def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() mac = mt.getVar("mac") machinename = mt.getVar("name") os_family = mt.getVar("os_family") os_name = mt.getVar("os_name") os_sp = mt.getVar("os_sp") hostid = mt.getVar("id") if not hostid: hostid = mt.getVar("hostid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") # workspace = mt.getVar("workspace") mpost = MsploitPostgres(user, password, db) for service in mpost.getServices(hostid): entityname = getserviceentity(service) servicename = service.get("servicename") if not servicename: servicename = "unknown" hostservice = mt.addEntity( entityname, "{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.setValue("{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.addAdditionalFields("ip", "IP Address", True, ip) hostservice.addAdditionalFields( "service.name", "Description", True, "{}/{}:{}".format(servicename, service.get("port"), hostid)) if machinename: hostservice.addAdditionalFields("machinename", "Machine Name", True, machinename) if service.get("info"): hostservice.addAdditionalFields("banner.text", "Service Banner", True, service.get("info")) else: hostservice.addAdditionalFields("banner.text", "Service Banner", True, "") if servicename in [ "http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http", "http-proxy" ]: hostservice.addAdditionalFields("niktofile", "Nikto File", True, '') elif any(x in servicename for x in [ "samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns", "netbios-dgm" ]): hostservice.addAdditionalFields("enum4linux", "enum4linux File", True, '') for k, v in service.items(): if isinstance(v, datetime): hostservice.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostservice.addAdditionalFields(k, k.capitalize(), False, str(v)) hostservice.addAdditionalFields("user", "User", False, user) hostservice.addAdditionalFields("password", "Password", False, password) hostservice.addAdditionalFields("db", "db", False, db) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) # if machinename and re.match("^[a-zA-z]+", machinename): if machinename: hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) osentityname, osdescription = getosentity(os_family, os_name) if os_sp: osdescription += " {}".format(os_sp) osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() mac = mt.getVar("mac") machinename = mt.getVar("name") os_family = mt.getVar("os_family") os_name = mt.getVar("os_name") os_sp = mt.getVar("os_sp") hostid = mt.getVar("id") if not hostid: hostid = mt.getVar("hostid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for service in mpost.getforHost(ip, "services"): entityname = getserviceentity(service) servicename = service.get("name") if not servicename: servicename = "unknown" hostservice = mt.addEntity( entityname, "{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.setValue("{}/{}:{}".format(servicename, service.get("port"), hostid)) hostservice.addAdditionalFields("ip", "IP Address", True, ip) if service.get("info"): hostservice.addAdditionalFields("banner.text", "Service Banner", True, service.get("info")) else: hostservice.addAdditionalFields("banner.text", "Service Banner", True, "") hostservice.addAdditionalFields( "service.name", "Description", True, "{}/{}".format(service.get("port"), servicename)) for k, v in service.items(): if isinstance(v, datetime): hostservice.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostservice.addAdditionalFields(k, k.capitalize(), False, str(v)) hostservice.addAdditionalFields("user", "User", False, user) hostservice.addAdditionalFields("password", "Password", False, password) hostservice.addAdditionalFields("db", "db", False, db) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) if machinename and re.match("^[a-zA-z]+", machinename): hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) osentityname, osdescription = getosentity(os_family, os_name) if os_sp: osdescription += " {}".format(os_sp) osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): entitytags = ["hostid", "info", "name", "port", "proto", "state"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") mac = mt.getVar("mac") osname = mt.getVar("osname") osfamily = mt.getVar("osfamily") machinename = mt.getVar("name") servicecount = int(mt.getVar("servicecount")) mdb = MetasploitXML(fn) if servicecount > 0: host = mdb.gethost(ip) for service in host.services: try: servicename = service.name except AttributeError: servicename = "NoName" try: serviceinfo = service.info except AttributeError: serviceinfo = None if service.state.lower() in ["filtered", "closed"]: entityname = "msploitego.ClosedPort" else: entityname = getserviceentity(service) hostservice = mt.addEntity( entityname, "{}/{}:{}".format(servicename, service.port, service.hostid)) hostservice.setValue = "{}/{}:{}".format(servicename, service.port, service.hostid) hostservice.addAdditionalFields("ip", "IP Address", True, ip) if servicename and servicename.lower() in [ "http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http", "http-proxy" ]: hostservice.addAdditionalFields("niktofile", "Nikto File", True, '') hostservice.addAdditionalFields("fromfile", "Source File", True, fn) hostservice.addAdditionalFields("service.name", "Service Name", True, servicename) if service.containsTag("info"): hostservice.addAdditionalFields("banner", "Banner", True, service.info) if servicename in [ "samba", "netbios-ssn", "smb", "microsoft-ds" ]: if "workgroup" in service.info.lower(): groupname = service.info.lower().split( "workgroup:", 1)[-1].lstrip() workgroup = mt.addEntity("maltego.Domain", groupname) workgroup.setValue(groupname) workgroup.addAdditionalFields("ip", "IP Address", True, ip) else: hostservice.addAdditionalFields( "banner", "Banner", True, "{}-No info".format(servicename)) for etag in entitytags: if etag in service.getTags(): val = service.getVal(etag) hostservice.addAdditionalFields(etag, etag, True, val) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) if machinename and re.match("^[a-zA-z]+", machinename): hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) """ OS determination """ osentityname, osdescription = getosentity(osfamily, osname) # osentityname = "msploitego.OperatingSystem" osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput()