def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(sys.argv)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") fn = mt.getVar("niktofile") if not fn: mt.addException("Nikto file is either not attached or does not exist") mt.returnOutput() else: nr = NiktoReport(fn) for d in nr.details: det = mt.addEntity("msploitego.niktodetail", d.description) det.setValue(d.description[0:45]) det.addAdditionalFields("description","Description",False,d.description) det.addAdditionalFields("iplink", "IP Link", False, d.iplink) det.addAdditionalFields("namelink", "Name Link", False, d.namelink) det.addAdditionalFields("uri", "URI", False, d.uri) det.addAdditionalFields("ip", "IP", False, ip) det.addAdditionalFields("port", "IP", False, port) if len(d.get("uri")) > 2: webdir = mt.addEntity("maltego.URL", d.get("iplink")) webdir.setValue(d.get("iplink")) # elif d.get("namelink"): # webdir = mt.addEntity("maltego.URL", d.get("namelink")) # webdir.setValue(d.get("namelink")) webdir.addAdditionalFields("ip", "IP", False, ip) webdir.addAdditionalFields("port", "IP", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") server = mt.getVar("server") if not server: server = mt.getVar("machinename") workgroup = mt.getVar("workgroup") path = mt.getVar("path") domaindns = mt.getVar("domain_dns") sharename = mt.getVar("sharename") if not workgroup: workgroup = "WORKGROUP" # conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True,is_direct_tcp=True) conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True) conn.connect(ip, int(port)) regex = re.compile("^\.{1,2}$") try: files = conn.listPath(sharename, path) except NotReadyError: accessdenied = mt.addEntity("msploitego.AccessDenied",sharename) accessdenied.setValue(sharename) else: for file in files: filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore') if file.isDirectory: if not regex.match(filename): entityname = "msploitego.SambaShare" newpath = "{}/{}".format(path,filename) else: continue else: entityname = "msploitego.SambaFile" newpath = "{}/{}".format(path, filename) sambaentity = mt.addEntity(entityname,"{}/{}{}".format(ip,sharename,newpath)) sambaentity.setValue("{}/{}{}".format(ip,sharename,newpath)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("filename", "Filename", False, filename) sambaentity.addAdditionalFields("path", "Path", False, newpath) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) if domaindns: sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns) sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename) conn.close() mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: cve = res.get("elements").popitem() if len(cve) > 0: apachevuln = mt.addEntity("msploitego.ApacheVulnerability", cve[0]) apachevuln.setValue(cve[0]) if isinstance(cve[1],dict): details = cve[1] for key,value in details.items(): if value and value.strip(): apachevuln.addAdditionalFields(key, key, False, value.strip()) apachevuln.addAdditionalFields(ip, "IP Address", False, ip) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") bashlog = bashrunner( "wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format( ip, port)) # regp = re.compile("^\[i]\s", re.I) results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog) for res in results: if res.get("Header"): header = sanitizefield(res.get("Header")) wpent = mt.addEntity("msploitego.WordpressInfo", header) wpent.setValue(header) for k, v in res.items(): if not k or not k.strip() or k == "Header": continue k = sanitizefield(k) v = sanitizefield(v) if v and v.strip() and k and k.strip(): wpent.addAdditionalFields(k, k.capitalize(), False, v) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") vuln = mt.getValue() path = mt.getVar("path") msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) rankreg = re.compile("normal|manual|great|average|excellent|good|low") for ms in msreg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) for line in bashlog: if msreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) msfentity.addAdditionalFields("ip", "IP Address", False, ip) # bashlog = bashrunner("searchsploit -www {}".format(ms)) # for line in bashlog: # if re.search("http",line): # desc,link = line.split("|") # exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip()) # exploitentity.setValue(link.strip()) # exploitentity.addAdditionalFields("details", "Details", False, desc) # exploitentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-users", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").strip().split("\n") regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\") bucket = bucketparser(regex,output) for item in bucket: userentity = mt.addEntity("msploitego.SambaUser", item.get("Header")) userentity.setValue(item.get("Header")) userentity.addAdditionalFields("ip", "IP Address", False, ip) userentity.addAdditionalFields("port", "Port", False, port) for k,v in item.items(): userentity.addAdditionalFields(k, k.capitalize(), False, v.strip()) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner( port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: scriptid = scriptrun.get("id") if scriptid.lower() == "ftp-vuln-cve2010-4221": scriptid = "cve-2010-4221" vulnentity = mt.addEntity("msploitego.FTPVulnerability", "{}:{}".format(scriptid, hostid)) vulnentity.setValue("{}:{}".format(scriptid, hostid)) vulnentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding on this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") servicename = mt.getVar("servicename") serviceid = mt.getVar("serviceid") hostid = mt.getVar("hostid") workspace = mt.getVar("workspace") rep = scriptrunner(port, "http-csrf", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") csrfentity = mt.addEntity( "msploitego.CSFR", "{}:{}".format(scriptrun.get("id"), hostid)) csrfentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) csrfentity.addAdditionalFields("data", "Data", True, output) csrfentity.addAdditionalFields("servicename", "Service Name", True, servicename) csrfentity.addAdditionalFields("serviceid", "Service Id", True, serviceid) csrfentity.addAdditionalFields("hostid", "Host Id", True, hostid) csrfentity.addAdditionalFields("workspace", "Workspace", True, workspace) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") name = mt.getVar("name") rep = scriptrunner(port, "http-csrf", ip) tags = ["Path", "Form id", "Form action"] for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") csrfentity = None for line in output.split("\n"): if any(x in line for x in tags): sline = line.split(":") tag = sline[0].lstrip() data = ":".join(sline[1::]) if tag == "Path": csrfentity = mt.addEntity("msploitego.CSFR", data) csrfentity.setValue(data) elif tag == "Form id": csrfentity.addAdditionalFields("formid", "Form ID", True, data) elif tag == "Form action": csrfentity.addAdditionalFields("formaction", "Form Action", True, data) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, password, db) creds = mpost.getCredentials() for cred in mpost.getCredentials(): if cred.get("type") == "Metasploit::Credential::Password": entityname = "msploitego.Password" data = cred.get("data").split(":")[0] elif cred.get("type") == "Metasploit::Credential::NTLMHash": entityname = "msploitego.EncryptedPassword" data = cred.get("data") else: entityname = "msploitego.Credentials" data = cred.get("data") hostentity = mt.addEntity(entityname, data) hostentity.setValue(data) for k,v in cred.items(): if isinstance(v,datetime): hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") servicename = mt.getVar("servicename") serviceid = mt.getVar("serviceid") hostid = mt.getVar("hostid") workspace = mt.getVar("workspace") rep = scriptrunner(port, "http-sitemap-generator", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: output = res.get("output") webdir = mt.addEntity("msploitego.WebDirectoryInfo", "{}:{}:{}".format(res.get("id"),hostid,port)) webdir.setValue("{}:{}:{}".format(res.get("id"),hostid,port)) webdir.addAdditionalFields("data", "Data", True, output) webdir.addAdditionalFields("servicename", "Service Name", True, servicename) webdir.addAdditionalFields("serviceid", "Service Id", True, serviceid) webdir.addAdditionalFields("hostid", "Host Id", True, hostid) webdir.addAdditionalFields("workspace", "Workspace", True, workspace) webdir.addAdditionalFields("ip", "IP Address", False, ip) webdir.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-mbenum", ip) if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s{2}\w") bucket = bucketparser(regex, output, sep=" ") for item in bucket: header = item.get("Header") shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header, hostid)) shareentity.setValue("{}:{}".format(header, hostid)) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) for k, v in item.items(): if k == "Header" or k == "Details": continue shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k, v)) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-shares", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") bucket = bucketparser(regex, output, method="search") for item in bucket: header = item.get("Header") shareentity = mt.addEntity("msploitego.SambaShare", header) shareentity.setValue(header) sharename = header.split("\\")[-1].strip().strip(":") shareentity.addAdditionalFields("sharename", "Share Name", False, sharename) shareentity.addAdditionalFields("sambashare", "Samba Share", False, header) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) for k, v in item.items(): if k == "Header": continue shareentity.addAdditionalFields(k.lower(), k, False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) regex = re.compile("\[V\]\s|\[\+\]\s|\[i\]\s", re.I) sidex = re.compile("^S-1-", re.I) namex = re.compile("^[\w\.]{2,}\\\\+[\w\.]{2,}") data = mt.getVar("data").replace("\\\\","\\").split("\n") if data: for line in data: sid = name = typ = "" if line.strip() and not regex.search(line): details = line.split() for d in details: if sidex.match(d): sid = d elif namex.match(d): name = d elif re.search("group|user",d,re.I): typ = d.strip(")") if name: if typ.lower() == "group": entityname = "msploitego.SambaGroupInformation" else: entityname = "msploitego.SambaUser" sambauser = mt.addEntity(entityname, name) sambauser.setValue(name) sambauser.addAdditionalFields("sid", "Sid", False, sid) sambauser.addAdditionalFields("type", "Type", False, typ) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: if res.get("elements"): for key, elem in res.get("elements").items(): vulnentity = mt.addEntity("msploitego.XSSVulnerability", elem.get("title")) vulnentity.setValue(res.get("title")) vulnentity.addAdditionalFields("vulnid", "Vuln ID", False, res.get("id")) vulnentity.addAdditionalFields("description", "Description", False, res.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k,v in elem.items(): if v.strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "http-robots.txt", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") for line in output.split("\n"): if line.lstrip()[0] == "/": for d in line.lstrip().strip().split(): webdirentity = mt.addEntity( "maltego.WebDir", "{}:{}:{}".format(d, hostid, port)) webdirentity.setValue("{}:{}:{}".format( d, hostid, port)) webdirentity.addAdditionalFields( "ip", "IP Address", False, ip) webdirentity.addAdditionalFields( "port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "http-comments-displayer", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: regex = re.compile("^\s+Path:") results = bucketparser(regex, scriptrun.get("output").split("\n")) for res in results: k, v = res.get("Header").split(":", 1) commententity = mt.addEntity("msploitego.SourceCodeComment", v) commententity.setValue(v) commententity.addAdditionalFields( "comment", "Comment", False, "\n".join(res.get("Details"))) commententity.addAdditionalFields("linenumber", "Line Number", False, res.get("Line number")) commententity.addAdditionalFields("path", "Path", False, v) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") if not hostid: hostid = mt.getVar("id") rep = scriptrunner( port, "smtp-commands,smtp-enum-users,smtp-open-relay,smtp-vuln-cve2011-1764", ip) if rep: for scriptrun in rep.hosts[0].services[0].scripts_results: infoentity = mt.addEntity( "msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) infoentity.addAdditionalFields("ip", "IP Address", False, ip) infoentity.addAdditionalFields("port", "Port", False, port) infoentity.addAdditionalFields("hostid", "Host Id", False, hostid) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") if not hostid: hostid = mt.getVar("id") rep = scriptrunner(port, "msrpc-enum", ip) if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: popent = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) popent.setValue("{}:{}".format(scriptrun.get("id"), hostid)) popent.addAdditionalFields("description", "Description", False, scriptrun.get("output")) popent.addAdditionalFields("ip", "IP Address", False, ip) popent.addAdditionalFields("port", "Port", False, port) popent.addAdditionalFields("hostid", "Host Id", False, hostid) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "rdp-vuln-ms12-020", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: regex = re.compile("\s{2}[A-Za-z]+") output = res.get("output").split("\n") results = bucketparser(regex,output) for res in results: if res.get("Header") == "VULNERABLE": continue vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header")) vulnentity.setValue(res.get("Header")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k,v in res.items(): if k == "Details": vulnentity.addAdditionalFields("details", k, False, "\n".join(v)) else: if v and v.strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): global nmap_proc mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") servicename = mt.getVar("servicename") serviceid = mt.getVar("serviceid") hostid = mt.getVar("hostid") workspace = mt.getVar("workspace") rep = scriptrunner(port, "http-security-headers", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").strip() if output: secheader = mt.addEntity("msploitego.httpsecureheaders", "{}:{}".format(res.get("id"), hostid)) secheader.setValue("{}:{}".format(res.get("id"), hostid)) secheader.addAdditionalFields("details", "Details", False, output) secheader.addAdditionalFields("servicename", "Service Name", True, servicename) secheader.addAdditionalFields("serviceid", "Service Id", True, serviceid) secheader.addAdditionalFields("hostid", "Host Id", True, hostid) secheader.addAdditionalFields("workspace", "Workspace", True, workspace) secheader.addAdditionalFields("ip", "IP Address", False, ip) secheader.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].services[0].scripts_results: if res.get("elements"): for key, elem in res.get("elements").items(): vulnentity = mt.addEntity("msploitego.XSSVulnerability", elem.get("title")) vulnentity.setValue(res.get("title")) vulnentity.addAdditionalFields("vulnid", "Vuln ID", False, res.get("id")) vulnentity.addAdditionalFields("description", "Description", False, res.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k, v in elem.items(): if v.strip(): vulnentity.addAdditionalFields( k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) workspace = mt.getValue() workspaceid = mt.getVar("workspaceid") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for session in mpost.getSessions(workspaceid): sessionentity = mt.addEntity( "msploitego.MeterpreterSession", "{}:{}".format(session.get("ip"), str(session.get("sessionid")))) sessionentity.setValue("{}:{}".format(session.get("ip"), str(session.get("sessionid")))) for k, v in session.items(): if isinstance(v, datetime): sessionentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v)) sessionentity.addAdditionalFields("user", "User", False, user) sessionentity.addAdditionalFields("password", "Password", False, password) sessionentity.addAdditionalFields("db", "db", False, db) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all") if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: infoentity = mt.addEntity( "msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) infoentity.addAdditionalFields("ip", "IP Address", False, ip) infoentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): excludes = ["Nessus Scan Information"] # entitytags = ["hostid", "info", "name","vulnattemptcount"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") host = MetasploitXML(fn).gethost(ip) vulncount = int(mt.getVar("vulncount")) if vulncount > 0: for vuln in host.vulns: vulnent = mt.addEntity("maltego.Vulnerability", vuln.name) vulnent.setValue("{}/{}".format(vuln.name,host.address)) vulnent.addAdditionalFields("refs", "References", False, ",".join([x.ref for x in vuln.refs])) vulnent.addAdditionalFields("ipaddress", "IP Address", False, host.address) vulnent.addAdditionalFields("hostid", "Host ID", False, host.id) vulnent.addAdditionalFields("os", "OS Name", False, host.osname) for tag,val in vuln: if isinstance(val,str): vulnent.addAdditionalFields(tag, tag.capitalize() , False, val) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) creds = mpost.getCredentials() for cred in mpost.getCredentials(): if cred.get("type") == "Metasploit::Credential::Password": entityname = "msploitego.Password" data = cred.get("data").split(":")[0] elif cred.get("type") == "Metasploit::Credential::NTLMHash": entityname = "msploitego.EncryptedPassword" data = cred.get("data") else: entityname = "msploitego.Credentials" data = cred.get("data") hostentity = mt.addEntity(entityname, data) hostentity.setValue(data) for k, v in cred.items(): if isinstance(v, datetime): hostentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): hostentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") body = mt.getVar("body") url = mt.getValue() details = None if body: details = body else: bashlog = bashrunner("wget -qO- {}".format(url)) if bashlog: details = "".join(bashlog) if details: webfile = mt.addEntity("msploitego.WebFile", url) webfile.setValue(url) webfile.addAdditionalFields("details", "Details", False, details) webfile.addAdditionalFields("url", "Site URL", False, url) webfile.addAdditionalFields("ip", "IP Address", False, ip) webfile.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "rdp-vuln-ms12-020", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: regex = re.compile("\s{2}[A-Za-z]+") output = res.get("output").split("\n") results = bucketparser(regex, output) for res in results: if res.get("Header") == "VULNERABLE": continue vulnentity = mt.addEntity( "msploitego.RDPVulnerability", "{}:{}".format(res.get("Header"), hostid)) vulnentity.setValue("{}:{}".format(res.get("Header"), hostid)) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) for k, v in res.items(): if k == "Details": vulnentity.addAdditionalFields("details", k, False, "\n".join(v)) else: if v and v.strip(): vulnentity.addAdditionalFields( k, k.capitalize(), False, v) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getVar("db") workspaceid = mt.getVar("workspaceid") user = mt.getVar("user") dbpassword = mt.getVar("password").replace("\\","") mpost = MsploitPostgres(user, dbpassword, db) for cred in mpost.getCredentials(workspaceid): if cred.get("privtype") == "Metasploit::Credential::Password": entityname = "msploitego.Password" password = cred.get("privdata").split(":")[0] elif cred.get("privtype") == "Metasploit::Credential::NTLMHash": entityname = "msploitego.EncryptedPassword" password = cred.get("privdata") else: entityname = "msploitego.Credentials" password = cred.get("privdata") username = cred.get("username") coreid = cred.get("coreid") credentity = mt.addEntity(entityname, "{}:{}".format(username,coreid)) credentity.setValue("{}:{}".format(username,coreid)) credentity.addAdditionalFields("password", "Password", False, password) for k,v in cred.items(): if isinstance(v,datetime): credentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): credentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") body = mt.getVar("body") url = mt.getValue() details = None if body: details = body else: bashlog = bashrunner("wget -qO- {}".format(url)) if bashlog: details = "".join(bashlog) if details: webfile = mt.addEntity("msploitego.WebFile", url) webfile.setValue(url) f = tempfile.NamedTemporaryFile(delete=False) f.file.write(details) f.file.close() webfile.addAdditionalFields("localfile","Local File",False, f.name) webfile.addAdditionalFields("url", "Site URL", False, url) webfile.addAdditionalFields("ip", "IP Address", False, ip) webfile.addAdditionalFields("port", "Port", False, port) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getforHost(ip, "vulns"): vulnentity = mt.addEntity("maltego.Vulnerability", vuln.get("name")) vulnentity.setValue(vuln.get("name")) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) for k, v in vuln.items(): if isinstance(v, datetime): vulnentity.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "http-sitemap-generator", ip) if rep: for res in rep.hosts[0].services[0].scripts_results: output = res.get("output").strip().split("\n") regex = re.compile("^\s{4}/") for line in output: if regex.match(line): webdir = mt.addEntity( "maltego.WebDir", "{}:{}".format(line.strip().lstrip(), hostid)) webdir.setValue("{}:{}".format(line.strip().lstrip(), hostid)) webdir.addAdditionalFields("ip", "IP Address", False, ip) webdir.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-mbenum", ip) if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("^\s{2}\w") bucket = bucketparser(regex,output,sep=" ") for item in bucket: header = item.get("Header") shareentity = mt.addEntity("msploitego.WindowsMasterBrowser", "{}:{}".format(header,hostid)) shareentity.setValue("{}:{}".format(header,hostid)) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) for k,v in item.items(): if k == "Header" or k == "Details": continue shareentity.addAdditionalFields(k.lower(), k, False, "{}/{}".format(k,v)) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") workspace = mt.getVar("workspace") password = mt.getVar("password").replace("\\", "") arch = mt.getVar("arch") osfamily = mt.getVar("os_family") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getVulnsForHost(hostid): vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("vulnname"),hostid)) vulnentity.setValue("{}:{}".format(vuln.get("vulnname"),hostid)) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("password", "Password", False, password) vulnentity.addAdditionalFields("db", "db", False, db) if arch: vulnentity.addAdditionalFields("arch", "Arch", False, arch) vulnentity.addAdditionalFields("workspace", "Workspace", False, workspace) vulnentity.addAdditionalFields("osfamily", "OS", False, osfamily) for k,v in vuln.items(): if isinstance(v,datetime): vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-users", ip) if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").strip().split("\n") regex = re.compile("^[\sa-zA-Z0-9_.-]+\\\\") bucket = bucketparser(regex, output) for item in bucket: userentity = mt.addEntity("msploitego.SambaUser", item.get("Header")) userentity.setValue(item.get("Header")) userentity.addAdditionalFields("ip", "IP Address", False, ip) userentity.addAdditionalFields("port", "Port", False, port) for k, v in item.items(): userentity.addAdditionalFields(k, k.capitalize(), False, v.strip()) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smb-enum-groups", ip) if rep: for res in rep.hosts[0].scripts_results: output = res.get("output").strip().split("\n") for item in output: d = item.split() groupentity = mt.addEntity("msploitego.UserGroup", d[0]) groupentity.setValue(d[0]) groupentity.addAdditionalFields("groupname", "Group Name", False, d[0]) groupentity.addAdditionalFields("details", "Details", False, " ".join(d[1::])) groupentity.addAdditionalFields("ip", "IP Address", False, ip) groupentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): excludes = ["Nessus Scan Information"] # entitytags = ["hostid", "info", "name","vulnattemptcount"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("fromfile") ip = mt.getVar("address") host = MetasploitXML(fn).gethost(ip) vulncount = int(mt.getVar("vulncount")) if vulncount > 0: for vuln in host.vulns: vulnent = mt.addEntity("maltego.Vulnerability", vuln.name) vulnent.setValue("{}/{}".format(vuln.name, host.address)) vulnent.addAdditionalFields("refs", "References", False, ",".join([x.ref for x in vuln.refs])) vulnent.addAdditionalFields("ipaddress", "IP Address", False, host.address) vulnent.addAdditionalFields("hostid", "Host ID", False, host.id) vulnent.addAdditionalFields("os", "OS Name", False, host.osname) for tag, val in vuln: if isinstance(val, str): vulnent.addAdditionalFields(tag, tag.capitalize(), False, val) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") servicename = mt.getVar("servicename") serviceid = mt.getVar("serviceid") hostid = mt.getVar("hostid") workspace = mt.getVar("workspace") rep = scriptrunner("53,5353", "dns-random-srcport,dns-random-txid,dns-recursion,dns-service-discovery", ip, args="-sU") if rep: for service in rep.hosts[0].services: for res in service.scripts_results: output = res.get("output") dnsinfo = mt.addEntity("msploitego.DNSInformation", "{}:{}".format(res.get("id"),hostid)) dnsinfo.setValue("{}:{}".format(res.get("id"),hostid)) dnsinfo.addAdditionalFields("data", "Data", True, output) dnsinfo.addAdditionalFields("servicename", "Service Name", True, servicename) dnsinfo.addAdditionalFields("serviceid", "Service Id", True, serviceid) dnsinfo.addAdditionalFields("hostid", "Host Id", True, hostid) dnsinfo.addAdditionalFields("workspace", "Workspace", True, workspace) dnsinfo.addAdditionalFields("ip", "IP Address", False, ip) dnsinfo.addAdditionalFields("port", "Port", False, str(service.port)) dnsinfo.addAdditionalFields("protocol", "Protocol", False, service.protocol) else: mt.addUIMessage("host is either down or not responding in this port") mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() db = mt.getVar("db") hostid = mt.getVar("id") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for page in mpost.getwebpagesforhost(hostid): urlstring = "http" if "ssl" in page.get("protoname"): urlstring += "s" urlstring += "://{}:{}{}".format(ip, page.get("port"), page.get("path")) pageent = mt.addEntity("msploitego.SiteURL", urlstring) pageent.setValue(urlstring) pageent.addAdditionalFields("ip", "IP Address", False, ip) pageent.addAdditionalFields("hostid", "Host Id", False, hostid) for k, v in page.items(): if isinstance(v, datetime): pageent.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): pageent.addAdditionalFields(k, k.capitalize(), False, str(v)) for form in mpost.getwebformsforhost(hostid): urlstring = "http" if "ssl" in form.get("protoname"): urlstring += "s" urlstring += "://{}:{}{}".format(ip, form.get("port"), form.get("path")) forment = mt.addEntity("msploitego.WebForm", urlstring) forment.setValue(urlstring) for k, v in form.items(): if isinstance(v, datetime): forment.addAdditionalFields( k, k.capitalize(), False, "{}/{}/{}".format(v.day, v.month, v.year)) elif v and str(v).strip(): forment.addAdditionalFields(k, k.capitalize(), False, str(v)) forment.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput()
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") vuln = mt.getValue() path = mt.getVar("path") msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I) cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I) rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b") for ms in msreg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) msfentity.addAdditionalFields("ip", "IP Address", False, ip) for cve in cvereg.findall(vuln): bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve)) for line in bashlog: if rankreg.search(line): rank = rankreg.search(line).group(0) msfmod = re.split(" {2,}", line.lstrip()) msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0]) msfentity.setValue(msfmod[0]) msfentity.addAdditionalFields("rank", "Rank", False, rank) msfentity.addAdditionalFields("details", "Details", False, msfmod[-1]) # msfentity.addAdditionalFields("ip", "IP Address", False, ip) # bashlog = bashrunner("searchsploit -www {}".format(ms)) # for line in bashlog: # if re.search("http",line): # desc,link = line.split("|") # exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip()) # exploitentity.setValue(link.strip()) # exploitentity.addAdditionalFields("details", "Details", False, desc) # exploitentity.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") module = mt.getValue() falsepos = mt.addEntity("msploitego.Checked", "{}:{}".format(module,ip,port)) falsepos.setValue("{}:{}".format(module,ip,port)) falsepos.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") server = mt.getVar("server") workgroup = mt.getVar("workgroup") account = mt.getVar("account_used") path = mt.getVar("sambapath") domaindns = mt.getVar("domain_dns") if not path: path = "/" conn = SMBConnection('admin', 'admin', "localhost", server, domain=workgroup, use_ntlm_v2=True, is_direct_tcp=True) conn.connect(ip, int(port)) shares = conn.listShares() regex = re.compile("^\.{1,2}$") for share in shares: if not share.isSpecial and share.name not in ['NETLOGON', 'SYSVOL']: sharename = unicodedata.normalize("NFKD", share.name).encode('ascii', 'ignore') for file in conn.listPath(share.name, path): filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore') if file.isDirectory: if not regex.match(filename): entityname = "msploitego.SambaShare" newpath = "{}/{}/".format(path,filename) else: continue # subpath = conn.listPath(share.name, '/{}'.format(filename)) else: entityname = "msploitego.SambaFile" newpath = "{}/{}".format(path, filename) sambaentity = mt.addEntity(entityname,"{}/{}/{}".format(ip,sharename,filename)) sambaentity.setValue("{}/{}/{}".format(ip,sharename,filename)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("filename", "Filename", False, filename) sambaentity.addAdditionalFields("path", "Path", False, newpath) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns) sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") website = mt.addEntity("maltego.Website", "http://{}:{}".format(ip,port)) website.setValue("http://{}:{}".format(ip,port)) website.addAdditionalFields("url", "Site URL", False, "http://{}:{}".format(ip,port)) website.addAdditionalFields("ip", "IP Address", False, ip) website.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") path = mt.getVar("uri") namelink = mt.getVar("namelink") urlent = mt.addEntity("msploitego.SiteURL", namelink) urlent.setValue(namelink) urlent.addAdditionalFields("ip", "IP Address", False, ip) urlent.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "dns-nsid", ip, args="-sSU") for res in rep.hosts[0].services[0].scripts_results: id = res.get("id") if id: dnsnsid = mt.addEntity("msploitego.dnsnsid", "{}:{}".format(id,hostid)) dnsnsid.setValue("{}:{}".format(id,hostid)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): entitytags = ["name", "address", "servicecount", "osname", "state", "mac","vulncount","purpose", "osflavor", "osfamily", "notecount"] mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) fn = mt.getVar("description") mdb = MetasploitXML(fn) for host in mdb.hosts: hostentity = mt.addEntity("maltego.IPv4Address", host.address) hostentity.setValue(host.address) hostentity.addAdditionalFields("fromfile", "Source File", False, fn) tags = host.getTags() for etag in entitytags: if etag in tags: hostentity.addAdditionalFields(etag, etag, False, host.getVal(etag)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) url = mt.getValue() ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") # gobuster -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.11.1.24/ bashlog = bashrunner("gobuster -q -e -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {}".format(url)) for line in bashlog: webdir = mt.addEntity("maltego.WebDir", line.split()[0]) webdir.setValue(line.split()[0]) webdir.addAdditionalFields("ip", "IP Address", False, ip) webdir.addAdditionalFields("port", "Port", False, port) webdir.addAdditionalFields("url", "URL", False, url) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("address") hostid = mt.getVar("hostid") fn = mt.getValue() path = mt.getVar("path") bashlog = bashrunner("cat {}".format(path)) details = "".join(bashlog) if details: fileent = mt.addEntity("msploitego.LootFile", fn) fileent.setValue(fn) fileent.addAdditionalFields("details", "Details", False, details) fileent.addAdditionalFields("ip", "IP Address", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "smtp-enum-users", ip) for res in rep.hosts[0].services[0].scripts_results: output = res.get("output") for username in output.split(","): username = username.strip().lstrip() userentity = mt.addEntity("maltego.Alias", username) userentity.setValue(username) userentity.addAdditionalFields("sourceip", "Source IP", False, ip) userentity.addAdditionalFields("sourceport", "Source Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(sys.argv)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, scripts, ip, scriptargs="unsafe=1") for scriptrun in rep.hosts[0].scripts_results: id = scriptrun.get("id") if id and "ERROR" not in scriptrun.get("output"): smbvuln = mt.addEntity("msploitego.SambaVulnerability", "{}:{}".format(id,hostid)) smbvuln.setValue("{}:{}".format(id,hostid)) smbvuln.addAdditionalFields("description", "Description", False, scriptrun.get("output")) smbvuln.addAdditionalFields("IP", "IP Address", False, ip) smbvuln.addAdditionalFields("Port", "Port", False, ip) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all") if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: infoentity = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid)) infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid)) infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output")) infoentity.addAdditionalFields("ip", "IP Address", False, ip) infoentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): global nmap_proc mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "http-security-headers", ip) for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") lines = output.split("\n") for line in lines: if not line.strip(): lines.remove(line) secheader = mt.addEntity("msploitego.httpsecureheaders", output) secheader.setValue(output[0:25]) secheader.addAdditionalFields("details", "Details", False, output) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) db = mt.getValue() user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for session in mpost.getForAllHosts("sessions"): sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id"))) sessionentity.setValue(str(session.get("id"))) for k,v in session.items(): if isinstance(v,datetime): sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v)) sessionentity.addAdditionalFields("user", "User", False, user) sessionentity.addAdditionalFields("password", "Password", False, password) sessionentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip) for scriptrun in rep.hosts[0].services[0].scripts_results: scriptid = scriptrun.get("id") if scriptid.lower() == "ftp-vuln-cve2010-4221": scriptid = "cve-2010-4221" vulnentity = mt.addEntity("msploitego.FTPVulnerability", scriptid) vulnentity.setValue(scriptid) vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output")) vulnentity.addAdditionalFields("ip", "IP Address", False, ip) vulnentity.addAdditionalFields("port", "Port", False, port) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") proto = mt.getVar("proto") service = mt.getValue() rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip) if rep.hosts[0].status == "up": d = {} for res in rep.hosts[0].scripts_results: elems = res.get("elements") for k,v in elems.items(): if v and v.strip(): d.update({k:v}) server = d.get("server").split("\\")[0] workgroup = d.get("workgroup").split("\\")[0] sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup)) sambaentity.setValue("{}:{}".format(server,workgroup)) sambaentity.addAdditionalFields("ip", "IP Address", False, ip) sambaentity.addAdditionalFields("port", "Port", False, port) sambaentity.addAdditionalFields("server", "Server", False, server) sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup) sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid) sambaentity.addAdditionalFields("info", "Info", False, d.get("os")) sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn")) sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os")) sambaentity.addAdditionalFields("service.name", "Description", False, service) sambaentity.addAdditionalFields("properties.service", "Service", False, service) sambaentity.addAdditionalFields("proto", "Protocol", False, proto) for k,v in d.items(): if any(x in k for x in ["server","workgroup"]): continue sambaentity.addAdditionalFields(k, k.capitalize(), False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") machinename = mt.getVar("machinename") rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS") if rep.hosts[0].status == "up": for res in rep.hosts[0].scripts_results: output = res.get("output").split("\n") regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") bucket = bucketparser(regex,output,method="search") for item in bucket: warning = item.get("Warning") if warning and re.search("denied",warning, re.I): enitiyname = "msploitego.AccessDenied" else: enitiyname = "msploitego.SambaShare" header = item.get("Header") shareentity = mt.addEntity(enitiyname, header) shareentity.setValue(header) sharename = header.split("\\")[-1].strip().strip(":") shareentity.addAdditionalFields("sharename", "Share Name", False, sharename) shareentity.addAdditionalFields("sambashare", "Samba Share", False, header) shareentity.addAdditionalFields("ip", "IP Address", False, ip) shareentity.addAdditionalFields("port", "Port", False, port) if machinename: shareentity.addAdditionalFields("machinename", "Machine Name", False, machinename) for k,v in item.items(): if k == "Header": continue shareentity.addAdditionalFields(k.lower(), k, False, v) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") hostid = mt.getVar("hostid") if not hostid: hostid = mt.getVar("id") rep = scriptrunner(port, "msrpc-enum", ip) if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: popent = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"),hostid)) popent.setValue("{}:{}".format(scriptrun.get("id"),hostid)) popent.addAdditionalFields("description", "Description",False,scriptrun.get("output")) popent.addAdditionalFields("ip", "IP Address", False, ip) popent.addAdditionalFields("port", "Port", False, port) popent.addAdditionalFields("hostid", "Host Id", False, hostid) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): global nmap_proc mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getVar("ip") port = mt.getVar("port") rep = scriptrunner(port, "http-robots.txt", ip) if rep.hosts[0].status == "up": for scriptrun in rep.hosts[0].services[0].scripts_results: output = scriptrun.get("output") for line in output.split("\n"): if line.lstrip()[0] == "/": for d in line.lstrip().strip().split(): webdirentity = mt.addEntity("maltego.WebDir", d) webdirentity.setValue(d) webdirentity.addAdditionalFields("ip", "IP Address", False, ip) webdirentity.addAdditionalFields("port", "Port", False, port) else: mt.addUIMessage("host is {}!".format(rep.hosts[0].status)) mt.returnOutput() mt.addUIMessage("completed!")
def dotransform(args): mt = MaltegoTransform() # mt.debug(pprint(args)) mt.parseArguments(args) ip = mt.getValue() hostid = mt.getVar("id") db = mt.getVar("db") user = mt.getVar("user") password = mt.getVar("password").replace("\\", "") mpost = MsploitPostgres(user, password, db) for vuln in mpost.getforHost(ip, "vulns"): vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("name"),hostid)) vulnentity.setValue("{}:{}".format(vuln.get("name"),hostid)) vulnentity.addAdditionalFields("ip", "IP Address", True, ip) for k,v in vuln.items(): if isinstance(v,datetime): vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year)) elif v and str(v).strip(): vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v)) vulnentity.addAdditionalFields("user", "User", False, user) vulnentity.addAdditionalFields("db", "db", False, db) mt.returnOutput() mt.addUIMessage("completed!")