)
build_maltego(final_list, type, str(target_start), str(target_end))
maltrans.returnOutput()
else:
if args.start:
target_start = date_convert(args.start, "user")
if args.end:
target_end = date_convert(args.end, "user")
print "[+] Begining search for", args.lookup, "using", args.api, "API between", str(target_start), "and", str(target_end) + "."
final_list, type = api_query(args.lookup, target_start, target_end, args.recurse, args.api, args.transform)
print "[+] Finished API queries."
print "[+] Building graph (nodes/edges)."
build_graph(final_list, args.out)
print "[+] Building Maltego file named", args.out + "."
zip_file(args.out)
def TelefonoToCorreoDireccionPerson_6kcx_kbuk(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#telefono=sys.argv[1]
telefono=m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("6kcx-kbuk", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['celular'] == telefono) :
cc=r[i]['doc_identidad']
nombre=r[i]['nombre_concejal']
partido=r[i]['partido_politico']
correo_electronico= r[i]['correo_electronico']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico)
ent2 = TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
ent3 = TRX.addEntity('eci.Cedula', cc)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def TelefonoToCorreoDireccionPerson_mk5f_bdwx(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#telefono=sys.argv[1]
telefono=m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['celular'] == telefono or r[i]['telefonos'] == telefono) :
nombre=r[i]['nombre']
correo_electronico= r[i]['correo_electronico']
direccion=r[i]['direccion']
barrio=r[i]['municipio']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True, firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico)
ent4 = m.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True, direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def handleNessusScanEntity(entityValue="", properties=""):
global allHosts
global pluginIncludeList
nessusFiles = []
pluginfilter = ""
fileStr = None
#parse calling entity properties
nessusScanProps = properties.split("#")
for prop in nessusScanProps:
if NESSUSSCANPATHPROP in prop:
nessusScansDirProp = prop.split("=")
if len(nessusScansDirProp) > 1:
fileStr = sanitize(nessusScansDirProp[1], [("\\\\", "\\")])
if "pluginfilter" in prop:
pluginFilterProp = prop.split("=")
if len(pluginFilterProp) > 1:
pluginfilter = pluginFilterProp[1]
#prompt user for nessus files if not already specified
fileStr, nessusFiles = getNessusScanFiles(fileStr)
#prompt user for user for plugin selections
if len(pluginfilter) < 1:
parseNessus(nessusFiles, GATHERPLUGINMODE)
data = getSelectedPlugins()
for plugin in data:
pluginIncludeList.append(plugin[0])
else:
pluginIncludeList = eval(pluginfilter)
#start creation of Maltego message
MaltegoMessage = MaltegoTransform()
#ensure properties of calling entity updated
ent = MaltegoMessage.addEntity("securifera.NessusScan", entityValue)
ent.addProperty(NESSUSSCANPATHPROP, NESSUSSCANPATHPROPDIS, value=fileStr)
ent.addProperty("pluginfilter",
"PluginFilter",
value=str(pluginIncludeList))
#parse files for IPv4Address entity creation
parseNessus(nessusFiles, IPENTITYMODE)
for host in allHosts:
host.addCustomProperty(
EntityProperty(NESSUSSCANPATHPROP, "NessusPath", fileStr))
host.addCustomProperty(
EntityProperty("includelist", "IncludeList",
str(pluginIncludeList)))
host.addEntity(MaltegoMessage)
xmlStr = MaltegoMessage.returnOutput()
return xmlStr
def main():
# print "Content-type: xml\n\n";
# MaltegoXML_in = sys.stdin.read()
# logging.debug(MaltegoXML_in)
# if MaltegoXML_in <> '':
# m = MaltegoMsg(MaltegoXML_in)
#Custom query per transform, but apply filter with and_(*filters) from transformCommon.
filters = []
filters.append(weblogs.c.client_ip==ip)
s = select([weblogs.c.host, weblogs.c.path, weblogs.c.cookies], and_(*filters))
logging.debug(s)
#s = select([ssids.c.ssid]).where(ssids.c.mac==mac).distinct()
r = db.execute(s)
results = r.fetchall()
logging.debug(results)
#results = [t[0] for t in results]
TRX = MaltegoTransform()
illegal_xml_re = re.compile(u'[\x00-\x08\x0b-\x1f\x7f-\x84\x86-\x9f\ud800-\udfff\ufdd0-\ufddf\ufffe-\uffff]')
for res in results:
#logging.debug(res)
host, path, cookies = res
logging.debug(host)
#logging.debug(path)
logging.debug(cookies)
if len(cookies) > 2:
foo = cookies.split(", ")
for cookie in foo:
name, value = cookie.split(": ")
name = name.split('"')[1]
value = value.split('"')[1]
logging.debug(name)
logging.debug(value)
NewEnt=TRX.addEntity("snoopy.Cookie", name)
NewEnt.addAdditionalFields("value","Value", "strict",value)
NewEnt.addAdditionalFields("fqdn","Domain", "strict",host)
#NewEnt.addAdditionalFields("path","Path", "strict",path)
NewEnt.addAdditionalFields("ip","Client IP", "strict",ip)
TRX.returnOutput()
def expandPropertiesFromI3visioEntity(argv):
'''
Method that expands the properties from a given i3visio entity. It is useful to create new Entities based on the contents of the properties.
:param argv: the serialized entity.
:return: Nothing is returned but the code of the entities is created.
'''
me = MaltegoTransform()
me.parseArguments(argv)
# Trying to recover all the possible i3visio entities
found_fields = {}
for entity in constants.I3VISIO_ENTITIES:
found_fields[entity] = me.getVar(entity)
# All the possible fields must be written down here...
# iterating through the possible i3visio entities
for field in found_fields.keys():
if found_fields[field] != None:
newEnt = me.addEntity(field, str(found_fields[field]))
#newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat] + "</p>");
#newEnt.addAdditionalFields("i3visio.platform","Platform name",True,plat)
try:
# Adding new entities observing the attributes tab:
attributes = me.getVar("attributes")
#print attributes
attJson = json.loads(attributes)
#print attJson
for att in attJson:
#print att
newEnt = me.addEntity(str(att["type"]), str(att["value"]))
#newEnt.setDisplayInformation("<h3>" + prof +"</h3><p>" + str(prof) + "\t" + str(plat) + "\t" + profiles[prof][plat] + "</p>");
newEnt.addAdditionalFields("attributes", "attributes", True,
str(att["attributes"]))
except:
pass
# Getting the output text
#maltegoText = me.getOutput()
# Returning the output text...
me.returnOutput()
def main(argv):
url = sys.argv[1];
html = urllib.urlopen(url).read()
emails = collectAllEmail(html)
#print emails
#myfile = open('emails.csv', 'wb')
#wr = csv.writer(myfile, quoting=csv.QUOTE_ALL)
#wr.writerow(emails)
mt = MaltegoTransform();
for email in emails:
index = email.find('@');
alias = email[:index]
mt.addEntity("maltego.Alias", alias)
mt.returnOutput()
def CedulaToPartidoPolitico(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula=m.Value
partido=""
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if ( r[i]['cc'] == cedula) :
partido = r[i]['partido_politico']
break
ent=TRX.addEntity('eciescuelaing.PartidoPolitico', partido)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CedulaToDiscapacidadh2wr_su56(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("h2wr-su56", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
tempid = r[i]['identificacion'].replace(",", "")
tempid = tempid.replace(".", "")
tempid = tempid.replace("T.I.", "")
tempid = tempid.replace("NUIP ", "")
if (tempid == cedula):
direccion = r[i]['direccion']
discapacidad = r[i]['discapacidad']
fecha = r[i]['fecha_de_nacimiento']
nombres = r[i]['nombres_y_apellidos']
break
ent = TRX.addEntity('maltego.Person', nombres)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
nombres)
ent.addAdditionalFields("person.lastname", "Surname", True, "")
ent2 = TRX.addEntity('eci.Discapacidad', discapacidad)
ent2.addAdditionalFields("fechaNacimiento", "Born Date", True, fecha)
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, "")
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Nombre no encontrado en la base de datos")
TRX.returnOutput()
def CorreoToTelefonoPerson_u5mc_hpr6(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#correo=sys.argv[1]
correo = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['correo_electr_nico'] == correo):
nombre = r[i]['nombre']
telefono = r[i]['celular']
break
nombre = nombre.split(" ")
if (len(nombre) == 4):
firts = nombre[0] + " " + nombre[1]
last = nombre[2] + " " + nombre[3]
full = nombre[0] + " " + nombre[1] + " " + nombre[
2] + " " + nombre[3]
else:
firts = nombre[0]
last = nombre[1] + " " + nombre[2]
full = nombre[0] + " " + nombre[1] + " " + nombre[2]
ent = TRX.addEntity('maltego.Person', full)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
firts)
ent.addAdditionalFields("person.lastname", "Surname", True, last)
ent2 = TRX.addEntity('maltego.PhoneNumber', telefono)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def new_transform(arg):
emails = []
m = MaltegoTransform()
m.parseArguments(arg)
domain = m.getVar('fqdn')
ip = m.getVar('ipaddr')
wrkspc = m.getVar('workspace')
url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
try:
r = requests.get(url)
j = r.json()
for i in j['items']:
if domain in i['domain']:
for x in i['data']['emails']:
if x not in emails:
emails.append(x)
for t in emails:
ent = m.addEntity('maltego.EmailAddress', t)
ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
def aliasToSkypeAccounts(query=None):
'''
Method that checks if the given email is stored in the HIBP website.
:param query: query to verify.
'''
me = MaltegoTransform()
jsonData = skype.checkInSkype(query=query)
# This returns a dictionary like:
# [{}]
#print json.dumps(entities, indent=2)
for user in jsonData:
newEnt = me.addEntity("i3visio.profile","skype://" +str(user["i3visio.alias"]))
aliasEnt = me.addEntity("i3visio.alias",user["i3visio.alias"])
newEnt.setDisplayInformation("<h3>" + user["i3visio.alias"] +"</h3><p>");# + json.dumps(user, sort_keys=True, indent=2) + "!</p>");
for field in user.keys():
if field != "i3visio.alias":
# [TO-DO] Appending all the information from the json:
if field == "i3visio.aliases":
listAliases = [user["i3visio.alias"]]
listAliases += user[field]
# in this case, this is a list
for alias in user[field]:
aliasEnt = me.addEntity("i3visio.alias",alias.encode('utf-8'))
elif user[field] != None:
try:
newEnt.addAdditionalFields(field,field,True,str(user[field]).encode('utf-8'))
except:
# Something passed...
pass
# Returning the output text...
me.returnOutput()
def CedulaToNombreDireccionTelefonoxbrx_42kw(m):
TRX = MaltegoTransform()
#TRX.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("xbrx-42kw", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['documento_de_identidad'] == cedula):
barrio = r[i]['barrio']
direccion = r[i]['direcci_n']
nombre = r[i]['nombres']
telefono = r[i]['tel_fono']
break
ent = TRX.addEntity('maltego.Person', nombre)
ent.addAdditionalFields("person.firtsnames", "Firts Names", True,
nombre)
ent.addAdditionalFields("person.lastname", "Surname", True, "")
ent2 = TRX.addEntity('maltego.PhoneNumber', telefono)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def CedulaToLocationConsejal(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedula=sys.argv[1]
cedula = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("gnvi-fbsz", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['cc'] == cedula):
municipio = r[i]['municipio']
break
ent = TRX.addEntity('maltego.Location', municipio)
ent.addAdditionalFields("country", "Country", True, "Colombia")
ent.addAdditionalFields("area", "Area", True, municipio)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def PersonToCorreoDireccionTelefono_mk5f_bdwx(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("u5mc-hpr6", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre'] == nombre):
celular = r[i]['celular']
correo_electronico = r[i]['correo_electronico']
direccion = r[i]['direccion']
celular2 = r[i]['telefonos']
barrio = r[i]['municipio']
break
ent1 = TRX.addEntity('maltego.EmailAddress', correo_electronico)
ent2 = TRX.addEntity('maltego.PhoneNumber', celular)
ent2.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent3 = TRX.addEntity('maltego.PhoneNumber', celular2)
ent3.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
ent4 = TRX.addEntity('maltego.Location', direccion)
ent4.addAdditionalFields("country", "Country", True, "Colombia")
ent4.addAdditionalFields("location.area", "Area", True, barrio)
ent4.addAdditionalFields("streetaddress", "Street Address", True,
direccion)
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
def emailToSkypeAccount(query=None):
'''
Method that checks if the given email is appears in Skype.
:param query: query to verify.
'''
me = MaltegoTransform()
jsonData = skype.checkInSkype(query=query)
# This returns a dictionary like:
# [{}]
#print json.dumps(entities, indent=2)
for user in jsonData:
newEnt = me.addEntity("i3visio.profile",
"skype://" + str(user["i3visio.alias"]))
# From v0.3.1 and ongoing versions, the i3visio.alias is not created directly but appended to the profile.
#aliasEnt = me.addEntity("i3visio.alias",user["i3visio.alias"])
newEnt.setDisplayInformation("<h3>" + user["i3visio.alias"] +
"</h3><p>")
# + json.dumps(user, sort_keys=True, indent=2) + "!</p>");
for field in user.keys():
# [TO-DO] Appending all the information from the json:
if user[field] != None:
try:
newEnt.addAdditionalFields(
field, field, True,
str(user[field]).encode('utf-8'))
except:
# Something passed...
pass
# Returning the output text...
me.returnOutput()
def PersonToTelefono(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#nombre=sys.argv[1]
nombre = m.Value
try:
client = Socrata("www.datos.gov.co", None)
r = client.get("3ard-sj8g", limit=2000)
#for key, value in data.items():
#print key, value
for i in range(len(r)):
if (r[i]['nombre_prestador'] == nombre):
telefono = r[i]['telefono']
break
ent = TRX.addEntity('maltego.PhoneNumber', telefono)
ent.addAdditionalFields("phonenumber.countrycode", "Country Code",
True, "57")
except Exception as e:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
TRX.returnOutput()
# Remove header value
host.remove('host')
# Adding new Host entities and properties.
for a in host:
ent = me.addEntity("munk.Host",a)
ent.addAdditionalFields('link#maltego.link.color','LinkColor','','0x86B34A')
# If status is set, ping the server and set the bookmark color based on response.
if status == "1":
try:
status = subprocess.check_output('ping -c 1 ' + a, shell=True)
if "bytes from" in status:
ent.addAdditionalFields('bookmark#','Bookmark','',"1")
elif "cannot" in status:
ent.addAdditionalFields('bookmark#','Bookmark','',"4")
except subprocess.CalledProcessError, e:
ent.addAdditionalFields('bookmark#','Bookmark','',"4")
else:
pass
# Return Maltego Output
me.returnOutput()
' earliest=' + timeframe +
' | table sourcetype | dedup sourcetype" -d "output_mode=csv" https://'
+ searchhead + ':' + management +
'/servicesNS/admin/search/search/jobs/export',
shell=True)
# Regex to find Sourcetype
sourcetype = re.findall(r'.+', output)
sourcetypes = []
for i in sourcetype:
if i[0] == '"':
sourcetypes.append(i[1:-1])
else:
sourcetypes.append(i)
# Remove header value
sourcetypes.remove('sourcetype')
# Adding new Sourcetype entities and properties.
for source in sourcetypes:
ent = me.addEntity("munk.Sourcetype", source)
ent.addAdditionalFields('link#maltego.link.color', 'LinkColor', '',
'0x86B34A')
# Return Maltego Output
me.returnOutput()
# Get Shodan results for our host
import sys
import shodan
from api_key import load_key
from MaltegoTransform import *
API_KEY = load_key()
api = shodan.Shodan(API_KEY)
m = MaltegoTransform()
m.parseArguments(sys.argv)
try:
host = api.host(sys.argv[1])
if len(host) == 0:
m.addUIMessage('No data in Shodan')
else:
open_ports = host['ports']
for port in open_ports:
m.addEntity('undeadsecurity.Port', str(port))
m.addEntity('maltego.company', host.get('isp'))
hostnames = host.get('hostnames')
for hosts in hostnames:
m.addEntity('maltego.DNSName', str(hosts))
m.addEntity('maltego.Location', host.get('country_name'))
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
#!/usr/bin/env python
import sys
import urllib2
from MaltegoTransform import *
mt = MaltegoTransform()
mt.parseArguments(sys.argv)
SearchString = mt.getValue()
mt = MaltegoTransform()
url = 'http://api.predator.wtf/resolver/?arguments='+SearchString
ipaddress = urllib2.urlopen(url).read()
mt.addEntity("maltego.IPv4Address",ipaddress)
mt.returnOutput()
robots = []
try:
for c in port:
if ssl == 'true':
url = 'https://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
else:
url = 'http://' + website + ':' + str(c) + '/robots.txt'
r = requests.get(url)
if r.status_code == 200:
robots = str(r.text).split('\n')
for i in robots:
ent = m.addEntity('maltego.Phrase', i)
ent.addAdditionalFields("url","Original URL",True,url)
else:
m.addUIMessage("No Robots.txt found..")
except Exception as e:
m.addUIMessage(str(e))
m.returnOutput()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'IP') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.ip", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre
e.addAdditionalFields("CSV File",filepath,True,filepath)
MT.returnOutput()
from MaltegoTransform import *
import json, requests, base64
from facebook_totem import *
id = str(sys.argv).split("id=")[1].split("#category")[0]
trx = MaltegoTransform()
for ad in getAdsFromId(id):
poost = trx.addEntity("megadose.FacebookAdsPosts", ad["adArchiveID"])
jsoovalue = str(json.dumps(ad))
b64value = str(base64.b64encode(jsoovalue.encode('ascii')).decode("utf-8"))
poost.addProperty(fieldName="jsonInfo", value=b64value)
print(trx.returnOutput())
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
email = input[1]
else:
email = input[0]
e = email.split('@')
input = '"%' + e[1] + '%"'
sql1 = "SELECT * FROM whois where email like " + input
sql2 = "SELECT * FROM passive_whois where email like " + input
# checking database, whois table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
domain = found1[i][3]
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# checking database, passive_whois table
c.execute(sql2)
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
domain = found2[i][3]
scan_date = found2[i][4]
c_date = found2[i][5]
registrar = found2[i][6]
nameServer = found2[i][7]
email = found2[i][8]
tel = found2[i][9]
registrant = found2[i][10]
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
def ReCapcha(m):
TRX = MaltegoTransform()
#m.parseArguments(sys.argv)
#cedulaTg = sys.argv[1]
# cedulaTg = 1026585645
cedulaTg=m.Value
nombre = ""
def get_captcha(driver, element, path):
# now that we have the preliminary stuff out of the way time to get that image :D
location = element.location
size = element.size
# saves screenshot of entire page
driver.save_screenshot(path)
# uses PIL library to open image in memory
image = Image.open(path)
left = location['x']
top = location['y']
right = location['x'] + size['width']
bottom = location['y'] + size['height']
image = image.crop((left, top, right, bottom)) # defines crop points
image.save(path, 'png') # saves new cropped image
try:
driver = webdriver.Chrome(executable_path=r"chromedriver.exe")
driver.set_window_position(-3000, 0)
driver.get("https://antecedentes.policia.gov.co:7005/WebJudicial/index.xhtml")
aceptaOption = driver.find_element_by_id("aceptaOption:0")
driver.execute_script("arguments[0].click();", aceptaOption)
bandera = True
while (bandera):
try:
continuarBtn = driver.find_element_by_name("continuarBtn")
continuarBtn.click()
bandera = False
except Exception:
m.addUIMessage("Cedula no encontrada en la base de datos1")
bandera = True
while (bandera):
try:
cedula = driver.find_element_by_id("cedulaInput")
cedula.send_keys(cedulaTg)
bandera = False
except Exception:
m.addUIMessage("Cedula no encontrada en la base de datos2")
time.sleep(2)
# driver.switch_to.default_content()
image = driver.find_elements_by_xpath("//img[@id='capimg']")[0]
get_captcha(driver, image, "captcha.png")
window = tk.Tk()
window.title("Enter Captcha")
window.geometry("140x120")
window.configure(background='grey')
path = "captcha.png"
# Creates a Tkinter-compatible photo image, which can be used everywhere Tkinter expects an image object.
img = ImageTk.PhotoImage(Image.open(path))
# The Label widget is a standard Tkinter widget used to display a text or image on the screen.
panel = tk.Label(window, image=img).grid(row=0)
# The Pack geometry manager packs widgets in rows or columns.
# panel.pack(side = "bottom", fill = "both", expand = "yes")
e1 = tk.Entry(window)
e1.grid(row=1, column=0)
tk.Button(window, text='Aceptar', command=window.quit).grid(row=3, column=0, pady=4)
# Start the GUI
window.mainloop()
textcaptcha = driver.find_element_by_id("textcaptcha")
textcaptcha.send_keys(e1.get())
bandera = True
while (bandera):
try:
j_idt20 = driver.find_element_by_name("j_idt20")
j_idt20.click()
bandera = False
except Exception:
m.addUIMessage("Cedula no encontrada en la base de datos3")
bandera = True
while (bandera):
try:
nombre = driver.find_elements_by_xpath('.//span[@id = "form:mensajeCiudadano"]/b')[2].text
antecedentes = driver.find_elements_by_xpath('.//span[@id = "form:mensajeCiudadano"]/b')[3].text
bandera = False
except Exception:
TRX.addUIMessage('Cedula no encontrada4')
ent = TRX.addEntity('eci.AntecedentesPersonales', antecedentes.encode('utf8'))
ent.addAdditionalFields("properity.eci.nombre", "Nombre", True, nombre.encode('utf8'))
except Exception:
TRX.addUIMessage("Cedula no encontrada en la base de datos")
driver.quit()
TRX.returnOutput()
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
registrant = input[1]
else:
registrant = input[0]
# checking database, whois table
c.execute("SELECT * FROM whois where registrant=?", ((registrant), ))
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
domain = found1[i][3]
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity domain
if domain != '':
entity = MaltegoEntity()
entity.setType("maltego.Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True,
scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '', True,
'0x808080')
me.addEntityToMessage(entity)
# checking database, passive_whois table
c.execute("SELECT * FROM passive_whois where registrant=?",
((registrant), ))
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
domain = found2[i][3]
scan_date = found2[i][4]
c_date = found2[i][5]
registrar = found2[i][6]
nameServer = found2[i][7]
email = found2[i][8]
tel = found2[i][9]
registrant = found2[i][10]
# adding entity domain
if domain != '':
entity = MaltegoEntity()
entity.setType("maltego.Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '',
True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '',
True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '',
True, '0x808000')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()
#!/usr/bin/python
'''
Easy example of core functions
Just dumps every single line of a text file into entities
'''
import os, sys, time
from MaltegoTransform import *
m_ent = MaltegoTransform()
m_ent.parseArguments(sys.argv)
# add logic here to pull from higher entities
site_array = "bu.edu" # take in multiple sites if one wants
file_name = "site_listing.txt"
os_pass = ("nslookup " + site_array + ">>" + file_name)
os.system(os_pass)
count = 0
f = open(file_name)
for line in f:
me_ip = m_ent.addEntity("the_ip", "IP: " + line.strip())
me_ip = "DNS ADDRESS" # cascading logic...value that will be pulled by lower transforms
f.close()
#os.system("rm " + file_name)
m_ent.returnOutput()
