def dotransform(request, response, config): if 'workspace' in request.fields: workspace = request.fields['workspace'] else: workspace = request.value dbcon = db_connect(workspace) contact_list = get_contacts(dbcon) for fullname in contact_list: if fullname[0] is None or fullname[1] is None: pass else: e = Person(fullname[0] + ' ' + fullname[1]) e += Field("workspace", workspace, displayname='Workspace') e += Field("fname", fullname[0], displayname='First Name') e += Field("lname", fullname[1], displayname='Last Name') e += Field("title", fullname[3], displayname='Title') e += Field("location", str(fullname[4]) + ', ' + str(fullname[5]), displayname='Location') e += Label("Title", fullname[3]) e += Label("Location", str(fullname[4]) + ', ' + str(fullname[5])) response += e return response
def dotransform(request, response, config): try: btc_add = bitcoin_address(request.fields['address']) for trans in btc_add['transactions']: if request.value == trans['transaction_hash']: for address in trans['addresses']: e = BitcoinAddress(address) e += Field("date", trans['date'], displayname='Date') e += Field("trans_uri", trans['transaction_uri'], displayname='Transaction URI') e += Field("recieved_address", request.fields['address'], displayname='Recieved Address') e += Label("Bitcoin Address", address) e += Label("Bitcoin Recieved Address", request.fields['address']) e += Label("Transaction Type", trans['transaction_type']) e += Label("Transaction Hash", trans['transaction_hash']) e += Label("Transaction Date", trans['date']) response += e else: pass return response except Exception as e: raise MaltegoException('An error occured: %s' % e)
def dotransform(request, response, config): try: query = '%s -site:blockchain.info -site:blockexplorer.com' % request.value jsondata = json.loads( csequery(config['gcse/gapi'], config['gcse/gcseid'], query)) except Exception as e: raise MaltegoException('An error occured: %s' % e) # parses the GCSE results if 'items' in jsondata: try: for item in jsondata['items']: e = URL(item['link'], url=item['link']) e += Label("Title", item['title'].encode('ascii', 'ignore')) e += Label("Snippet", item['snippet'].encode('ascii', 'ignore')) e += Label("Google Query", jsondata['queries']['request'][0]['searchTerms']) response += e # TODO: Check to see if there are more than one page of results up to 100 results can be returned by the GCSE API # if 'nextPage' in jsondata['queries'] return response except Exception as e: raise MaltegoException('An error occured: %s' % e) else: pass
def dotransform(request, response, config): try: btc_add = bitcoin_address(request.value) for trans in btc_add['transactions']: if 'Received' in trans['transaction_type']: e = BitcoinTransaction(trans['transaction_hash'], trans_type=trans['transaction_type'], amount=trans['transaction_amount'], trans_uri=trans['transaction_uri'], address=request.value) e += Field("date", trans['date'], displayname='Date') e += Label("Bitcoin Address", request.value) e += Label("Total Amount of Transaction", trans['transaction_amount']) e += Label("Transaction Type", trans['transaction_type']) e += Label("Transaction Date", trans['date']) e.linklabel = 'Received' response += e else: pass return response except Exception as e: raise MaltegoException('An error occured: %s' % e)
def dotransform(request, response): checkdir(config['nexpose/reportdir']) # Nexpose API session login session = nexlogin() # Nexpose Adhoc report generation and save to file siteid = request.fields['siteid'] report = '%s.xml' % siteid reportstatus = reportChecker(session, siteid, report) if reportstatus == True: f = open(os.path.join(config['nexpose/reportdir'], report)) reporto = f.read() f.close else: raise MaltegoException('Something went wrong with the report checks') for dic in nexposeVulns(reporto): for key, val in dic.iteritems(): e = NexposeVulnerability(val[0], siteid=siteid, scanid=request.fields['scanid'], vulnid=key) e += Label('cvss Score', val[2]) e += Label('Severity', val[1]) response += e return response nexlogout(session)
def dotransform(request, response): checkdir(config['nexpose/reportdir']) # Nexpose API session login session = nexlogin() # Nexpose Adhoc report generation and save to file siteid = request.fields['siteid'] report = '%s.xml' % siteid reportstatus = reportChecker(session, siteid, report) if reportstatus == True: f = open(os.path.join(config['nexpose/reportdir'], report)) reporto = f.read() f.close else: raise MaltegoException('Something went wrong with the report checks') for dic in nexposeExploits(reporto): for key, val in dic.iteritems(): if key == request.fields['vulnid'] and val[1] == 'exploitdb': e = NexposeEDBExploit(val[0], exploittype=val[1], siteid=siteid, scanid=request.fields['scanid'], vulnid=key) e += Label('Exploit DB URL', val[2]) e += Label('Skill Level', val[3]) response += e return response nexlogout(session)
def dotransform(request, response, config): try: url = request.fields['url'] except KeyError: url = request.value try: indicators = search_indicator(url) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: for indicator in indicators: if indicator.get('tcScore'): weight = int(indicator.get('tcScore')) else: weight = 1 indicator = indicator.get('resource') e = Indicator(encode_to_utf8(indicator.get('title')), weight=weight) e.title = encode_to_utf8(indicator.get('title')) # e.resourceId = indicator.get('resourceId') e.resourceId = indicator.get('resourceId') if indicator.get('severity'): e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e.severity = indicator.get('severity', dict()).get('displayName') if indicator.get('confidence'): e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e.confidence = indicator.get('confidence', dict()).get('displayName') if indicator.get('indicatorType'): e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response): s = AmapScanner() f = NamedTemporaryFile(suffix='.gnmap', mode='wb') f.write(NmapReportParser(file(request.entity.file).read()).greppable) f.flush() r = s.scan(['-bqi', f.name], AmapReportParser) f.close() for b in r.banners: e = BuiltWithTechnology(b[1]) e += Label('Destination', b[0]) e += Label('Extra Information', b[2]) response += e return response
def dotransform(request, response): nameserver = request.value if nslookup_raw('www.google.ca', resolver=nameserver).answer: for site in config['dnscachesnoop/wordlist']: debug('Resolving %s' % site) msg = nslookup_raw(site, resolver=nameserver, recursive=False) if not msg.answer: msg = nslookup_raw('www.%s' % site, resolver=nameserver, recursive=False) if msg.answer: e = DNSName(site) t = Table(['Name', 'Query Class', 'Query Type', 'Data', 'TTL'], 'Cached Answers') for rrset in msg.answer: for rr in rrset: t.addrow([ rrset.name.to_text(), dns.rdataclass.to_text(rr.rdclass), dns.rdatatype.to_text(rr.rdtype), rr.to_text(), rrset.ttl ]) e += Label('Cached Answers from %s' % nameserver, t, type='text/html') response += e else: response += UIMessage( 'DNS server did not respond to initial DNS request.') return response
def addsystems(report, response): for addr in report.addresses: for osm in report.os(addr)['osmatch']: e = OS(osm['name']) e.name = osm['name'] e += Label('Accuracy', osm['accuracy']) response += e
def dotransform(request, response): ip = request.value ans = nslookup("www.google.ca", nameserver=ip) if ans is not None: for site in config['dnscachesnoop/wordlist']: debug('Resolving %s' % site) ans = nslookup(site, nameserver=ip, rd=0) if not ans[DNS].ancount: ans = nslookup('www.%s' % site, nameserver=ip, rd=0) if ans[DNS].ancount: e = DNSName(site) t = Table(['Name', 'Query Class', 'Query Type', 'Data', 'TTL'], 'Cached Answers') for i in range(0, ans[DNS].ancount): rr = ans[DNS].an[i] t.addrow([ rr.rrname.rstrip('.'), rr.sprintf('%rclass%'), rr.sprintf('%type%'), rr.rdata.rstrip('.'), rr.sprintf('%ttl%') ]) e += Label('Cached Answers', t, type='text/html') response += e else: response += UIMessage( 'DNS server did not respond to initial DNS request.') return response
def dotransform(request, response): r = geoip(request.value) if r is not None: if 'error' in r: response += UIMessage(r['error']) return response locname = '' cityf = None countryf = None if 'city' in r: locname += r['city'] cityf = r['city'] if 'countryName' in r: locname += ', %s' % r['countryName'] countryf = r['countryName'] e = Location(locname) if 'longitude' in r and 'latitude' in r: e.longitude = r['longitude'] e.latitude = r['latitude'] link = maplink(r) e += Label('Map It', A(link, link), type='text/html') if 'region' in r: e.area = r['region'] if cityf is not None: e.city = cityf if countryf is not None: e.country = countryf e.iconurl = flag(countryf) if 'countryCode' in r: e.countrycode = r['countryCode'] if e.iconurl is None: e.iconurl = flag(r['countryCode']) response += e return response
def to_clients(response, output): cat = None for line in output.split('\n'): if not line: continue elif line.startswith(' '): e = None if cat in range(Category.AlternativeTargetInterfaces, Category.OtherAssociations): for ip in ip_matcher.findall(line): e = IPv4Address(ip) e += Field('category', Category.name(cat), displayname='Category') response += e elif cat == Category.OtherAssociations: ip, desc = line.strip().split(' ', 1) e = IPv4Address(ip) e += Label('Additional Info', desc) e += Field('category', Category.name(cat), displayname='Category') response += e elif line.startswith(' '): for id in range(Category.AlternativeTargetInterfaces, Category.OtherAssociations + 1): if Category.name(id) in line: cat = id break
def addports(report, response): for addr in report.addresses: for port in report.ports(addr): e = Port(port['portid']) e.protocol = port['protocol'].upper() e.status = port['state'].title() e.destination = addr e.response = port['reason'] e += Label('Service Name', port.get('name', 'unknown')) if 'servicefp' in port: e += Label('Service Fingerprint', port['servicefp']) if 'extrainfo' in port: e += Label('Extra Information', port['extrainfo']) if 'method' in port: e += Label('Method', port['method']) response += e
def dotransform(request, response, config): try: e = BitcoinAmount(request.fields['amount']) e += Field("date", request.fields['date'], displayname='Date') e += Field("trans_type", request.fields['trans_type'], displayname='Transaction Type') e += Field("trans_hash", request.value, displayname="Transaction Hash") e += Label("Transaction Type", request.fields['trans_type']) e += Label("Transaction Date", request.fields['date']) response += e return response except Exception as e: raise MaltegoException('An error occured: %s' % e)
def dotransform(request, response, config): try: results = search(request.value, size=10, pages=1) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: for result in results: rtype = lower(result.get('type')) if result.get('tcScore'): weight = int(result.get('tcScore')) else: weight = 1 # Title ID Description if rtype == 'actor': # Check Title, if no title get resource > name # Actor entity can have an empty title field if result.get('title'): e = Actor(encode_to_utf8(result.get('title')), weight=weight) else: e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight) e.name = encode_to_utf8(result.get('resource', dict()).get('name')) e.actor = encode_to_utf8(result.get('resource', dict()).get('name')) elif rtype == 'case': e = Case(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'coursesofactions': e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'indicator': e = Indicator(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'incident': e = Incident(encode_to_utf8(result.get('title')), weight=weight) # elif rtype == 'tacticstechniquesandprocedures': elif rtype == 'ttp': e = TTP(encode_to_utf8(result.get('title')), weight=weight) else: # To be safe e = Phrase(encode_to_utf8(result.get('title')), weight=weight) debug(rtype) e.title = encode_to_utf8(result.get('title')) e.resourceId = result.get('id') if result.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description', '')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'URI': e = URL(observable.get('value')) e.url = observable.get('value') e += Label('URI', observable.get('value')) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): workspace = request.value contacts_gather(workspace) contacts_enum(workspace) msg = "Contact Mangle to Create Email addresses enter <fn>.<ln>, etc" title = "Mangle Contacts to Emails" fieldNames = ["Pattern"] fieldValues = [] fieldValues = multenterbox(msg, title, fieldNames) while 1: if fieldValues is None: break errmsg = "" for i in range(len(fieldNames)): if fieldValues[i].strip() == "": errmsg += ('"%s" is a required field.\n\n' % fieldNames[i]) if errmsg == "": break # no problems found fieldValues = multenterbox(errmsg, title, fieldNames, fieldValues) contacts_mangle(workspace, fieldValues[0]) dbcon = db_connect(workspace) contact_list = get_contacts(dbcon) for fullname in contact_list: if fullname[0] is None or fullname[1] is None: pass else: e = Person(fullname[0] + ' ' + fullname[1]) e += Field("workspace", workspace, displayname='Workspace') e += Field("fname", fullname[0], displayname='First Name') e += Field("lname", fullname[1], displayname='Last Name') e += Field("title", fullname[3], displayname='Title') e += Field("location", str(fullname[4]) + ', ' + str(fullname[5]), displayname='Location') e += Label("Title", fullname[3]) e += Label("Location", str(fullname[4]) + ', ' + str(fullname[5])) response += e return response
def dotransform(request, response, config): if 'workspace' in request.fields: workspace = request.fields['workspace'] else: workspace = request.value dbcon = db_connect(workspace) pushpin_list = get_pushpin(dbcon) for puser in pushpin_list: if 'Picasa' == puser[0]: e = Image(puser[6], url=puser[4]) e += Field("workspace", workspace, displayname='Workspace') e += Label('Picasa Profile User', puser[2]) e += Label('Picasa Profile URL', puser[3]) e += Label('Published Date', puser[9]) response += e return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: coa = get_incident(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked Courses Of Actions if len(coa.get('coursesOfAction', list())) is not 0: for coa in coa.get('coursesOfAction'): if coa.get('tcScore'): weight = int(coa.get('tcScore')) else: weight = 1 e = CoursesOfAction(encode_to_utf8(coa.get('title')), weight=weight) e.title = encode_to_utf8(coa.get('title')) e += Label('Title', encode_to_utf8(coa.get('title'))) e.resourceId = coa.get('resourceId') if coa.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( coa.get('description')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response): s = getscanner() args = [ '-n', '-sV', '-p', request.value, request.fields['ip.destination'] ] + request.params if request.fields['protocol'] == 'UDP': args.insert(0, '-sU') r = s.scan(args, NmapReportParser) if r is not None: for host in r.addresses: for port in r.ports(host): e = BuiltWithTechnology(r.tobanner(port)) if 'servicefp' in port: e += Label('Service Fingerprint', port['servicefp']) if 'extrainfo' in port: e += Label('Extra Information', port['extrainfo']) if 'method' in port: e += Label('Method', port['method']) response += e else: response += UIMessage(s.error) return response
def dotransform(request, response): s = getscanner() args = ['-n', '-Pn', '-sV', '-p', request.value] + request.params if not request.entity.protocol: request.entity.protocol = 'TCP' elif request.entity.protocol.upper() == 'UDP': args.insert(0, '-sU') r = s.scan(request.entity.destination, *args) if r is not None: for host in r.addresses: for port in r.ports(host): e = BuiltWithTechnology(r.tobanner(port)) if 'servicefp' in port: e += Label('Service Fingerprint', port['servicefp']) if 'extrainfo' in port: e += Label('Extra Information', port['extrainfo']) if 'method' in port: e += Label('Method', port['method']) response += e else: response += UIMessage(s.error) return response
def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False): # prepare some attributes to a better form a['data'] = None # empty the file content as we really don't need this here if a['type'] == 'malware-sample': a['type'] = 'filename|md5' if a['type'] == 'regkey|value': # LATER regkey|value => needs to be a special non-combined object a['type'] = 'regkey' combined_tags = event_tags if 'Galaxy' in a and not only_self: for g in a['Galaxy']: for c in g['GalaxyCluster']: yield galaxycluster_to_entity(c) # complement the event tags with the attribute tags. if 'Tag' in a and not only_self: for t in a['Tag']: combined_tags.append(t['name']) # ignore all misp-galaxies if t['name'].startswith('misp-galaxy'): continue # ignore all those we add as notes if tag_matches_note_prefix(t['name']): continue yield Hashtag(t['name'], bookmark=Bookmark.Green) notes = convert_tags_to_note(combined_tags) # special cases if a['type'] in ('url', 'uri'): yield(URL(url=a['value'], short_title=a['value'], link_label=link_label, notes=notes, bookmark=Bookmark.Green)) return # attribute is from an object, and a relation gives better understanding of the type of attribute if a.get('object_relation') and mapping_misp_to_maltego.get(a['object_relation']): entity_obj = mapping_misp_to_maltego[a['object_relation']][0] yield entity_obj(a['value'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green) # combined attributes elif '|' in a['type']: t_1, t_2 = a['type'].split('|') v_1, v_2 = a['value'].split('|') if t_1 in mapping_misp_to_maltego: entity_obj = mapping_misp_to_maltego[t_1][0] labels = [Label('comment', a.get('comment'))] if entity_obj == File: labels.append(Label('hash', v_2)) yield entity_obj_to_entity(entity_obj, v_1, t_1, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green) # LATER change the comment to include the second part of the regkey if t_2 in mapping_misp_to_maltego: entity_obj = mapping_misp_to_maltego[t_2][0] labels = [Label('comment', a.get('comment'))] if entity_obj == Hash: labels.append(Label('filename', v_1)) yield entity_obj_to_entity(entity_obj, v_2, t_2, labels=labels, link_label=link_label, notes=notes, bookmark=Bookmark.Green) # LATER change the comment to include the first part of the regkey # normal attributes elif a['type'] in mapping_misp_to_maltego: entity_obj = mapping_misp_to_maltego[a['type']][0] yield entity_obj_to_entity(entity_obj, a['value'], a['type'], labels=[Label('comment', a.get('comment'))], link_label=link_label, notes=notes, bookmark=Bookmark.Green)
def dotransform(request, response, config): if 'workspace' in request.fields: workspace = request.fields['workspace'] else: workspace = request.value dbcon = db_connect(workspace) pushpin_list = get_pushpin(dbcon) for shost in pushpin_list: if 'Shodan' == shost[0]: ipsplit = shost[1].split(":") e = IPv4Address(ipsplit[0]) e += Field("workspace", workspace, displayname='Workspace') e += Field("port", ipsplit[1], displayname='Port') e += Field("hostname", shost[6], displayname='Hostname') e += Label('Shodan Query', shost[4]) e += Label('Hostname', shost[6]) e += Label('Published Date', shost[9]) response += e return response
def dotransform(request, response, config): try: btc_add = bitcoin_address(request.value) e = BitcoinAmount(btc_add['received_bitcoin_total'], address=request.value) e += Label("Bitcoin Address", request.value) e.linklabel = 'Received' response += e return response except Exception as e: raise MaltegoException('An error occured: %s' % e)
def dotransform(request, response): #Build Request page = buildas(request.value) try: tables = page.find('table').findNext('table') for entry in tables.findAll('a'): ip = entry.text rpts = entry.findNext('td') trgts = rpts.findNext('td') first = trgts.findNext('td') last = first.findNext('td') temp = IPv4Address(ip) temp += Label('Reports', rpts.text) temp += Label('Targets', trgts.text) temp.linklabel = first.text + ' - ' + last.text response += temp except: return response return response
def dotransform(request, response, config): try: incidents = search_incident(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: try: for incident in incidents: if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 incident = incident.get('resource') if incident: e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') # e.resourceId = incident.get('id') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentCategory', list())])) if len(incident.get('affectedAsset', list())) is not 0: e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('affectedAsset', list())])) if len(incident.get('incidentEffect', list())) is not 0: e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentEffect', list())])) if len(incident.get('discoveryMethod', list())) is not 0: e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('discoveryMethod', list())])) if incident.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: btc_add = bitcoin_address(request.value) e = BitcoinAddress(request.value) e += Label("Short URL", btc_add['short_link']) e += Label("Date First Seen", btc_add['first_seen_date']) e += Label("First Seen in Block", btc_add['first_seen_block']) e += Label("Total Transactions Received", btc_add['received_transactions']) e += Label("Total Bitcoins Received", btc_add['received_bitcoin_total']) e += Label("Total Sent Transactions", btc_add['sent_transactions']) e += Label("Total Bitcoins Sent", btc_add['sent_bitcoins']) e += Label("Hash", btc_add['hash160']) e += Label("PublicKey", btc_add['public_key']) response += e return response except Exception as e: raise MaltegoException('An error occured: %s' % e)
def dotransform(request, response): p = JSONDecoder().decode( pipljsonsearch(first_name=request.entity.firstnames or '', last_name=request.entity.lastname or '')) if 'error' in p: response += UIMessage(p['error']) for r in p['results']['records']: if 'relationships' in r: for rel in r['relationships']: e = Person(rel['name']['display']) e += Label('Source', '<a href="%s">%s</a>' % (r['source']['url'], r['source']['@ds_name']), type='text/html') response += e return response