本文整理汇总了Python中MaltegoTransform.addEntityToMessage方法的典型用法代码示例。如果您正苦于以下问题:Python MaltegoTransform.addEntityToMessage方法的具体用法?Python MaltegoTransform.addEntityToMessage怎么用?Python MaltegoTransform.addEntityToMessage使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类MaltegoTransform的用法示例。
在下文中一共展示了MaltegoTransform.addEntityToMessage方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide an ip_addr!")
sys.exit()
else:
input = sys.argv[1].split("=")
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
if ip_addr != "":
ip = ip_addr.split(".")
ip_addr = ip[0] + "." + ip[1] + "." + ip[2]
input = '"%' + ip_addr + '%"'
sql1 = "SELECT * FROM ip where ip_addr like " + input
# checking database, ip table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
source = found1[i][2]
ip_addr = found1[i][5]
# adding entity IP Entity
if ip_addr != "" and ip_addr != sys.argv[1]:
entity = MaltegoEntity()
entity.setType("maltego.IPv4Address")
entity.setValue(ip_addr)
entity.addAdditionalFields("link#maltego.link.color", "", True, "0x808080")
me.addEntityToMessage(entity)
else:
# print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()示例2: createEvent
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def createEvent(eventName):
mt = MaltegoTransform()
mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName,None,MISP_EVENT_PUBLISH)
eid = event['Event']['id']
einfo = event['Event']['info']
eorgc = event['Event']['orgc_id']
me = MaltegoEntity('maltego.MISPEvent',eid);
me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid )
me.addAdditionalFields('Org', 'Org', False, eorgc)
me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
mt.addEntityToMessage(me);
returnSuccess("event", eid, None, mt)示例3: main
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def main():
# open database and create a cursor object
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
email = input[1]
else:
email = input[0]
e = email.split('@')
input = '"%' + e[1] + '%"'
sql1 = "SELECT * FROM whois where email like " + input
sql2 = "SELECT * FROM passive_whois where email like " + input
# checking database, whois table
c.execute(sql1)
found1 = c.fetchall()
if found1 is not None:
for i in range(0, len(found1)):
domain = found1[i][3]
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# checking database, passive_whois table
c.execute(sql2)
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
domain = found2[i][3]
scan_date = found2[i][4]
c_date = found2[i][5]
registrar = found2[i][6]
nameServer = found2[i][7]
email = found2[i][8]
tel = found2[i][9]
registrant = found2[i][10]
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808000')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()示例4: main
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
name = input[1]
else:
name = input[0]
#print "Checking ... " + name
c.execute("SELECT * FROM samples where name=?", ((name),))
found = c.fetchone()
if found is not None:
sid = found[0]
md5sum = found[1]
# checking database, detects
c.execute("SELECT * FROM detects where sid=? and (vendor='AcAfee' or vendor='Kaspersky' or vendor='F-Secure')", ((sid),))
found1 = c.fetchone()
if found1 is not None:
result = found1[3]
entity = MaltegoEntity()
entity.setType("ran2.exploits")
entity.setValue(result)
entity.addAdditionalFields('notes#', '', True, md5sum)
me.addEntityToMessage(entity)
# checking database, c2 table
c.execute("SELECT * FROM c2 where sid=?", ((sid),))
found2 = c.fetchall()
if found2 is not None:
for i in range(0, len(found2)):
scan_date = found2[i][2]
dns = found2[i][3]
ip_addr = found2[i][4]
# adding entity hostname + ip_addr (scan_date) ...
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
entity = MaltegoEntity()
entity.setType("ran2.c2Hostname")
entity.setValue(dns)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", name + " is not found")
me.returnOutput()
conn.commit()
c.close()示例5: main
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
domain = input[1]
else:
domain = input[0]
# checking database, domain table
c.execute("SELECT * FROM domains where domain=?", ((domain),))
found = c.fetchone()
if found is not None:
sid = found[0]
# checking database, whois
c.execute("SELECT * FROM whois where sid=? and source='domains'", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity registrant
if registrant != '':
entity = MaltegoEntity()
entity.setType("ran2.registrant")
entity.setValue(registrant)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
entity.addAdditionalFields('notes#', '', True, tel)
me.addEntityToMessage(entity)
# adding entity email
if email != '':
entity = MaltegoEntity()
entity.setType("maltego.EmailAddress")
entity.setValue(email)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
# adding entity registrar
if registrar != '':
entity = MaltegoEntity()
entity.setType("ran2.registrar")
entity.setValue(registrar)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, c_date)
me.addEntityToMessage(entity)
# adding entity nameServer
if nameServer != '':
entity = MaltegoEntity()
entity.setType("maltego.NSRecord")
entity.setValue(nameServer)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
# checking database, passive_domain table
c.execute("SELECT * FROM passive_domains where domain=?", ((domain),))
found = c.fetchone()
if found is not None:
sid = found[0]
# checking database, passive_whois
c.execute("SELECT * FROM passive_whois where sid=? and source='passive_domains'", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][4]
c_date = found1[i][5]
registrar = found1[i][6]
nameServer = found1[i][7]
email = found1[i][8]
tel = found1[i][9]
registrant = found1[i][10]
# adding entity registrant
if registrant != '':
#.........这里部分代码省略.........
示例6: main
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
dns = input[1]
else:
dns = input[0]
# checking database, passive_dns table
c.execute("SELECT * FROM passive_dns where dns=?", ((dns),))
found = c.fetchone()
if found is not None:
# adding entity ip ...
id = found[0]
sid = found[1]
source = found[2]
resolve_date = found[4]
# checking database, ip
if source == 'c2':
c.execute("SELECT * FROM c2 where id=?", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][2]
ip_addr = found1[i][4]
# adding entity ip (resolve_date)
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', True, resolve_date)
me.addEntityToMessage(entity)
# checking database, c2 table
c.execute("SELECT * FROM c2 where dns=?", ((dns),))
found = c.fetchone()
if found is not None:
# adding entity ip ...
id = found[0]
sid = found[1]
scan_date = found[2]
ip_addr = found[4]
entity = MaltegoEntity()
entity.setType("ran2.c2Address")
entity.setValue(ip_addr)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
me.addEntityToMessage(entity)
me.returnOutput()
conn.commit()
c.close()示例7: main
# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addEntityToMessage [as 别名]
def main():
# init Maltego
me = MaltegoTransform()
# open database and create a cursor object
if not os.path.isfile(DBNAME):
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "Database file not found " + DBNAME)
conn = sqlite3.connect(DBNAME)
conn.text_factory = str
c = conn.cursor()
if len(sys.argv) == 1:
me.addEntity("maltego.Phrase", "You must provide a Sample name!")
sys.exit()
else:
input = sys.argv[1].split('=')
if len(input) == 2:
ip_addr = input[1]
else:
ip_addr = input[0]
# checking database, ip table
c.execute("SELECT * FROM ip where ip_addr=?", ((ip_addr),))
found = c.fetchone()
if found is not None:
# adding entity domains...
sid = found[0]
# checking database, domains
c.execute("SELECT * FROM domains where sid=? and source='ip'", ((sid),))
found1 = c.fetchall()
#print "records =" + str(len(found1))
if found1 is not None:
for i in range(0, len(found1)):
scan_date = found1[i][3]
domain = found1[i][4]
Cname = found1[i][5]
# adding entity domain (Cname)
entity = MaltegoEntity()
entity.setType("ran2.c2Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0xFF0000')
entity.addAdditionalFields('notes#', '', True, Cname)
me.addEntityToMessage(entity)
# adding entity passive domains...
c.execute("SELECT * FROM passive_domains where sid=? and source='ip'", ((sid),))
found2 = c.fetchall()
#print "records =" + str(len(found2))
if found2 is not None:
for j in range(0, len(found2)):
scan_date = found2[j][3]
domain = found2[j][4]
Cname = found2[j][5]
# adding entity domain (Cname)
entity = MaltegoEntity()
entity.setType("maltego.Domain")
entity.setValue(domain)
entity.addAdditionalFields('link#maltego.link.label', '', True, scan_date)
entity.addAdditionalFields('link#maltego.link.color', '', True, '0x808080')
entity.addAdditionalFields('notes#', '', False, Cname)
me.addEntityToMessage(entity)
else:
#print "Collecting intelligence from the Internet ..."
me.addEntity("maltego.Phrase", "no sample info found ...")
me.returnOutput()
conn.commit()
c.close()