Python MaltegoTransform.addUIMessage方法代码示例

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def selectEvent(eventID):
    s = shelve.open(eventDB)
    s['id'] = eventID
    s['age'] = datetime.today()
    s.close()
    mt = MaltegoTransform()
    mt.addUIMessage("[Info] Event with ID %s selected for insert" % eventID)
    mt.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def returnSuccess(etype,value,event=None, mt=None):
    if not mt:
        mt = MaltegoTransform()
    if event:
        mt.addUIMessage("[Info] Successful entry of %s with value %s into event %s" % (etype, value, event))
    else:
        mt.addUIMessage("[Info] Successful entry of %s with ID %s" % (etype, value))
    mt.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def new_transform(arg):
    m = MaltegoTransform()
    url = 'http://10.1.99.250:8125/api/v1.0/%s/ip' % arg
    try:
        r = requests.get(url)
        j = r.json()
        for i in j['items']:
            ent = m.addEntity('maltego.IPv4Address', i['ipaddr'])
            ent.addAdditionalFields('workspace', 'Workspace ID', True, arg)
    except Exception as e:
        m.addUIMessage(str(e))
    m.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def createEvent(eventName):
    mt = MaltegoTransform()
    mt.addUIMessage("[Info] Creating event with the name %s" % eventName)
    event = misp.new_event(MISP_DISTRIBUTION, MISP_THREAT, MISP_ANALYSIS, eventName,None,MISP_EVENT_PUBLISH)
    eid = event['Event']['id']
    einfo = event['Event']['info']
    eorgc = event['Event']['orgc_id']
    me = MaltegoEntity('maltego.MISPEvent',eid);
    me.addAdditionalFields('EventLink', 'EventLink', False, BASE_URL + '/events/view/' + eid )
    me.addAdditionalFields('Org', 'Org', False, eorgc)
    me.addAdditionalFields('notes', 'notes', False, eorgc + ": " + einfo)
    mt.addEntityToMessage(me);
    returnSuccess("event", eid, None, mt)

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def new_transform(arg):
    m = MaltegoTransform()
    m.parseArguments(arg)
    ip = m.getVar('ipv4-address')
    wrkspc = m.getVar('workspace')
    url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/asn' % (wrkspc, ip)
    try:
        r = requests.get(url)
        j = r.json()
        for i in j['items']:
            ent = m.addEntity('maltego.AS', i['asn'])
            ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
    except Exception as e:
        m.addUIMessage(str(e))
    m.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def new_transform(arg):
    emails = []
    m = MaltegoTransform()
    m.parseArguments(arg)
    domain = m.getVar('fqdn')
    ip = m.getVar('ipaddr')
    wrkspc = m.getVar('workspace')
    url = 'http://10.1.99.250:8125/api/v1.0/%s/%s/domains' % (wrkspc, ip)
    try:
        r = requests.get(url)
        j = r.json()
        for i in j['items']:
            if domain in i['domain']:
                for x in i['data']['emails']:
                    if x not in emails:
                        emails.append(x)
        for t in emails:
            ent = m.addEntity('maltego.EmailAddress', t)
            ent.addAdditionalFields('workspace', 'Workspace ID', True, wrkspc)
    except Exception as e:
        m.addUIMessage(str(e))
    m.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
    response = urllib2.urlopen(url)
    html = response.read()

    for line in html.split("\r"):
        if "," in line:
            l = line.strip()
            type = l.split(",")[0]
            value = l.split(",")[1]
            reference = l.split(",")[2]

            if type == "DOMAIN":
                m.addEntity("maltego.Domain", value)
            if type == "IP":
                m.addEntity("maltego.IPv4Address", value)
            if type == "MD5":
                m.addEntity("malformity.Hash", value)
            if type == "EMAIL":
                m.addEntity("maltego.EmailAddress", value)

    return


if __name__ == "__main__":
    m = MaltegoTransform()
    m.addUIMessage("[INFO] Enriching malware name via ThreatCrowd")
    try:
        main()
    except Exception as e:
        m.addUIMessage("[Error] " + str(e))
    m.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
# rather than as a separate entity

import sys
import shodan
from api_key import load_key
from MaltegoTransform import *

API_KEY = load_key()

api = shodan.Shodan(API_KEY)
m = MaltegoTransform()
m.parseArguments(sys.argv)

try:
    host = api.host(sys.argv[1])
    if len(host) == 0:
        m.addUIMessage('No data in Shodan')
    else:
        data =  host['data']
        portentity = m.addEntity('maltego.IPv4Address', str(sys.argv[1]))
        for i, ports in enumerate(data):
            port = host['data'][i]['port']
            banner = host['data'][i]['data']
            port_data = str(port) + ":" + str(banner)
            port_banner_data = portentity.addAdditionalFields(str(port), "Port:Banner", True, str(port_data))

except Exception as e:
    m.addUIMessage(str(e))

m.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
def main():
    mt = MaltegoTransform()
    if len(sys.argv) != 5:
        mt.addException("You appear to be missing your uid and secret. Here is what was in your path: {s}".format(
            s=sys.argv))
        mt.throwExceptions()
    sha1 = sys.argv[3]
    censys_uid = sys.argv[1]
    censys_secret = sys.argv[2]
    auth = (censys_uid, censys_secret)
    page = 1
    query = {'query': '443.https.tls.certificate.parsed.fingerprint_sha1: \"{s}\"'.format(s=sha1),
             'fields': ['ip', '443.https.tls.certificate.parsed.subject.common_name',
                        '443.https.tls.certificate.parsed.issuer.common_name', 'updated_at'], 'page': page}
    try:
        request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query), auth=auth)
        if request.status_code == 200:
            results = request.json()
            pages = results['metadata']['pages']
            if results['metadata']['count'] > 0:
                process_results(results['results'], mt)
                if pages > 1 > 4:
                    mt.addUIMessage("Found more than one page. Getting up to the first 100 results")
                    for i in range(2, 5):
                        page = i
                        query['page'] = page
                        request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query),
                                                auth=auth)
                        if request.status_code == 200:
                            results = request.json()
                            if results['metadata']['count'] > 0:
                                process_results(results['results'], mt)
                        else:
                            if request.status_code == 400:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 429:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 404:
                                mt.addException("No info found")
                            if request.status_code == 500:
                                mt.addException("There has been a server error!!!")
                if pages < 5 > 1:
                    for i in range(2, pages):
                        page = i
                        query['page'] = page
                        request = requests.post('https://www.censys.io/api/v1/search/ipv4', data=json.dumps(query),
                                                auth=auth)
                        if request.status_code == 200:
                            results = request.json()
                            if results['metadata']['count'] > 0:
                                process_results(results['results'], mt)
                        else:
                            if request.status_code == 400:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 429:
                                results = request.json()
                                mt.addException(str(results['error']))
                            if request.status_code == 404:
                                mt.addException("No info found")
                            if request.status_code == 500:
                                mt.addException("There has been a server error!!!")
            else:
                mt.addUIMessage("No IP addresses found with this ssl cert")
            mt.returnOutput()
        else:
            if request.status_code == 400:
                results = request.json()
                mt.addException(str(results['error']))
            if request.status_code == 429:
                results = request.json()
                mt.addException(str(results['error']))
            if request.status_code == 404:
                mt.addException("No info found")
            if request.status_code == 500:
                mt.addException("There has been a server error!!!")
            mt.throwExceptions()
    except requests.exceptions.RequestException as e:
        mt.addException(str(e))
        mt.throwExceptions()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
            ent = m.addEntity('matterasmus.AmazonEC2Subnet', str(instance[0].subnet_id))
            ent.addAdditionalFields("variable", "Subnet ID", True, str(instance[0].subnet_id))
            ent = m.addEntity('matterasmus.AmazonEC2VPC', str(instance[0].vpc_id))
            ent.addAdditionalFields("variable", "VPC ID", True, str(instance[0].vpc_id))
            ent = m.addEntity('maltego.IPv4Address', str(instance[0].ip_address))
            ent.addAdditionalFields("variable", "IP Address", True, str(instance[0].ip_address))
            ent = m.addEntity('maltego.IPv4Address', str(instance[0].private_ip_address))
            ent.addAdditionalFields("variable", "Private IP Address", True, str(instance[0].private_ip_address))
            ent = m.addEntity('matterasmus.AmazonEC2Platform', str(instance[0].platform))
            ent.addAdditionalFields("variable", "Platform", True, str(instance[0].platform))
            ent = m.addEntity('matterasmus.AmazonEC2LaunchTime', str(instance[0].launch_time))
            ent.addAdditionalFields("variable", "Launch Time", True, str(instance[0].launch_time))
            ent = m.addEntity('matterasmus.AmazonEC2Key', str(instance[0].key_name))
            ent.addAdditionalFields("variable", "SSH Key", True, str(instance[0].key_name))
            # Get Security Group Information
            group_nums = len(instance[0].groups)
            group_id = instance[0].groups[0].id
            sg_name = conn.get_all_security_groups(group_ids=group_id)[0]
            sec_rules = conn.get_all_security_groups(group_ids=group_id)[0].rules
            ent = m.addEntity('matterasmus.AmazonEC2SecurityGroupName', str(sg_name).split(":")[1])
            ent.addAdditionalFields("GroupID", "Group ID", "strict", str(group_id))
            m.addUIMessage("Completed: Instance Info Fetch")
        else:
            pass
    else:
        m.addUIMessage("Completed")
except Exception as e:
    m.addUIMessage(str(e))

m.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
root = Tkinter.Tk()
root.lift()
root.withdraw()
sys.stderr.write("Click the Python icon to select a file.")
csvfilename = tkFileDialog.askopenfilename()

data = csv.DictReader(open(csvfilename), delimiter=',',fieldnames=('Event Id','Event Type','Event Title','Start Time','End Time','Precision','Count','First Published Time','Last Published Time','Sample Fragment','Entities','Locations','Source Count','Positive Sentiment','Negative Sentiment'))

next(data)

for row in data:
    event = row['Event Type']+"-"+row['Event Id']
    rfevent = mt.addEntity("recfut.RFEvent",event);
    rfevent.addAdditionalFields("eid","Event ID",False,row['Event Id']);
    rfevent.addAdditionalFields("etype","Event Type",False,row['Event Type']);
    rfevent.addAdditionalFields("title","Event Title",False,row['Event Title']);
    rfevent.addAdditionalFields("starttime","Start Time",False,row['Start Time']);
    rfevent.addAdditionalFields("stoptime","Stop Time",False,row['End Time']);
    rfevent.addAdditionalFields("fragment","Fragment",False,row['Sample Fragment']);
    rfevent.addAdditionalFields("precision","Precision",False,row['Precision']);
    rfevent.addAdditionalFields("count","Count",False,row['Count']);
    rfevent.addAdditionalFields("firstpublished","First Published",False,row['First Published Time']);
    rfevent.addAdditionalFields("lastpublished","Last Published",False,row['Last Published Time']);
    rfevent.addAdditionalFields("sourcecount","Source Count",False,row['Source Count']);
    rfevent.addAdditionalFields("pos_sentiment","Positive Sentiment",False,row['Positive Sentiment']);
    rfevent.addAdditionalFields("neg_sentiment","Negative Sentiment",False,row['Negative Sentiment']);

mt.addUIMessage("RF event load completed!")
mt.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
	
	for line in html.split('\r'):
		if "," in line:
			l = line.strip()
			type = l.split(',')[0]
			value = l.split(',')[1]
			reference = l.split(',')[2]
			
			
			if type == "Domain":
				m.addEntity("maltego.Domain", value)
			if type == "IP":
				m.addEntity("maltego.IPv4Address", value)
			if type == "MD5":
				m.addEntity("malformity.Hash", value)			
			if type == "EMAIL":
				m.addEntity("maltego.EmailAddress", value)						
				
		
	return

if __name__ == '__main__':
	m = MaltegoTransform()
	m.addUIMessage("[INFO] Enriching domain via ThreatCrowd")
	try:
		main()
	except Exception as e:
		m.addUIMessage("[Error] " + str(e))
	m.returnOutput()
	

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
		
if __name__ == "__main__":
	# Type of entity (1=IP, 2=Domain, 3=File)
	entity_type = sys.argv[1]
	query = ""
	value = ""
	if entity_type == 'ip' or entity_type == 'domain':
		# Query
		query = sys.argv[2]
		# Entity value
		value = sys.argv[3] 
	else:
		# Entity value
		value = sys.argv[2] 
		
	# Maltego Transform object
	me = MaltegoTransform() 
	
	me.addUIMessage("[INFO] Querying VirusTotal...")
	me.addUIMessage("[INFO] Input entity type: %s..." % entity_type)
	me.addUIMessage("[INFO] Value: %s..." % value)
	me.addUIMessage("[INFO] Query: %s..." % query)
	
	# To Maltego entity
	if entity_type == 'ip':
		to_entity(query_ip(query, value))
	elif entity_type == 'domain':
		to_entity(query_domain(query, value))
	elif entity_type == 'file':
		query_file(value)
	me.returnOutput()

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
#!/usr/bin/python
# Get Instance Information

from MaltegoTransform import *
import sys
import boto3

mt = MaltegoTransform()
mt.parseArguments(sys.argv)
REGION = mt.getVar('RegionName')
instance_id = mt.getVar('InstanceId')
mt.addUIMessage("Region: " + REGION)
mt.addUIMessage("Instance: " + instance_id)


# Get Instance Info
try:
    client = boto3.resource('ec2', region_name=REGION)
    instance_info = client.Instance(id=instance_id)
    ent = mt.addEntity('matterasmus.AmazonEC2InstanceType', str(instance_info.instance_type))
    ent.addAdditionalFields("InstanceType", "Instance Type", True, str(instance_info.instance_type))
    ent = mt.addEntity('matterasmus.AmazonEC2Key', str(instance_info.key_name))
    ent.addAdditionalFields("InstanceAccessKey", "Access Key", True, str(instance_info.key_name))
    ent = mt.addEntity('matterasmus.AmazonEC2Subnet', str(instance_info.subnet_id))
    ent.addAdditionalFields("variable", "Subnet ID", True, str(instance_info.subnet_id))
    # Get VPC Information
    vpc_info = client.Vpc(id=instance_info.vpc_id)
    ent = mt.addEntity('matterasmus.AmazonEC2VPC', str(vpc_info.cidr_block))
    ent.addAdditionalFields("VpcId", "VPC ID", True, str(instance_info.vpc_id))
    ent.addAdditionalFields("IPv4Address", "CIDR Block", True, str(vpc_info.cidr_block))
    ent = mt.addEntity('maltego.IPv4Address', str(instance_info.private_ip_address))

# 需要导入模块: import MaltegoTransform [as 别名]
# 或者: from MaltegoTransform import addUIMessage [as 别名]
# Maltego tranform to get FBID

from MaltegoTransform import *
import requests
import sys
from bs4 import BeautifulSoup

m = MaltegoTransform()
m.parseArguments(sys.argv)


try:
    url = "http://www.findmyfbid.com/"
    post_data = "https://www.facebook.com/" + sys.argv[1]
    user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0"
    headers = {'User-Agent': user_agent}
    req = requests.post(url, headers=headers, data = { "url": post_data})
    html_data = req.text
    soup = BeautifulSoup(html_data, 'html.parser')
    resp = str(soup.code)
    ugly1 = resp.split(">")
    ugly2 = ugly1[1].split("<")
    if resp == "<code>https://www.facebook.com</code>":
        m.addUIMessage("No ID found :(")
    else:
        m.addEntity('maltego.phrase', ugly2[0])
except Exception as e:
    m.addUIMessage(str(e))

m.returnOutput()