def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") name = mt.getVar("name") rep = scriptrunner(port, "http-csrf", ip) tags = ["Path", "Form id", "Form action"] for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") csrfentity = None for line in output.split("\n"): if any(x in line for x in tags): sline = line.split(":") tag = sline[0].lstrip() data = ":".join(sline[1::]) if tag == "Path": csrfentity = mt.addEntity("msploitego.CSFR", data) csrfentity.setValue(data) elif tag == "Form id": csrfentity.addAdditionalFields("formid", "Form ID", True, data) elif tag == "Form action": csrfentity.addAdditionalFields("formaction", "Form Action", True, data) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner( "wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format( ip, port)) # regp = re.compile("^\[i]\s", re.I) results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog) for res in results: if res.get("Header"): header = sanitizefield(res.get("Header")) wpent = mt.addEntity("msploitego.WordpressInfo", header) wpent.setValue(header) for k, v in res.items(): if not k or not k.strip() or k == "Header": continue k = sanitizefield(k) v = sanitizefield(v) if v and v.strip() and k and k.strip(): wpent.addAdditionalFields(k, k.capitalize(), False, v) mt.returnOutput()
def dotransform(args): excludes = ["Nessus Scan Information"] # entitytags = ["hostid", "info", "name","vulnattemptcount"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") host = MetasploitXML(fn).gethost(ip) vulncount = int(mt.getVar("vulncount")) if vulncount > 0: for vuln in host.vulns: vulnent = mt.addEntity("maltego.Vulnerability", vuln.name) vulnent.setValue("{}/{}".format(vuln.name, host.address)) vulnent.addAdditionalFields("refs", "References", False, ",".join([x.ref for x in vuln.refs])) vulnent.addAdditionalFields("ipaddress", "IP Address", False, host.address) vulnent.addAdditionalFields("hostid", "Host ID", False, host.id) vulnent.addAdditionalFields("os", "OS Name", False, host.osname) for tag, val in vuln: if isinstance(val, str): vulnent.addAdditionalFields(tag, tag.capitalize(), False, val) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") mt.returnOutput()
def dotransform(args): entitytags = [] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("description") mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) regex = re.compile("\[V\]\s|\[\+\]\s|\[i\]\s", re.I) sidex = re.compile("^S-1-", re.I) namex = re.compile("^[\w\.]{2,}\\\\+[\w\.]{2,}") data = mt.getVar("data").replace("\\\\","\\").split("\n") if data: for line in data: sid = name = typ = "" if line.strip() and not regex.search(line): details = line.split() for d in details: if sidex.match(d): sid = d elif namex.match(d): name = d elif re.search("group|user",d,re.I): typ = d.strip(")") if name: if typ.lower() == "group": entityname = "msploitego.SambaGroupInformation" else: entityname = "msploitego.SambaUser" sambauser = mt.addEntity(entityname, name) sambauser.setValue(name) sambauser.addAdditionalFields("sid", "Sid", False, sid) sambauser.addAdditionalFields("type", "Type", False, typ) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) for workspace in mpost.getWorkspaces(): wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name")) wsentity.setValue(workspace.get("name")) wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id"))) wsentity.addAdditionalFields("db", "Database", False, db) inheritvalues(wsentity, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") host = MetasploitXML(fn).gethost(ip) for page in host.webpages: setentity(mt,page) for form in host.webforms: setentity(mt,form) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) noteon = mt.getValue() noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon)) noteent.setValue("Note:{}".format(noteon)) noteent.addAdditionalFields("note", "Note", False, "") noteent.addAdditionalFields("link", "Link", False, "") inheritvalues(noteent, mt.values) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) filenmame = mt.getVar("localfile") if filenmame: if os.path.exists(filenmame): webbrowser.open("file://{}".format(filenmame)) else: url = mt.getValue() if validators.url(url): webbrowser.open(url) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") host = MetasploitXML(fn).gethost(ip) for page in host.webpages: setentity(mt, page) for form in host.webforms: setentity(mt, form) mt.returnOutput()
def dotransform(args): entitytags = [ "name", "address", "servicecount", "osname", "state", "mac", "vulncount", "purpose", "osflavor", "osfamily", "notecount" ] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("description") mdb = MetasploitXML(fn) for host in mdb.hosts: hostentity = mt.addEntity("maltego.IPv4Address", host.address) hostentity.setValue(host.address) hostentity.addAdditionalFields("fromfile", "Source File", False, fn) tags = host.getTags() for etag in entitytags: if etag in tags: hostentity.addAdditionalFields(etag, etag, False, host.getVal(etag)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): global nmap_proc mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "http-security-headers", ip) for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") lines = output.split("\n") for line in lines: if not line.strip(): lines.remove(line) secheader = mt.addEntity("msploitego.httpsecureheaders", output) secheader.setValue(output[0:25]) secheader.addAdditionalFields("details", "Details", False, output) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): entitytags = ["name", "address", "servicecount", "osname", "state", "mac","vulncount","purpose", "osflavor", "osfamily", "notecount"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("description") mdb = MetasploitXML(fn) for host in mdb.hosts: hostentity = mt.addEntity("maltego.IPv4Address", host.address) hostentity.setValue(host.address) hostentity.addAdditionalFields("fromfile", "Source File", False, fn) tags = host.getTags() for etag in entitytags: if etag in tags: hostentity.addAdditionalFields(etag, etag, False, host.getVal(etag)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "banner", ip, args="-sV") if rep: pprint(rep) # for scriptrun in rep.hosts[0].services[0].scripts_results: # regex = re.compile("^\s+Path:") # results = bucketparser(regex,scriptrun.get("output").split("\n")) # for res in results: # k,v = res.get("Header").split(":",1) # commententity = mt.addEntity("msploitego.SourceCodeComment", v) # commententity.setValue(v) # commententity.addAdditionalFields("comment", "Comment", False, "\n".join(res.get("Details"))) # commententity.addAdditionalFields("linenumber", "Line Number", False, res.get("Line number")) # commententity.addAdditionalFields("path", "Path", False, v) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) # ip = mt.getVar("address") # hostid = mt.getVar("hostid") # vuln = mt.getValue() # db = mt.getVar("db") # user = mt.getVar("user") # password = mt.getVar("password").replace("\\", "") # msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) # cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I) # rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b") # mpost = MsploitPostgres(user, password, db) # for ms in msreg.findall(vuln): # # bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) # ms = ms.replace("-","_").lower() # mods = mpost.queryModules() # for line in bashlog: # if rankreg.search(line): # rank = rankreg.search(line).group(0) # msfmod = re.split(" {2,}", line.lstrip()) # msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) # msfentity.setValue(msfmod[0]) # msfentity.addAdditionalFields("rank", "Rank", False, rank) # msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) # msfentity.addAdditionalFields("ip", "IP Address", False, ip) # for cve in cvereg.findall(vuln): # bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve)) # for line in bashlog: # if rankreg.search(line): # rank = rankreg.search(line).group(0) # msfmod = re.split(" {2,}", line.lstrip()) # msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) # msfentity.setValue(msfmod[0]) # msfentity.addAdditionalFields("rank", "Rank", False, rank) # msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) mt.addUIMessage("This transform is under construction") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) cleanse = re.compile( "\[\+\]|denied|warning|failed|attempted|attempting|reconnecting", re.I) # cleanse = re.compile("\[\+\]|\[v\]") data = mt.getVar("data").split("\n") # regex = re.compile("^Sharename") # results = bucketparser(regex, data, sep=" ") res = [] for line in data: if "---" in line or not line or cleanse.search(line): continue res.append(line) pprint(res) # if data: # for line in data: # sid = name = typ = "" # if line.strip() and not regex.search(line): # details = line.split() # for d in details: # if sidex.match(d): # sid = d # elif namex.match(d): # name = d # elif re.search("group|user",d,re.I): # typ = d.strip(")") # if name: # if typ.lower() == "group": # entityname = "msploitego.SambaGroupInformation" # else: # entityname = "msploitego.SambaUser" # sambauser = mt.addEntity(entityname, name) # sambauser.setValue(name) # sambauser.addAdditionalFields("sid", "Sid", False, sid) # sambauser.addAdditionalFields("type", "Type", False, typ) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") body = mt.getVar("body") url = mt.getValue() details = None if body: details = body else: bashlog = bashrunner("wget -qO- {}".format(url)) if bashlog: details = "".join(bashlog) if details: webfile = mt.addEntity("msploitego.WebFile", url) webfile.setValue(url) webfile.addAdditionalFields("details", "Details", False, details) webfile.addAdditionalFields("url", "Site URL", False, url) webfile.addAdditionalFields("ip", "IP Address", False, ip) webfile.addAdditionalFields("port", "Port", False, port) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(sys.argv)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, scripts, ip, scriptargs="unsafe=1") for scriptrun in rep.hosts[0].scripts_results: id = scriptrun.get("id") if id and "ERROR" not in scriptrun.get("output"): smbvuln = mt.addEntity("msploitego.SambaVulnerability", "{}:{}".format(id,hostid)) smbvuln.setValue("{}:{}".format(id,hostid)) smbvuln.addAdditionalFields("description", "Description", False, scriptrun.get("output")) smbvuln.addAdditionalFields("IP", "IP Address", False, ip) smbvuln.addAdditionalFields("Port", "Port", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner("snmp-check -w {}".format(ip)) regex = re.compile("^\[\*\]") results = bucketparser(regex, bashlog, sep=" ") for res in results: origheader = res.get("Header") header = res.get("Header").lower() if "write access permitted" in header: phrase = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(origheader, hostid)) phrase.setValue("{}:{}".format(origheader, hostid)) elif "system information" in header: if res.get("Domain"): dname = res.get("Domain").lstrip(":") domain = mt.addEntity("maltego.Domain", dname) domain.setValue(dname) domain.addAdditionalFields("ip", "IP Address", True, ip) domain.addAdditionalFields("port", "Port", True, port) if res.get("Hostname"): hname = res.get("Hostname").lstrip(":") hostname = mt.addEntity("msploitego.Hostname", hname) hostname.setValue(hname) hostname.addAdditionalFields("ip", "IP Address", True, ip) hostname.addAdditionalFields("port", "Port", True, port) elif "user accounts" in header: for user in res.keys(): if any(x in user for x in ["Details", "Header"]): continue alias = mt.addEntity("maltego.Alias", user) alias.setValue(user) alias.addAdditionalFields("ip", "IP Address", True, ip) elif "routing information" in header: ipprefix = ".".join(ip.split(".")[0:2]) for k, v in res.items(): if any(x in k for x in ["Details", "Header", "Destination"]): continue for ipr in v.split(): if re.search(ipprefix, ipr) and ipr != ip: iprout = mt.addEntity("msploitego.RoutingIP", ipr) iprout.setValue(ipr) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "network services" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Header", "Index"]): continue nservice = mt.addEntity("msploitego.NetworkService", "{}:{}".format(v, hostid)) nservice.setValue("{}:{}".format(v, hostid)) nservice.addAdditionalFields("ip", "IP Address", True, ip) elif "processes" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Header"]): continue if "running" in v.lower(): process = mt.addEntity( "msploitego.Process", "{}:{}".format(v.split()[-1], hostid)) process.setValue("{}:{}".format(v.split()[-1], hostid)) process.addAdditionalFields("ip", "IP Address", True, ip) process.addAdditionalFields("pid", "Process ID", True, k) elif "device information" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Header", "Id"]): continue if any(x in v for x in ["unknown", "running"]): device = mt.addEntity( "maltego.Device", "{}:{}".format(" ".join(v.split()[2::]), hostid)) device.setValue("{}:{}".format(" ".join(v.split()[2::]), hostid)) device.addAdditionalFields("ip", "IP Address", True, ip) elif "software components" in header: for k, v in res.items(): if any(x in k for x in ["Details", "Index", "Header"]): continue iprout = mt.addEntity("msploitego.SotwareComponents", "{}:{}".format(v, hostid)) iprout.setValue("{}:{}".format(v, hostid)) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "share" in header: path = res.get("Path").lstrip(":") name = res.get("Name").lstrip(":") networkshare = mt.addEntity("msploitego.NetworkShare", path) networkshare.setValue(path) networkshare.addAdditionalFields("ip", "IP Address", True, ip) networkshare.addAdditionalFields("name", "Share Name", True, name) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner("snmp-check -w {}".format(ip)) regex = re.compile("^\[\*\]") results = bucketparser(regex, bashlog, sep=" ") for res in results: origheader = res.get("Header") header = res.get("Header").lower() if "write access permitted" in header: phrase = mt.addEntity("maltego.Pharse", origheader) phrase.setValue(origheader) elif "system information" in header: if res.get("Domain"): dname = res.get("Domain").lstrip(":") domain = mt.addEntity("maltego.Domain", dname) domain.setValue(dname) domain.addAdditionalFields("ip", "IP Address", True, ip) domain.addAdditionalFields("port", "Port", True, port) if res.get("Hostname"): hname = res.get("Hostname").lstrip(":") hostname = mt.addEntity("msploitego.Hostname", hname) hostname.setValue(hname) hostname.addAdditionalFields("ip", "IP Address", True, ip) hostname.addAdditionalFields("port", "Port", True, port) elif "user accounts" in header: for user in res.keys(): if any(x in user for x in ["Details", "Header"]): continue alias = mt.addEntity("maltego.Alias", user) alias.setValue(user) alias.addAdditionalFields("ip", "IP Address", True, ip) elif "routing information" in header: ipprefix = ".".join(ip.split(".")[0:2]) for k,v in res.items(): if any(x in k for x in ["Details", "Header","Destination"]): continue for ipr in v.split(): if re.search(ipprefix,ipr) and ipr != ip: iprout = mt.addEntity("msploitego.RoutingIP", ipr) iprout.setValue(ipr) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "network services" in header: for k,v in res.items(): if any(x in k for x in ["Details", "Header","Index"]): continue nservice = mt.addEntity("msploitego.NetworkService", v) nservice.setValue(v) nservice.addAdditionalFields("ip", "IP Address", True, ip) elif "processes" in header: for k,v in res.items(): if any(x in k for x in ["Details", "Header"]): continue if "running" in v.lower(): process = mt.addEntity("msploitego.Process", v.split()[-1]) process.setValue(v.split()[-1]) process.addAdditionalFields("ip", "IP Address", True, ip) process.addAdditionalFields("pid","Process ID", True, k) elif "device information" in header: for k,v in res.items(): if any(x in k for x in ["Details", "Header", "Id"]): continue if any(x in v for x in ["unknown","running"]): device = mt.addEntity("maltego.Device", " ".join(v.split()[2::])) device.setValue(" ".join(v.split()[2::])) device.addAdditionalFields("ip", "IP Address", True, ip) elif "software components" in header: for k,v in res.items(): if any(x in k for x in ["Details","Index","Header"]): continue iprout = mt.addEntity("msploitego.SotwareComponents", v) iprout.setValue(v) iprout.addAdditionalFields("ip", "IP Address", True, ip) elif "share" in header: path = res.get("Path").lstrip(":") name = res.get("Name").lstrip(":") networkshare = mt.addEntity("msploitego.NetworkShare", path) networkshare.setValue(path) networkshare.addAdditionalFields("ip", "IP Address", True, ip) networkshare.addAdditionalFields("name", "Share Name", True, name) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all") if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: infoentity = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) infoentity.addAdditionalFields("ip", "IP Address", False, ip) infoentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) workspace = mt.getValue() workspaceid = mt.getVar("workspaceid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) for host in mpost.getAllHosts(workspaceid): hostentity = mt.addEntity("maltego.IPv4Address", host.get("address")) hostentity.setValue(host.get("address")) for k,v in host.items(): if isinstance(v,datetime): hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) inheritvalues(hostentity, mt.values) hostentity.addAdditionalFields("workspace", "Workspace Name", False, workspace) mt.returnOutput()
from libnmap.process import NmapProcess from common.MaltegoTransform import * import sys __author__ = 'Marc Gurreri' __copyright__ = 'Copyright 2018, Oscp Project' __credits__ = [] __license__ = 'GPL' __version__ = '0.1' __maintainer__ = 'Marc Gurreri' __email__ = '*****@*****.**' __status__ = 'Development' me = MaltegoTransform() me.parseArguments(sys.argv) # pprint(me) # oport = toPort(me) banner = me.getVar("oscp.banner") ban = "" if banner is not None: bl = banner.split() if "product" in bl[0]: ban = " ".join(bl[1:]) else: ban = banner else: def mycallback(nmaptask):
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") if not hostid: hostid = mt.getVar("id") rep = scriptrunner( port, "smtp-commands,smtp-enum-users,smtp-open-relay,smtp-vuln-cve2011-1764", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: infoentity = mt.addEntity( "msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) infoentity.addAdditionalFields("ip", "IP Address", False, ip) infoentity.addAdditionalFields("port", "Port", False, port) infoentity.addAdditionalFields("hostid", "Host Id", False, hostid) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): excludes = ["Nessus Scan Information"] # entitytags = ["hostid", "info", "name","vulnattemptcount"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") host = MetasploitXML(fn).gethost(ip) vulncount = int(mt.getVar("vulncount")) if vulncount > 0: for vuln in host.vulns: vulnent = mt.addEntity("maltego.Vulnerability", vuln.name) vulnent.setValue("{}/{}".format(vuln.name,host.address)) vulnent.addAdditionalFields("refs", "References", False, ",".join([x.ref for x in vuln.refs])) vulnent.addAdditionalFields("ipaddress", "IP Address", False, host.address) vulnent.addAdditionalFields("hostid", "Host ID", False, host.id) vulnent.addAdditionalFields("os", "OS Name", False, host.osname) for tag,val in vuln: if isinstance(val,str): vulnent.addAdditionalFields(tag, tag.capitalize() , False, val) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") module = mt.getValue() falsepos = mt.addEntity("msploitego.Checked", "{}:{}".format(module,ip,port)) falsepos.setValue("{}:{}".format(module,ip,port)) falsepos.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") proto = mt.getVar("proto") service = mt.getValue() rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip) if rep.hosts[0].status == "up": d = {} for res in rep.hosts[0].scripts_results: elems = res.get("elements") for k,v in elems.items(): if v and v.strip(): d.update({k:v}) server = d.get("server").split("\\")[0] workgroup = d.get("workgroup").split("\\")[0] sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup)) sambaentity.setValue("{}:{}".format(server,workgroup)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("info", "Info", False, d.get("os")) sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn")) sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os")) sambaentity.addAdditionalFields("service.name", "Description", False, service) sambaentity.addAdditionalFields("properties.service", "Service", False, service) sambaentity.addAdditionalFields("proto", "Protocol", False, proto) for k,v in d.items(): if any(x in k for x in ["server","workgroup"]): continue sambaentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-services", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s\s[a-zA-Z0-9_.-]+") bucket = bucketparser(regex,output) for item in bucket: serviceent = mt.addEntity("maltego.Service", "{}:{}".format(item.get("Header"),hostid)) serviceent.setValue("{}:{}".format(item.get("Header"),hostid)) serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name")) serviceent.addAdditionalFields("ip", "IP Address", False, ip) serviceent.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") if not hostid: hostid = mt.getVar("id") rep = scriptrunner(port, "msrpc-enum", ip) if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: popent = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"),hostid)) popent.setValue("{}:{}".format(scriptrun.get("id"),hostid)) popent.addAdditionalFields("description", "Description",False,scriptrun.get("output")) popent.addAdditionalFields("ip", "IP Address", False, ip) popent.addAdditionalFields("port", "Port", False, port) popent.addAdditionalFields("hostid", "Host Id", False, hostid) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): global nmap_proc mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "http-robots.txt", ip) if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") for line in output.split("\n"): if line.lstrip()[0] == "/": for d in line.lstrip().strip().split(): webdirentity = mt.addEntity("maltego.WebDir", d) webdirentity.setValue(d) webdirentity.addAdditionalFields("ip", "IP Address", False, ip) webdirentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") diry = mt.getValue() # website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry)) # website.setValue("http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("dir", "Directory", False, diry) # website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("ip", "IP Address", False, ip) # website.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): entitytags = ["hostid","info", "name", "port", "proto", "state"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") mac = mt.getVar("mac") osname = mt.getVar("osname") osfamily = mt.getVar("osfamily") machinename = mt.getVar("name") servicecount = int(mt.getVar("servicecount")) mdb = MetasploitXML(fn) if servicecount > 0: host = mdb.gethost(ip) for service in host.services: entityname = "msploitego.MetasploitService" try: servicename = service.name except AttributeError: servicename = "NoName" try: serviceinfo = service.info except AttributeError: serviceinfo = None if service.state.lower() in ["filtered", "closed"]: entityname = "msploitego.ClosedPort" else: if servicename in ["http","https","possible_wls","www","ncacn_http","ccproxy-http","ssl/http","http-proxy"]: if serviceinfo: if "iis" in service.info.lower(): entityname = "msploitego.IISWebservice" elif "rpc over http" in service.info.lower(): entityname = "msploitego.RPCoverhttp" elif "oracle xml db" in service.info.lower(): entityname = "msploitego.OracleXMLDB" elif "apache" in service.info.lower(): if "apache tomcat" in service.info.lower(): entityname = "msploitego.ApacheTomcat" elif all(x in service.info.lower() for x in ["apache", "php"]): entityname = "msploitego.ApachePHP" else: entityname = "msploitego.Apachehttpd" elif "httpfileserver" in service.info.lower(): entityname = "msploitego.HTTPFileServer" elif "lighttpd" in service.info.lower(): entityname = "msploitego.lighttpd" elif "nginx" in service.info.lower(): entityname = "msploitego.nginx" elif "jetty" in service.info.lower(): entityname = "msploitego.Jetty" elif "node.js" in service.info.lower(): entityname = "msploitego.Nodejs" elif "httpapi" in service.info.lower(): entityname = "msploitego.MicrosoftHTTPAPI" elif "WAF" in service.info: entityname = "msploitego.WAF" elif "oracle http server" in service.info.lower(): entityname = "msploitego.OracleHTTPServer" elif "oracle xml db" in service.info.lower(): entityname = "msploitego.OracleXMLDB" elif "goahead" in service.info.lower(): entityname = "msploitego.GoAheadWebServer" # else: entityname = "msploitego.WebService" else: entityname = "msploitego.WebService" elif service.port == "32768": entityname = "msploitego.PotentialBackdoor" elif any(x in servicename for x in ["samba","netbios-ssn","smb","microsoft-ds","netbios-ns","netbios-dgm"]): entityname = "msploitego.SambaService" elif servicename == "ssh": entityname = "msploitego.SSHService" elif servicename in ["dns","mdns","domain"]: entityname = "msploitego.DNSService" elif "rpc" in servicename: entityname = "msploitego.RPC" elif "epmap" in servicename: entityname = "msploitego.epmap" elif "cifs" in servicename: entityname = "msploitego.cifs" elif "ssdp" in servicename: entityname = "msploitego.ssdp" elif "irc" in servicename: entityname = "msploitego.irc" elif "pop" in servicename: entityname = "msploitego.pop3" elif "oracle" in servicename: entityname = "msploitego.Oracle" elif "ftp" in servicename: entityname = "msploitego.ftp" elif "finger" in servicename: entityname = "msploitego.finger" elif "imap" in servicename: entityname = "msploitego.imap" elif "winrm" in servicename.lower(): entityname = "msploitego.winrm" elif "nmap" in servicename.lower(): entityname = "msploitego.Nmap" elif "ldap" in servicename.lower(): entityname = "msploitego.LDAP" elif "compressnet" in servicename.lower(): entityname = "msploitego.compressnet" elif "ansys" in servicename.lower(): entityname = "msploitego.ansys" elif "boinc" in servicename.lower(): entityname = "msploitego.boinc" elif "bakbone" in servicename.lower(): entityname = "msploitego.bakbonenetvault" elif "cisco" in servicename.lower(): entityname = "msploitego.CISCO" elif "ntp" in servicename: entityname = "msploitego.ntp" elif "dhcp" in servicename: entityname = "msploitego.DHCP" elif "dbase" in servicename.lower(): entityname = "msploitego.dBase" elif "chargen" in servicename.lower(): entityname = "msploitego.chargen" elif "directplaysrvr" in servicename: entityname = "msploitego.directplaysrvr" elif "smtp" in servicename.lower(): entityname = "msploitego.smtp" elif "ident" in servicename.lower(): entityname = "msploitego.ident" elif any(x in servicename.lower()for x in ["snmp", "smux"]): entityname = "msploitego.SNMP" elif "tcpwrapped" in servicename: entityname = "msploitego.tcpwrapped" elif "mysql" in servicename: entityname = "msploitego.mysql" elif any(x in servicename.lower() for x in ["mssql","ms-sql","dbm"]): entityname = "msploitego.mssql" elif any(x in servicename for x in ["nat-pmp","upnp", "natpmp"]): entityname = "msploitego.natpmp" elif any(x in servicename.lower() for x in ["confluent", "kafka"]): entityname = "msploitego.ApacheKafka" elif any(x in servicename for x in ["ndmp"]): entityname = "msploitego.NAS" elif any(x in servicename.lower() for x in ["neod", "corba"]): entityname = "msploitego.ObjectRequestBroker" elif "ajp" in servicename: entityname = "msploitego.ajp" elif "llmnr" in servicename.lower(): entityname = "msploitego.llmnr" elif any(x in servicename.lower() for x in ["keysrvr", "keyshadow"]): entityname = "msploitego.KeyServer" elif servicename.lower() in ["kerberos","kpasswd5","kerberos-sec","krb524"]: entityname = "msploitego.kerberos" elif "msexchange-logcopier" in servicename.lower(): entityname = "msploitego.MSExchangeLogCopier" elif any(x in servicename.lower() for x in ["nfs", "lockd","amiganetfs"]): entityname = "msploitego.nfsacl" elif "x11" in servicename.lower(): entityname = "msploitego.X11" elif "sip" == servicename.lower(): entityname = "msploitego.SIP" elif "fmtp" in servicename.lower(): entityname = "msploitego.fmtp" elif "telnet" in servicename.lower(): entityname = "msploitego.telnet" elif any(x in servicename.lower() for x in ["rdp","xdmcp"]): entityname = "msploitego.rdp" elif "ipp" in servicename.lower(): entityname = "msploitego.ipp" elif "vnc" in servicename.lower(): entityname = "msploitego.vnc" elif "wap-wsp" in servicename.lower(): entityname = "msploitego.wapwsp" elif "blackjack" in servicename.lower(): entityname = "msploitego.blackjack" elif any(x in servicename.lower() for x in ["backorifice","bo2k"]): entityname = "msploitego.backorifice" elif "rtsp" in servicename.lower(): entityname = "msploitego.rtsp" elif "bacnet" in servicename.lower(): entityname = "msploitego.Bacnet" elif "msdtc" in servicename.lower(): entityname = "msploitego.msdtc" elif "wfremotertm" in servicename.lower(): entityname = "msploitego.wfremotertm" elif "msdp" in servicename.lower(): entityname = "msploitego.msdp" elif "ssl" in servicename.lower(): entityname = "msploitego.ssl" elif all(x in servicename.lower() for x in ["afs","fileserver"]): entityname = "msploitego.AFS" elif "adobeserver" in servicename.lower(): entityname = "msploitego.AdobeserverService" elif "ms-wbt-server" in servicename.lower(): entityname = "msploitego.MicrosoftTerminalServices" elif servicename.lower() in ["rmiregistry", "java-rmi"]: entityname = "msploitego.JavaRMI" hostservice = mt.addEntity(entityname, "{}/{}:{}".format(servicename,service.port,service.hostid)) hostservice.setValue = "{}/{}:{}".format(servicename,service.port,service.hostid) hostservice.addAdditionalFields("ip","IP Address",True,ip) if servicename and servicename.lower() in ["http","https","possible_wls","www","ncacn_http","ccproxy-http","ssl/http","http-proxy"]: hostservice.addAdditionalFields("niktofile", "Nikto File", True, '') hostservice.addAdditionalFields("fromfile", "Source File", True, fn) hostservice.addAdditionalFields("service.name", "Service Name", True, servicename) if service.containsTag("info"): hostservice.addAdditionalFields("banner", "Banner", True, service.info) if servicename in ["samba", "netbios-ssn", "smb", "microsoft-ds"]: if "workgroup" in service.info.lower(): groupname = service.info.lower().split("workgroup:",1)[-1].lstrip() workgroup = mt.addEntity("maltego.Domain", groupname) workgroup.setValue(groupname) workgroup.addAdditionalFields("ip", "IP Address", True, ip) else: hostservice.addAdditionalFields("banner", "Banner", True, "{}-No info".format(servicename)) for etag in entitytags: if etag in service.getTags(): val = service.getVal(etag) hostservice.addAdditionalFields(etag, etag, True, val) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) if machinename and re.match("^[a-zA-z]+",machinename): hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) """ OS determination """ osentityname = "msploitego.OperatingSystem" if osname or osfamily: if osfamily: if osname: if "windows 2003" in osname.lower(): osentityname = "msploitego.Windows2003" elif "windows 2008" in osname.lower(): osentityname = "msploitego.Windows2008" elif "windows 2012" in osname.lower(): osentityname = "msploitego.Windows2012" elif "windows 2000" in osname.lower(): osentityname = "msploitego.Windows2000" elif "windows xp" in osname.lower(): osentityname = "msploitego.WindowsXP" elif "windows 7" in osname.lower(): osentityname = "msploitego.Windows7" elif "freebsd" in osname.lower(): osentityname = "msploitego.FreeBSD" elif "solaris" in osname.lower(): osentityname = "msploitego.Solaris" elif "linux" in osname.lower(): osentityname = "msploitego.LinuxOperatingSystem" elif "embedded" in osname.lower(): osentityname = "msploitego.EmbeddedOS" osdescription = osname else: if "windows" in osfamily.lower(): osentityname = "msploitego.WindowsOperatingSystem" elif "freebsd" in osfamily.lower(): osentityname = "msploitego.FreeBSD" elif "linux" in osfamily.lower(): osentityname = "msploitego.LinuxOperatingSystem" osdescription = osfamily elif osname: if "embedded" in osname.lower(): osentityname = "msploitego.EmbeddedOS" elif "linux" in osname.lower(): osentityname = "msploitego.LinuxOperatingSystem" osdescription = osname osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) # elif "linux" in osfamily.lower(): # osfament = mt.addEntity("msploitego.LinuxOperatingSystem", osfamily) # osfament.setValue(osfamily) # osfament.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") machinename = mt.getVar("machinename") rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS") if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") bucket = bucketparser(regex, output, method="search") for item in bucket: warning = item.get("Warning") if warning and re.search("denied", warning, re.I): enitiyname = "msploitego.AccessDenied" else: enitiyname = "msploitego.SambaShare" header = item.get("Header") shareentity = mt.addEntity(enitiyname, header) shareentity.setValue(header) sharename = header.split("\\")[-1].strip().strip(":") shareentity.addAdditionalFields("sharename", "Share Name", False, sharename) shareentity.addAdditionalFields("sambashare", "Samba Share", False, header) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) if machinename: shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename) for k, v in item.items(): if k == "Header": continue shareentity.addAdditionalFields(k.lower(), k, False, v) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "rdp-vuln-ms12-020", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: regex = re.compile("\s{2}[A-Za-z]+") output = res.get("output").split("\n") results = bucketparser(regex, output) for res in results: if res.get("Header") == "VULNERABLE": continue vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header")) vulnentity.setValue(res.get("Header")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k, v in res.items(): if k == "Details": vulnentity.addAdditionalFields("details", k, False, "\n".join(v)) else: if v and v.strip(): vulnentity.addAdditionalFields( k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): entitytags = ["hostid", "info", "name", "port", "proto", "state"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") mac = mt.getVar("mac") osname = mt.getVar("osname") osfamily = mt.getVar("osfamily") machinename = mt.getVar("name") servicecount = int(mt.getVar("servicecount")) mdb = MetasploitXML(fn) if servicecount > 0: host = mdb.gethost(ip) for service in host.services: entityname = "msploitego.MetasploitService" try: servicename = service.name except AttributeError: servicename = "NoName" try: serviceinfo = service.info except AttributeError: serviceinfo = None if service.state.lower() in ["filtered", "closed"]: entityname = "msploitego.ClosedPort" else: if servicename in [ "http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http", "http-proxy" ]: if serviceinfo: if "iis" in service.info.lower(): entityname = "msploitego.IISWebservice" elif "rpc over http" in service.info.lower(): entityname = "msploitego.RPCoverhttp" elif "oracle xml db" in service.info.lower(): entityname = "msploitego.OracleXMLDB" elif "apache" in service.info.lower(): if "apache tomcat" in service.info.lower(): entityname = "msploitego.ApacheTomcat" elif all(x in service.info.lower() for x in ["apache", "php"]): entityname = "msploitego.ApachePHP" else: entityname = "msploitego.Apachehttpd" elif "httpfileserver" in service.info.lower(): entityname = "msploitego.HTTPFileServer" elif "lighttpd" in service.info.lower(): entityname = "msploitego.lighttpd" elif "nginx" in service.info.lower(): entityname = "msploitego.nginx" elif "jetty" in service.info.lower(): entityname = "msploitego.Jetty" elif "node.js" in service.info.lower(): entityname = "msploitego.Nodejs" elif "httpapi" in service.info.lower(): entityname = "msploitego.MicrosoftHTTPAPI" elif "WAF" in service.info: entityname = "msploitego.WAF" elif "oracle http server" in service.info.lower(): entityname = "msploitego.OracleHTTPServer" elif "oracle xml db" in service.info.lower(): entityname = "msploitego.OracleXMLDB" elif "goahead" in service.info.lower(): entityname = "msploitego.GoAheadWebServer" # else: entityname = "msploitego.WebService" else: entityname = "msploitego.WebService" elif service.port == "32768": entityname = "msploitego.PotentialBackdoor" elif any(x in servicename for x in [ "samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns", "netbios-dgm" ]): entityname = "msploitego.SambaService" elif servicename == "ssh": entityname = "msploitego.SSHService" elif servicename in ["dns", "mdns", "domain"]: entityname = "msploitego.DNSService" elif "rpc" in servicename: entityname = "msploitego.RPC" elif "epmap" in servicename: entityname = "msploitego.epmap" elif "cifs" in servicename: entityname = "msploitego.cifs" elif "ssdp" in servicename: entityname = "msploitego.ssdp" elif "irc" in servicename: entityname = "msploitego.irc" elif "pop" in servicename: entityname = "msploitego.pop3" elif "oracle" in servicename: entityname = "msploitego.Oracle" elif "ftp" in servicename: entityname = "msploitego.ftp" elif "finger" in servicename: entityname = "msploitego.finger" elif "imap" in servicename: entityname = "msploitego.imap" elif "winrm" in servicename.lower(): entityname = "msploitego.winrm" elif "nmap" in servicename.lower(): entityname = "msploitego.Nmap" elif "ldap" in servicename.lower(): entityname = "msploitego.LDAP" elif "compressnet" in servicename.lower(): entityname = "msploitego.compressnet" elif "ansys" in servicename.lower(): entityname = "msploitego.ansys" elif "boinc" in servicename.lower(): entityname = "msploitego.boinc" elif "bakbone" in servicename.lower(): entityname = "msploitego.bakbonenetvault" elif "cisco" in servicename.lower(): entityname = "msploitego.CISCO" elif "ntp" in servicename: entityname = "msploitego.ntp" elif "dhcp" in servicename: entityname = "msploitego.DHCP" elif "dbase" in servicename.lower(): entityname = "msploitego.dBase" elif "chargen" in servicename.lower(): entityname = "msploitego.chargen" elif "directplaysrvr" in servicename: entityname = "msploitego.directplaysrvr" elif "smtp" in servicename.lower(): entityname = "msploitego.smtp" elif "ident" in servicename.lower(): entityname = "msploitego.ident" elif any(x in servicename.lower() for x in ["snmp", "smux"]): entityname = "msploitego.SNMP" elif "tcpwrapped" in servicename: entityname = "msploitego.tcpwrapped" elif "mysql" in servicename: entityname = "msploitego.mysql" elif any(x in servicename.lower() for x in ["mssql", "ms-sql", "dbm"]): entityname = "msploitego.mssql" elif any(x in servicename for x in ["nat-pmp", "upnp", "natpmp"]): entityname = "msploitego.natpmp" elif any(x in servicename.lower() for x in ["confluent", "kafka"]): entityname = "msploitego.ApacheKafka" elif any(x in servicename for x in ["ndmp"]): entityname = "msploitego.NAS" elif any(x in servicename.lower() for x in ["neod", "corba"]): entityname = "msploitego.ObjectRequestBroker" elif "ajp" in servicename: entityname = "msploitego.ajp" elif "llmnr" in servicename.lower(): entityname = "msploitego.llmnr" elif any(x in servicename.lower() for x in ["keysrvr", "keyshadow"]): entityname = "msploitego.KeyServer" elif servicename.lower() in [ "kerberos", "kpasswd5", "kerberos-sec", "krb524" ]: entityname = "msploitego.kerberos" elif "msexchange-logcopier" in servicename.lower(): entityname = "msploitego.MSExchangeLogCopier" elif any(x in servicename.lower() for x in ["nfs", "lockd", "amiganetfs"]): entityname = "msploitego.nfsacl" elif "x11" in servicename.lower(): entityname = "msploitego.X11" elif "sip" == servicename.lower(): entityname = "msploitego.SIP" elif "fmtp" in servicename.lower(): entityname = "msploitego.fmtp" elif "telnet" in servicename.lower(): entityname = "msploitego.telnet" elif any(x in servicename.lower() for x in ["rdp", "xdmcp"]): entityname = "msploitego.rdp" elif "ipp" in servicename.lower(): entityname = "msploitego.ipp" elif "vnc" in servicename.lower(): entityname = "msploitego.vnc" elif "wap-wsp" in servicename.lower(): entityname = "msploitego.wapwsp" elif "blackjack" in servicename.lower(): entityname = "msploitego.blackjack" elif any(x in servicename.lower() for x in ["backorifice", "bo2k"]): entityname = "msploitego.backorifice" elif "rtsp" in servicename.lower(): entityname = "msploitego.rtsp" elif "bacnet" in servicename.lower(): entityname = "msploitego.Bacnet" elif "msdtc" in servicename.lower(): entityname = "msploitego.msdtc" elif "wfremotertm" in servicename.lower(): entityname = "msploitego.wfremotertm" elif "msdp" in servicename.lower(): entityname = "msploitego.msdp" elif "ssl" in servicename.lower(): entityname = "msploitego.ssl" elif all(x in servicename.lower() for x in ["afs", "fileserver"]): entityname = "msploitego.AFS" elif "adobeserver" in servicename.lower(): entityname = "msploitego.AdobeserverService" elif "ms-wbt-server" in servicename.lower(): entityname = "msploitego.MicrosoftTerminalServices" elif servicename.lower() in ["rmiregistry", "java-rmi"]: entityname = "msploitego.JavaRMI" hostservice = mt.addEntity( entityname, "{}/{}:{}".format(servicename, service.port, service.hostid)) hostservice.setValue = "{}/{}:{}".format(servicename, service.port, service.hostid) hostservice.addAdditionalFields("ip", "IP Address", True, ip) if servicename and servicename.lower() in [ "http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http", "http-proxy" ]: hostservice.addAdditionalFields("niktofile", "Nikto File", True, '') hostservice.addAdditionalFields("fromfile", "Source File", True, fn) hostservice.addAdditionalFields("service.name", "Service Name", True, servicename) if service.containsTag("info"): hostservice.addAdditionalFields("banner", "Banner", True, service.info) if servicename in [ "samba", "netbios-ssn", "smb", "microsoft-ds" ]: if "workgroup" in service.info.lower(): groupname = service.info.lower().split( "workgroup:", 1)[-1].lstrip() workgroup = mt.addEntity("maltego.Domain", groupname) workgroup.setValue(groupname) workgroup.addAdditionalFields("ip", "IP Address", True, ip) else: hostservice.addAdditionalFields( "banner", "Banner", True, "{}-No info".format(servicename)) for etag in entitytags: if etag in service.getTags(): val = service.getVal(etag) hostservice.addAdditionalFields(etag, etag, True, val) if mac: macentity = mt.addEntity("maltego.MacAddress", mac) macentity.setValue(mac) macentity.addAdditionalFields("ip", "IP Address", True, ip) if machinename and re.match("^[a-zA-z]+", machinename): hostentity = mt.addEntity("msploitego.Hostname", machinename) hostentity.setValue(machinename) hostentity.addAdditionalFields("ip", "IP Address", True, ip) """ OS determination """ osentityname = "msploitego.OperatingSystem" if osname or osfamily: if osfamily: if osname: if "windows 2003" in osname.lower(): osentityname = "msploitego.Windows2003" elif "windows 2008" in osname.lower(): osentityname = "msploitego.Windows2008" elif "windows 2012" in osname.lower(): osentityname = "msploitego.Windows2012" elif "windows 2000" in osname.lower(): osentityname = "msploitego.Windows2000" elif "windows xp" in osname.lower(): osentityname = "msploitego.WindowsXP" elif "windows 7" in osname.lower(): osentityname = "msploitego.Windows7" elif "freebsd" in osname.lower(): osentityname = "msploitego.FreeBSD" elif "solaris" in osname.lower(): osentityname = "msploitego.Solaris" elif "linux" in osname.lower(): osentityname = "msploitego.LinuxOperatingSystem" elif "embedded" in osname.lower(): osentityname = "msploitego.EmbeddedOS" osdescription = osname else: if "windows" in osfamily.lower(): osentityname = "msploitego.WindowsOperatingSystem" elif "freebsd" in osfamily.lower(): osentityname = "msploitego.FreeBSD" elif "linux" in osfamily.lower(): osentityname = "msploitego.LinuxOperatingSystem" osdescription = osfamily elif osname: if "embedded" in osname.lower(): osentityname = "msploitego.EmbeddedOS" elif "linux" in osname.lower(): osentityname = "msploitego.LinuxOperatingSystem" osdescription = osname osentity = mt.addEntity(osentityname, osdescription) osentity.setValue(osdescription) osentity.addAdditionalFields("ip", "IP Address", True, ip) # elif "linux" in osfamily.lower(): # osfament = mt.addEntity("msploitego.LinuxOperatingSystem", osfamily) # osfament.setValue(osfamily) # osfament.addAdditionalFields("ip", "IP Address", True, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") fn = mt.getValue() path = mt.getVar("path") bashlog = bashrunner("cat {}".format(path)) details = "".join(bashlog) if details: fileent = mt.addEntity("msploitego.LootFile", fn) fileent.setValue(fn) fileent.addAdditionalFields("details", "Details", False, details) fileent.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") diry = mt.getValue() # website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry)) # website.setValue("http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("dir", "Directory", False, diry) # website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry)) # website.addAdditionalFields("ip", "IP Address", False, ip) # website.addAdditionalFields("port", "Port", False, port) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") servicename = mt.getVar("servicename") serviceid = mt.getVar("serviceid") hostid = mt.getVar("hostid") workspace = mt.getVar("workspace") rep = scriptrunner(port, "http-sitemap-generator", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: output = res.get("output") webdir = mt.addEntity( "msploitego.WebDirectoryInfo", "{}:{}:{}".format(res.get("id"), hostid, port)) webdir.setValue("{}:{}:{}".format(res.get("id"), hostid, port)) webdir.addAdditionalFields("data", "Data", True, output) webdir.addAdditionalFields("servicename", "Service Name", True, servicename) webdir.addAdditionalFields("serviceid", "Service Id", True, serviceid) webdir.addAdditionalFields("hostid", "Host Id", True, hostid) webdir.addAdditionalFields("workspace", "Workspace", True, workspace) webdir.addAdditionalFields("ip", "IP Address", False, ip) webdir.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all") if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: infoentity = mt.addEntity( "msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) infoentity.addAdditionalFields("ip", "IP Address", False, ip) infoentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() db = mt.getVar("db") user = mt.getVar("user") hostid = mt.getVar("id") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) # for loot in mpost.getLootforHost(ip): for loot in mpost.getLootforHost(hostid): if loot.get("name"): lootentity = mt.addEntity("msploitego.MetasploitLoot", "{}:{}".format(loot.get("name"), hostid)) lootentity.setValue("{}:{}".format(loot.get("name"), hostid)) else: lootentity = mt.addEntity( "msploitego.MetasploitLoot", "{}:{}".format(loot.get("ltype"), hostid)) lootentity.setValue("{}:{}".format(loot.get("ltype"), hostid)) for k, v in loot.items(): if isinstance(v, datetime): lootentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): lootentity.addAdditionalFields(k, k.capitalize(), False, str(v)) if loot.get("path"): filecontents = getFileContents(loot.get("path")) if filecontents: lootentity.addAdditionalFields("details", "Details", False, "".join(filecontents)) lootentity.addAdditionalFields("user", "User", False, user) lootentity.addAdditionalFields("password", "Password", False, password) lootentity.addAdditionalFields("db", "db", False, db) lootentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip) for scriptrun in rep.hosts[0].services[0].scripts_results: vulnentity = mt.addEntity("msploitego.FTPVulnerability", "{}:{}".format(scriptrun.get("id"),hostid)) vulnentity.setValue("{}:{}".format(scriptrun.get("id"),hostid)) vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") module = mt.getValue() falsepos = mt.addEntity("msploitego.Hacked", "{}:{}".format(module, ip, port)) falsepos.setValue("{}:{}".format(module, ip, port)) falsepos.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") vuln = mt.getValue() path = mt.getVar("path") msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I) rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b") for ms in msreg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) msfentity.addAdditionalFields("ip", "IP Address", False, ip) for cve in cvereg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) # msfentity.addAdditionalFields("ip", "IP Address", False, ip) # bashlog = bashrunner("searchsploit -www {}".format(ms)) # for line in bashlog: # if re.search("http",line): # desc,link = line.split("|") # exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip()) # exploitentity.setValue(link.strip()) # exploitentity.addAdditionalFields("details", "Details", False, desc) # exploitentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smtp-enum-users", ip) for res in rep.hosts[0].services[0].scripts_results: output = res.get("output") for username in output.split(","): username = username.strip().lstrip() userentity = mt.addEntity("maltego.Alias", username) userentity.setValue(username) userentity.addAdditionalFields("sourceip", "Source IP", False, ip) userentity.addAdditionalFields("sourceport", "Source Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") server = mt.getVar("server") workgroup = mt.getVar("workgroup") account = mt.getVar("account_used") path = mt.getVar("sambapath") domaindns = mt.getVar("domain_dns") if not path: path = "/" conn = SMBConnection('admin', 'admin', "localhost", server, domain=workgroup, use_ntlm_v2=True, is_direct_tcp=True) conn.connect(ip, int(port)) shares = conn.listShares() regex = re.compile("^\.{1,2}$") for share in shares: if not share.isSpecial and share.name not in ['NETLOGON', 'SYSVOL']: sharename = unicodedata.normalize("NFKD", share.name).encode('ascii', 'ignore') for file in conn.listPath(share.name, path): filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore') if file.isDirectory: if not regex.match(filename): entityname = "msploitego.SambaShare" newpath = "{}/{}/".format(path,filename) else: continue # subpath = conn.listPath(share.name, '/{}'.format(filename)) else: entityname = "msploitego.SambaFile" newpath = "{}/{}".format(path, filename) sambaentity = mt.addEntity(entityname,"{}/{}/{}".format(ip,sharename,filename)) sambaentity.setValue("{}/{}/{}".format(ip,sharename,filename)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("filename", "Filename", False, filename) sambaentity.addAdditionalFields("path", "Path", False, newpath) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns) sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") server = mt.getVar("server") workgroup = mt.getVar("workgroup") account = mt.getVar("account_used") path = mt.getVar("path") domaindns = mt.getVar("domain_dns") sharename = mt.getVar("sharename") conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True, is_direct_tcp=True) conn.connect(ip, int(port)) regex = re.compile("^\.{1,2}$") for file in conn.listPath(sharename, path): filename = unicodedata.normalize("NFKD", file.filename).encode( 'ascii', 'ignore') if file.isDirectory: if not regex.match(filename): entityname = "msploitego.SambaShare" newpath = "{}/{}".format(path, filename) else: continue else: entityname = "msploitego.SambaFile" newpath = "{}/{}".format(path, filename) sambaentity = mt.addEntity(entityname, "{}/{}{}".format(ip, sharename, newpath)) sambaentity.setValue("{}/{}{}".format(ip, sharename, newpath)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("filename", "Filename", False, filename) sambaentity.addAdditionalFields("path", "Path", False, newpath) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns) sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename) conn.close() mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "dns-nsid", ip, args="-sSU") for res in rep.hosts[0].services[0].scripts_results: id = res.get("id") if id: dnsnsid = mt.addEntity("msploitego.dnsnsid", "{}:{}".format(id,hostid)) dnsnsid.setValue("{}:{}".format(id,hostid)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-services", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s\s[a-zA-Z0-9_.-]+") bucket = bucketparser(regex, output) for item in bucket: serviceent = mt.addEntity( "maltego.Service", "{}:{}".format(item.get("Header"), hostid)) serviceent.setValue("{}:{}".format(item.get("Header"), hostid)) serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name")) serviceent.addAdditionalFields("ip", "IP Address", False, ip) serviceent.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for session in mpost.getForAllHosts("sessions"): sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id"))) sessionentity.setValue(str(session.get("id"))) for k,v in session.items(): if isinstance(v,datetime): sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v)) sessionentity.addAdditionalFields("user", "User", False, user) sessionentity.addAdditionalFields("password", "Password", False, password) sessionentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") path = mt.getVar("uri") namelink = mt.getVar("namelink") urlent = mt.addEntity("msploitego.SiteURL", namelink) urlent.setValue(namelink) urlent.addAdditionalFields("ip", "IP Address", False, ip) urlent.addAdditionalFields("port", "Port", False, port) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: if res.get("elements"): for key, elem in res.get("elements").items(): vulnentity = mt.addEntity("msploitego.XSSVulnerability", elem.get("title")) vulnentity.setValue(res.get("title")) vulnentity.addAdditionalFields("vulnid", "Vuln ID", False, res.get("id")) vulnentity.addAdditionalFields("description", "Description", False, res.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k,v in elem.items(): if v.strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "rdp-vuln-ms12-020", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: regex = re.compile("\s{2}[A-Za-z]+") output = res.get("output").split("\n") results = bucketparser(regex,output) for res in results: if res.get("Header") == "VULNERABLE": continue vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header")) vulnentity.setValue(res.get("Header")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k,v in res.items(): if k == "Details": vulnentity.addAdditionalFields("details", k, False, "\n".join(v)) else: if v and v.strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip) for scriptrun in rep.hosts[0].services[0].scripts_results: scriptid = scriptrun.get("id") if scriptid.lower() == "ftp-vuln-cve2010-4221": scriptid = "cve-2010-4221" vulnentity = mt.addEntity("msploitego.FTPVulnerability", scriptid) vulnentity.setValue(scriptid) vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner( port, "http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: apachevuln = mt.addEntity("msploitego.ApacheVulnerability", "{}:{}".format(res.get("id"), hostid)) apachevuln.setValue("{}:{}".format(res.get("id"), hostid)) apachevuln.addAdditionalFields(ip, "IP Address", False, ip) apachevuln.addAdditionalFields(hostid, "Host Id", False, hostid) inheritvalues(apachevuln, mt.values) for k, v in res.get("elements").items(): if isinstance(v, dict): apachevuln.addAdditionalFields("vuln", "Vuln", False, k) for key, value in v.items(): if value and value.strip(): apachevuln.addAdditionalFields( key, key.capitalize(), False, value.strip()) elif v and v.strip(): apachevuln.addAdditionalFields(k, k.capitalize(), False, v.strip()) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") server = mt.getVar("server") if not server: server = mt.getVar("machinename") workgroup = mt.getVar("workgroup") path = mt.getVar("path") domaindns = mt.getVar("domain_dns") sharename = mt.getVar("sharename") if not workgroup: workgroup = "WORKGROUP" # conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True,is_direct_tcp=True) conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True) conn.connect(ip, int(port)) regex = re.compile("^\.{1,2}$") try: files = conn.listPath(sharename, path) except NotReadyError: accessdenied = mt.addEntity("msploitego.AccessDenied",sharename) accessdenied.setValue(sharename) else: for file in files: filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore') if file.isDirectory: if not regex.match(filename): entityname = "msploitego.SambaShare" newpath = "{}/{}".format(path,filename) else: continue else: entityname = "msploitego.SambaFile" newpath = "{}/{}".format(path, filename) sambaentity = mt.addEntity(entityname,"{}/{}{}".format(ip,sharename,newpath)) sambaentity.setValue("{}/{}{}".format(ip,sharename,newpath)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("filename", "Filename", False, filename) sambaentity.addAdditionalFields("path", "Path", False, newpath) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) if domaindns: sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns) sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename) conn.close() mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getforHost(ip, "vulns"): vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("name"),hostid)) vulnentity.setValue("{}:{}".format(vuln.get("name"),hostid)) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) for k,v in vuln.items(): if isinstance(v,datetime): vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") path = mt.getVar("uri") namelink = mt.getVar("namelink") urlent = mt.addEntity("msploitego.SiteURL", namelink) urlent.setValue(namelink) urlent.addAdditionalFields("ip", "IP Address", False, ip) urlent.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")