Advertisement
mightyroot

Maltego nmap transform

Jun 24th, 2012
847
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 3.47 KB | None | 0 0
  1. #!/usr/bin/perl
  2. use Nmap::Parser;
  3. ##############################################
  4. #    Build host Entities from Nmap XML file  #
  5. #  Build host Entities by onair Nmap scan    #
  6. #    Build open ports Entities from host     #
  7. #      Default plase for XMLout -  /root/    #
  8. # input is: /path/to/nmap.xml                #
  9. #           192.168.0.0-192.168.0.255        #
  10. #           192.168.0.1 - previus scaned     #
  11. #                                            #
  12. #                              (c) r3dh4t    #
  13. ##############################################
  14.  
  15. my $np = new Nmap::Parser;
  16. my $netblock = $ARGV[0];
  17.  
  18. print "<MaltegoMessage>\n<MaltegoTransformResponseMessage>\n<UIMessages>\n";
  19. print '<UIMessage MessageType="Inform">'."\n";
  20.  
  21. if (grep(/^\//,$netblock)){
  22.     # if Maltego input is path to Nmap XML file
  23.     $infile = "$netblock";
  24. } else {
  25.  if (grep(/-/,$netblock)){
  26.     # if Maltego input is IP range, then deaggregate it to subnet mask for Nmap (ftp://ftp.opennet.ru/pub/sys/misk/ipcalc.pl)
  27.     @netmask = `/usr/bin/perl ./ipcalc.pl $netblock`;
  28.     $netscan = @netmask[1];
  29.     system('nmap -PN -sS -F -O -sV --max-rtt-timeout 200ms -oX "/root/'.$netblock.'-nmap.xml"  '.$netscan.' 2>&1');
  30.     $infile = '/root/'.$netblock.'-nmap.xml';
  31.  }else{
  32.     # if Maltego INPUT is single IP - then create open port entities;
  33.     $netscan = $netblock;
  34.     &PortEntities($ARGV[1]);    #In ARGV[1] Maltego sends infoarmation in <AdditionalFields> of Entity IPv4Address
  35.  }
  36. }
  37. #my $infile = './netblock-nmap.xml';
  38. print "</UIMessage>\n</UIMessages>\n<Entities>\n";
  39.  
  40. $np->parsefile($infile);
  41. #GETTING SCAN INFORMATION
  42. my $si = $np->get_session();
  43.  
  44. for my $host ($np->all_hosts()){        # Get scanned hosts in network
  45.     $counter = 0;
  46.     $host->ipv4_addr();
  47.     @hst = $host->tcp_ports;            # If host is UP create Maltego Entity
  48.     if (@hst){
  49.      print '<Entity Type="maltego.IPv4Address"><Value>'.$host->ipv4_addr().'</Value><Weight>100</Weight><AdditionalFields>'."\n";
  50.      print '<Field Name="hostname" DisplayName="hostname">'.$host->hostname().'</Field>'."\n";
  51.      print '<Field Name="mac" DisplayName="MAC">'.$host->mac_addr().'</Field>'."\n";
  52.  
  53.       for $port ($host->tcp_ports()){           # Get host's service,ports,etc..
  54.         $counter++;
  55.         $service = $host->tcp_service($port);
  56.         $os = $host->os_sig;
  57.         $service_banner = $port.",".$service->name.",".$service->product.",".$service->version;
  58.         $os_banner = $os->name.",".$os->family.",".$os->osgen();
  59.  
  60.         print '<Field Name="service'.$counter.'" DisplayName="Service">'.$service_banner.'</Field>'."\n";
  61.       }
  62.     print '<Field Name="os" DisplayName="System">'.$os_banner.'</Field>'."\n";
  63.     print "</AdditionalFields></Entity>\n";
  64.     }
  65. }
  66. print "</Entities>\n</MaltegoTransformResponseMessage>\n</MaltegoMessage>\n";
  67.  
  68.  
  69. sub PortEntities {
  70. print "</UIMessage>\n</UIMessages>\n<Entities>\n";
  71.       @fields = split(/\#/,$ARGV[1]);                   # split <AdditionalFields> into array by "#"
  72.       foreach (@fields) {
  73.       @field = grep(/service/,$_);                      # make new array of greped values by "service'
  74.         foreach (@field){
  75.             if ($_){
  76.               @field_name = split(/=/,$_);              # get pure port info
  77.      print '<Entity Type="maltego.service"><Value>'.$field_name[1].'</Value><Weight>100</Weight></Entity>'."\n";
  78.             }
  79.         }
  80.       }
  81. print "</Entities>\n</MaltegoTransformResponseMessage>\n</MaltegoMessage>\n";
  82. exit;
  83. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement