Maltego nmap transform

1. #!/usr/bin/perl
2. use Nmap::Parser;
3. ##############################################
4. #    Build host Entities from Nmap XML file  #
5. #  Build host Entities by onair Nmap scan    #
6. #    Build open ports Entities from host     #
7. #      Default plase for XMLout -  /root/    #
8. # input is: /path/to/nmap.xml                #
9. #           192.168.0.0-192.168.0.255        #
10. #           192.168.0.1 - previus scaned     #
11. #                                            #
12. #                              (c) r3dh4t    #
13. ##############################################
14.  
15. my $np = new Nmap::Parser;
16. my $netblock = $ARGV[0];
17.  
18. print "<MaltegoMessage>\n<MaltegoTransformResponseMessage>\n<UIMessages>\n";
19. print '<UIMessage MessageType="Inform">'."\n";
20.  
21. if (grep(/^\//,$netblock)){
22.     # if Maltego input is path to Nmap XML file
23.     $infile = "$netblock";
24. } else {
25.  if (grep(/-/,$netblock)){
26.     # if Maltego input is IP range, then deaggregate it to subnet mask for Nmap (ftp://ftp.opennet.ru/pub/sys/misk/ipcalc.pl)
27.     @netmask = `/usr/bin/perl ./ipcalc.pl $netblock`;
28.     $netscan = @netmask[1];
29.     system('nmap -PN -sS -F -O -sV --max-rtt-timeout 200ms -oX "/root/'.$netblock.'-nmap.xml"  '.$netscan.' 2>&1');
30.     $infile = '/root/'.$netblock.'-nmap.xml';
31.  }else{
32.     # if Maltego INPUT is single IP - then create open port entities;
33.     $netscan = $netblock;
34.     &PortEntities($ARGV[1]);    #In ARGV[1] Maltego sends infoarmation in <AdditionalFields> of Entity IPv4Address
35.  }
36. }
37. #my $infile = './netblock-nmap.xml';
38. print "</UIMessage>\n</UIMessages>\n<Entities>\n";
39.  
40. $np->parsefile($infile);
41. #GETTING SCAN INFORMATION
42. my $si = $np->get_session();
43.  
44. for my $host ($np->all_hosts()){        # Get scanned hosts in network
45.     $counter = 0;
46.     $host->ipv4_addr();
47.     @hst = $host->tcp_ports;            # If host is UP create Maltego Entity
48.     if (@hst){
49.      print '<Entity Type="maltego.IPv4Address"><Value>'.$host->ipv4_addr().'</Value><Weight>100</Weight><AdditionalFields>'."\n";
50.      print '<Field Name="hostname" DisplayName="hostname">'.$host->hostname().'</Field>'."\n";
51.      print '<Field Name="mac" DisplayName="MAC">'.$host->mac_addr().'</Field>'."\n";
52.  
53.       for $port ($host->tcp_ports()){           # Get host's service,ports,etc..
54.         $counter++;
55.         $service = $host->tcp_service($port);
56.         $os = $host->os_sig;
57.         $service_banner = $port.",".$service->name.",".$service->product.",".$service->version;
58.         $os_banner = $os->name.",".$os->family.",".$os->osgen();
59.  
60.         print '<Field Name="service'.$counter.'" DisplayName="Service">'.$service_banner.'</Field>'."\n";
61.       }
62.     print '<Field Name="os" DisplayName="System">'.$os_banner.'</Field>'."\n";
63.     print "</AdditionalFields></Entity>\n";
64.     }
65. }
66. print "</Entities>\n</MaltegoTransformResponseMessage>\n</MaltegoMessage>\n";
67.  
68.  
69. sub PortEntities {
70. print "</UIMessage>\n</UIMessages>\n<Entities>\n";
71.       @fields = split(/\#/,$ARGV[1]);                   # split <AdditionalFields> into array by "#"
72.       foreach (@fields) {
73.       @field = grep(/service/,$_);                      # make new array of greped values by "service'
74.         foreach (@field){
75.             if ($_){
76.               @field_name = split(/=/,$_);              # get pure port info
77.      print '<Entity Type="maltego.service"><Value>'.$field_name[1].'</Value><Weight>100</Weight></Entity>'."\n";
78.             }
79.         }
80.       }
81. print "</Entities>\n</MaltegoTransformResponseMessage>\n</MaltegoMessage>\n";
82. exit;
83. }