def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(sys.argv)) mt.parseArguments(args) hostid = mt.getVar("hostid") fn = mt.getVar("niktofile") if not fn: mt.addException("Nikto file is either not attached or does not exist") mt.returnOutput() else: nr = NiktoReport(fn) for d in nr.details: try: det = mt.addEntity("msploitego.niktodetail", "{}:{}".format(d.description, hostid)) except Exception: continue det.setValue("{}:{}".format(d.description, hostid)) det.addAdditionalFields("description", "Description", False, d.description) det.addAdditionalFields("iplink", "IP Link", False, d.iplink) det.addAdditionalFields("namelink", "Name Link", False, d.namelink) det.addAdditionalFields("uri", "URI", False, d.uri) inheritvalues(det, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner( port, "http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: apachevuln = mt.addEntity("msploitego.ApacheVulnerability", "{}:{}".format(res.get("id"), hostid)) apachevuln.setValue("{}:{}".format(res.get("id"), hostid)) apachevuln.addAdditionalFields(ip, "IP Address", False, ip) apachevuln.addAdditionalFields(hostid, "Host Id", False, hostid) inheritvalues(apachevuln, mt.values) for k, v in res.get("elements").items(): if isinstance(v, dict): apachevuln.addAdditionalFields("vuln", "Vuln", False, k) for key, value in v.items(): if value and value.strip(): apachevuln.addAdditionalFields( key, key.capitalize(), False, value.strip()) elif v and v.strip(): apachevuln.addAdditionalFields(k, k.capitalize(), False, v.strip()) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) noteon = mt.getValue() noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon)) noteent.setValue("Note:{}".format(noteon)) noteent.addAdditionalFields("note", "Note", False, "") noteent.addAdditionalFields("link", "Link", False, "") inheritvalues(noteent, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) for workspace in mpost.getWorkspaces(): wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name")) wsentity.setValue(workspace.get("name")) wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id"))) wsentity.addAdditionalFields("db", "Database", False, db) inheritvalues(wsentity, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for session in mpost.getSessionsForHost(hostid): sessionentity = mt.addEntity("msploitego.MeterpreterSession", "{}:{}".format(ip,str(session.get("sessionid")))) sessionentity.setValue("{}:{}".format(ip,str(session.get("sessionid")))) for k,v in session.items(): if isinstance(v,datetime): sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v)) inheritvalues(sessionentity,mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) workspace = mt.getValue() workspaceid = mt.getVar("workspaceid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) for host in mpost.getAllHosts(workspaceid): hostentity = mt.addEntity("maltego.IPv4Address", host.get("address")) hostentity.setValue(host.get("address")) for k,v in host.items(): if isinstance(v,datetime): hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) inheritvalues(hostentity, mt.values) hostentity.addAdditionalFields("workspace", "Workspace Name", False, workspace) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) hostid = mt.getVar("hostid") port = mt.getVar("port") ip = mt.getVar("ip") rep = scriptrunner(port, "http-security-headers", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").strip() if output: secheader = mt.addEntity("msploitego.httpsecureheaders", "{}:{}".format(res.get("id"), hostid)) secheader.setValue("{}:{}".format(res.get("id"), hostid)) secheader.addAdditionalFields("details", "Details", False, output) inheritvalues(secheader, mt) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()