def dotransform(request, response):
url = request.value
regex = '^{0}'.format(re.escape(url))
json_dict = msmodule.query('urls?url_regex={0}'.format(regex))
if len(json_dict['urls']) > 0:
if 'extractions' in json_dict['urls'][0]:
extractions = json_dict['urls'][0]['extractions']
valid_hash_fields = set(['md5', 'sha1', 'sha512'])
for e in extractions:
has_hash_keys = valid_hash_fields.intersection(set(e['hashes'].keys()))
#entity = MnemosyneExtraction('{0} [{1}]'.format(e['hashes']['sha1'], 'SHA1'))
entity = MnemosyneExtraction('Unknown')
for k in has_hash_keys:
setattr(entity, k, e['hashes'][k])
query = msmodule.query('files?hash={0}&no_data'.format(entity.md5))['files']
if len(query) > 0 and 'content_guess' in query[0]:
entity.content_guess = query[0]['content_guess']
else:
entity.content_guess = 'Unknown'
entity.value = entity.content_guess
response += entity
return response
def dotransform(request, response):
ip_addr = request.value
json_dict = msmodule.query('sessions?source_ip={0}&limit=10000'.format(ip_addr))
sessions = json_dict['sessions']
#{u'destination_ip': u'xx.yyy.zzz.pp', u'protocol': u'ssh', u'hpfeed_id': u'5140f89909ce454287da8188',
# u'timestamp': u'2013-03-13T22:07:16.669000', u'source_ip': u'qqqq.azz.xxx.qqq', u'source_port': 23909,
# u'honeypot': u'beeswarm.hive', u'_id': u'514512de09ce45745ae34b53', u'destination_port': 8022,
# u'auth_attempts': [{u'login': u'postgres', u'password': u'postgres123'}]}
protocols = {}
for s in sessions:
if s['protocol'] in protocols:
protocols[s['protocol']] += 1
else:
protocols[s['protocol']] = 1
for protocol, count in protocols.items():
entity = MnemosyneProtocol(protocol)
entity.linklabel = '{0} Activities'.format(count)
response += entity
return response
def dotransform(request, response):
url = request.value
regex = '.*{0}(/|:)'.format(re.escape(url))
json_dict = msmodule.query('/urls?url_regex={0}'.format(regex))
if len(json_dict['urls']) > 0:
for url in json_dict['urls']:
entity = URL('woopsa')
entity.fqdn = url['url']
response += entity
return response
def dotransform(request, response):
url = request.value
regex = '.*{0}(/|:)'.format(re.escape(url))
json_dict = msmodule.query('urls?url_regex={0}'.format(regex))
urls = json_dict['urls']
for item in urls:
u = URL(item['url'])
u.url = item['url']
response += u
return response
def dotransform(request, response):
ip_addr = request.value
json_dict = msmodule.query('sessions?source_ip={0}'.format(ip_addr))
honeypot_sessions = json_dict['sessions']
#{u'destination_ip': u'xx.yyy.zzz.pp', u'protocol': u'ssh', u'hpfeed_id': u'5140f89909ce454287da8188',
# u'timestamp': u'2013-03-13T22:07:16.669000', u'source_ip': u'qqqq.azz.xxx.qqq', u'source_port': 23909,
# u'honeypot': u'beeswarm.hive', u'_id': u'514512de09ce45745ae34b53', u'destination_port': 8022,
# u'auth_attempts': [{u'login': u'postgres', u'password': u'postgres123'}]}
count = 0
for s in honeypot_sessions:
count += 1
entity = MnemosyneHoneypot(s['destination_ip'])
entity.iconurl = 'file://%s' % resource_filename('mnemtego.resources.images', 'hp_logo.png')
entity.linklabel = '{0} Attacks'.format(count)
entity.Honeypot = s['honeypot']
entity.ipv4addr = 'maltego.IPv4Address'
response += entity
return response
def get_urls(hash):
result = msmodule.query('urls?hash={0}'.format(hash))['urls']
for item in result:
u = URL(item['url'])
u.url = item['url']
yield u
