├── .gitignore ├── LICENSE.md ├── README.md ├── local └── mcrits.conf.sample ├── mcrits.mtz └── transforms ├── MaltegoTransform.py ├── mcrits_utils.py ├── relatedactors.py ├── relatedcampaigns.py ├── relatedcertificates.py ├── relateddomains.py ├── relatedemails.py ├── relatedevents.py ├── relatedindicators.py ├── relatedips.py ├── relatedpcaps.py ├── relatedrawdatas.py ├── relatedsamples.py └── relatedscreenshots.py /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.pyc 3 | local/mcrits.conf 4 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014, Wesley Shields 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### mcrits 2 | ##### Visualize CRITs data in Maltego 3 | ------------------------------------------------- 4 | 5 | mcrits allows you to visualize your CRITs DB via local Maltego transforms. 6 | 7 | This is very unpolished code and may or may not see updates in the future 8 | depending upon community feedback. If you use mcrits and have any feedback, 9 | positive or negative, please let us know! 10 | 11 | ### Requirements 12 | 13 | mcrits requires [pycrits](https://github.com/crits/pycrits). The pycrits code 14 | is also in-flux so please be sure to stay up to date with it as the API is 15 | subject to change. 16 | 17 | ### Installation 18 | 19 | Clone the mcrits repository somewhere. 20 | 21 | ``` 22 | $ git clone git@github.com:crits/mcrits.git 23 | ``` 24 | 25 | You now need to configure mcrits for talking to your CRITs server. Copy the 26 | ```local/mcrits.conf.sample``` file to ```local/mcrits.conf``` and then edit 27 | ```local/mcrits.conf```. The contents of this file should be self-explanatory, 28 | with the exception of ```verify```, which is used to control verification of 29 | the certificate on the CRITs server. 30 | 31 | Now that things are configured you need to import the transforms and entities 32 | into Maltego. Do this by opening Maltego and clicking on the Maltego icon. 33 | Select ```Import``` then ```Import Configuration```. Navigate to the 34 | ```mcrits.mtz``` file in the mcrits repository and follow the wizard from 35 | there. 36 | 37 | The transforms are all local transforms, and as such are configured to run on 38 | my system (I'm trying to find a way to fix this). For now you will need to go 39 | to the ```Manage``` menu and select ```Manage Transforms```. For each of the 40 | CRITs transforms you need to make sure that the ```Working Directory``` points 41 | to your mcrits repository, and that the ```Command line``` points to your 42 | python binary. 43 | 44 | On the CRITs server please make sure the API is enabled. 45 | 46 | ### Using mcrits 47 | 48 | To start using mcrits pick an item from the palette and drag it to the main 49 | graph window. As this is your first object you must edit the properties of it 50 | to make sure any missing fields are populated. This always includes the ID 51 | field (this is the ID of the object in CRITs, available on the details page). 52 | Depending upon the object there may be other fields too. You only need to do 53 | this for the first object. 54 | 55 | The next step is to perform a transform on the object you just editied. This 56 | is done by right clicking the object and selecting the transform. 57 | 58 | ### Todo 59 | 60 | - Fix "working directory" problem. 61 | - Stop using CRITs specific entities where it makes sense. 62 | - Probably a ton more... ;) 63 | 64 | ### Credits 65 | 66 | - Thanks to [Brian Warehime](https://twitter.com/brian_warehime) for starting 67 | this project. 68 | - Thanks to http://www.flaticon.com/ for the icons used in mcrits 69 | -------------------------------------------------------------------------------- /local/mcrits.conf.sample: -------------------------------------------------------------------------------- 1 | [info] 2 | url = http://localhost:8000 3 | username = user 4 | api_key = 9999999999999999999999999999999999999999 5 | verify = True 6 | -------------------------------------------------------------------------------- /mcrits.mtz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crits/mcrits/5ea142ea277976c1694ca878cb4a4a4928341507/mcrits.mtz -------------------------------------------------------------------------------- /transforms/MaltegoTransform.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | ####################################################### 3 | # Maltego Python Local Transform Helper # 4 | # Version 0.2 # 5 | # # 6 | # Local transform specification can be found at: # 7 | # http://ctas.paterva.com/view/Specification # 8 | # # 9 | # For more help and other local transforms # 10 | # try the forum or mail me: # 11 | # # 12 | # http://www.paterva.com/forum # 13 | # # 14 | # Andrew MacPherson [ andrew <> Paterva.com ] # 15 | # # 16 | ####################################################### 17 | import sys 18 | 19 | class MaltegoEntity(object): 20 | value = "" 21 | weight = 100 22 | displayInformation = None 23 | additionalFields = [] 24 | iconURL = "" 25 | entityType = "Phrase" 26 | 27 | def __init__(self,eT=None,v=None): 28 | if (eT is not None): 29 | self.entityType = eT 30 | if (v is not None): 31 | self.value = sanitise(v) 32 | self.additionalFields = [] 33 | self.displayInformation = None 34 | 35 | def setType(self,eT=None): 36 | if (eT is not None): 37 | self.entityType = eT 38 | 39 | def setValue(self,eV=None): 40 | if (eV is not None): 41 | self.value = sanitise(eV) 42 | 43 | def setWeight(self,w=None): 44 | if (w is not None): 45 | self.weight = w 46 | 47 | def setDisplayInformation(self,di=None): 48 | if (di is not None): 49 | self.displayInformation = di 50 | 51 | def addAdditionalFields(self,fieldName=None,displayName=None,matchingRule=False,value=None): 52 | self.additionalFields.append([sanitise(fieldName),sanitise(displayName),matchingRule,sanitise(value)]) 53 | 54 | def setIconURL(self,iU=None): 55 | if (iU is not None): 56 | self.iconURL = iU 57 | 58 | def returnEntity(self): 59 | print "" 60 | print "" + str(self.value) + "" 61 | print "" + str(self.weight) + "" 62 | if (self.displayInformation is not None): 63 | print "" 64 | if (len(self.additionalFields) > 0): 65 | print "" 66 | for i in range(len(self.additionalFields)): 67 | if (str(self.additionalFields[i][2]) <> "strict"): 68 | print "" + str(self.additionalFields[i][3]) + "" 69 | else: 70 | print "" + str(self.additionalFields[i][3]) + "" 71 | print "" 72 | if (len(self.iconURL) > 0): 73 | print "" + self.iconURL + "" 74 | print "" 75 | 76 | class MaltegoTransform(object): 77 | entities = [] 78 | exceptions = [] 79 | UIMessages = [] 80 | values = {} 81 | 82 | def __init__(self): 83 | values = {} 84 | value = None 85 | 86 | def parseArguments(self,argv): 87 | if (argv[1] is not None): 88 | self.value = argv[1] 89 | 90 | if (len(argv) > 2): 91 | if (argv[2] is not None): 92 | vars = argv[2].split('#') 93 | for x in range(0,len(vars)): 94 | vars_values = vars[x].split('=') 95 | if (len(vars_values) == 2): 96 | self.values[vars_values[0]] = vars_values[1] 97 | 98 | def getValue(self): 99 | if (self.value is not None): 100 | return self.value 101 | 102 | def getVar(self,varName): 103 | if (varName in self.values.keys()): 104 | if (self.values[varName] is not None): 105 | return self.values[varName] 106 | 107 | def addEntity(self,enType,enValue): 108 | me = MaltegoEntity(enType,enValue) 109 | self.addEntityToMessage(me) 110 | return self.entities[len(self.entities)-1] 111 | 112 | def addEntityToMessage(self,maltegoEntity): 113 | self.entities.append(maltegoEntity) 114 | 115 | def addUIMessage(self,message,messageType="Inform"): 116 | self.UIMessages.append([messageType,message]) 117 | 118 | def addException(self,exceptionString): 119 | self.exceptions.append(exceptionString) 120 | 121 | def throwExceptions(self): 122 | print "" 123 | print "" 124 | print "" 125 | 126 | for i in range(len(self.exceptions)): 127 | print "" + self.exceptions[i] + "" 128 | print "" 129 | print "" 130 | print "" 131 | exit() 132 | 133 | def returnOutput(self): 134 | print "" 135 | print "" 136 | 137 | print "" 138 | for i in range(len(self.entities)): 139 | self.entities[i].returnEntity() 140 | print "" 141 | 142 | print "" 143 | for i in range(len(self.UIMessages)): 144 | print "" + self.UIMessages[i][1] + "" 145 | print "" 146 | 147 | print "" 148 | print "" 149 | 150 | def writeSTDERR(self,msg): 151 | sys.stderr.write(str(msg)) 152 | 153 | def heartbeat(self): 154 | self.writeSTDERR("+") 155 | 156 | def progress(self,percent): 157 | self.writeSTDERR("%" + str(percent)) 158 | 159 | def debug(self,msg): 160 | self.writeSTDERR("D:" + str(msg)) 161 | 162 | def sanitise(value): 163 | replace_these = ["&",">","<"] 164 | replace_with = ["&",">","<"] 165 | if isinstance(value, list): 166 | for j in range(0, len(value)): 167 | for i in range(0, len(replace_these)): 168 | value[j] = value[j].replace(replace_these[i], replace_with[i]) 169 | else: 170 | for i in range(0, len(replace_these)): 171 | value = value.replace(replace_these[i], replace_with[i]) 172 | return value 173 | -------------------------------------------------------------------------------- /transforms/mcrits_utils.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import ConfigParser 4 | 5 | from pycrits import pycrits 6 | 7 | class mcrits(object): 8 | def __init__(self): 9 | self.crits = self.get_crits() 10 | # Default string if no ID provided. 11 | self._NEED_ID = 'NEED ID' 12 | self._get_single_obj = { 13 | 'Sample': self.crits.sample, 14 | 'PCAP': self.crits.pcap, 15 | 'Campaign': self.crits.campaign, 16 | 'Indicator': self.crits.indicator, 17 | 'Domain': self.crits.domain, 18 | 'Event': self.crits.event, 19 | 'Certificate': self.crits.certificate, 20 | 'Email': self.crits.email, 21 | 'IP': self.crits.ip, 22 | 'RawData': self.crits.raw_data, 23 | 'Screenshot': self.crits.screenshot, 24 | 'Actor': self.crits.actor, 25 | 'ActorIdentifier': self.crits.actor_identifier 26 | } 27 | 28 | self._get_multi_obj = { 29 | 'Sample': self.crits.samples, 30 | 'PCAP': self.crits.pcaps, 31 | 'Campaign': self.crits.campaigns, 32 | 'Indicator': self.crits.indicators, 33 | 'Domain': self.crits.domains, 34 | 'Event': self.crits.events, 35 | 'Certificate': self.crits.certificates, 36 | 'Email': self.crits.emails, 37 | 'IP': self.crits.ips, 38 | 'RawData': self.crits.raw_datas, 39 | 'Screenshot': self.crits.screenshots, 40 | 'Actor': self.crits.actors, 41 | 'ActorIdentifier': self.crits.actor_identifier 42 | } 43 | 44 | def get_crits(self): 45 | configFile = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 46 | '..', 'local', 'mcrits.conf') 47 | config = ConfigParser.SafeConfigParser() 48 | config.read(configFile) 49 | url = config.get('info', 'url') 50 | api_key = config.get('info', 'api_key') 51 | username = config.get('info', 'username') 52 | verify = config.get('info', 'verify') 53 | crits = pycrits(url, username, api_key) 54 | if verify == 'False': 55 | crits.verify = False 56 | return crits 57 | 58 | def get_single_obj(self, crits_type, id_): 59 | func = self._get_single_obj.get(crits_type, None) 60 | if func == None: 61 | return {} 62 | return func(id_) 63 | 64 | def get_multi_obj(self, crits_type, params): 65 | func = self._get_multi_obj.get(crits_type, None) 66 | if func == None: 67 | return [] 68 | return func(params=params) 69 | 70 | # crits_type is the type of the object to fetch. 71 | # id_ is the ID of the object to fetch. 72 | # type_ is the type of objects to get relationships for. 73 | # Return list of tuples [(mcrits.type_, ID)]. 74 | def get_related(self, crits_type, id_, type_): 75 | results = [] 76 | if id_ == self._NEED_ID: 77 | return results 78 | 79 | obj = self.get_single_obj(crits_type, id_) 80 | 81 | for relationship in obj.get('relationships', []): 82 | if relationship['type'] == type_: 83 | results.append(("mcrits.%s" % type_, relationship['value'])) 84 | 85 | # If dealing with a campaign, walk the desired object type and find 86 | # all that are tagged with that campaign too. We already have the 87 | # campaign name in 'obj'. Do a search for all objects of desired 88 | # type tagged with that campaign. 89 | if crits_type == 'Campaign': 90 | params = {'c-campaign.name': obj['name']} 91 | for new_obj in self.get_multi_obj(type_, params): 92 | results.append(("mcrits.%s" % type_, new_obj['_id'])) 93 | return results 94 | -------------------------------------------------------------------------------- /transforms/relatedactors.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Actor'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('Actor', result[1]) 14 | # For each identifer, get the name. 15 | identifiers = [] 16 | for id_dict in obj['identifiers']: 17 | id_obj = crits.get_single_obj('ActorIdentifier', 18 | id_dict['identifier_id']) 19 | identifiers.append(id_obj['name']) 20 | ent = me.addEntity(result[0], obj['name']) 21 | ent.addAdditionalFields(fieldName='id', 22 | displayName='id', 23 | value=result[1]) 24 | ent.addAdditionalFields(fieldName='aliases', 25 | displayName='Aliases', 26 | value=obj['aliases']) 27 | ent.addAdditionalFields(fieldName='identifiers', 28 | displayName='Identifiers', 29 | value=identifiers) 30 | 31 | me.returnOutput() 32 | -------------------------------------------------------------------------------- /transforms/relatedcampaigns.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | if id_ == crits._NEED_ID: 12 | me.returnOutput() 13 | 14 | # Because we can get campaigns from two places (tagged vs related) 15 | # we need to store the mapping of id to name to make sure we don't 16 | # create two entities for the same campaign if both tagged and related. 17 | campaigns = {} 18 | 19 | # Campaigns can be used to tag objects, but also related to an object. 20 | # The loop walks each campaign this object is tagged with and fetches the 21 | # campaign object from crits via name. If the name and id are not in the 22 | # dictionary create an entity for it. 23 | obj = crits.get_single_obj(crits_type, id_) 24 | for campaign in obj.get('campaign', []): 25 | # Should only ever be one of these. 26 | campaign_obj = crits.crits.campaign_by_name(campaign['name'])[0] 27 | if (campaign['name'] in campaigns and 28 | campaigns[campaign['name']] == campaign_obj['_id']): 29 | # Repeat campaign, skip it. 30 | continue 31 | 32 | campaigns[campaign['name']] = campaign_obj['_id'] 33 | 34 | ent = me.addEntity('mcrits.Campaign', campaign['name']) 35 | ent.addAdditionalFields(fieldName='id', 36 | displayName=campaign_obj['_id'], 37 | value=campaign_obj['_id']) 38 | 39 | # This loop is the inverse of the above. For each related campaign use the 40 | # id to get the name. 41 | for result in crits.get_related(crits_type, id_, 'Campaign'): 42 | # For each related Campaign, get the name. 43 | campaignname = crits.crits.campaign(result[1])['name'] 44 | if (campaignname in campaigns and 45 | campaigns[campaignname] == result[1]): 46 | # Repeat campaign, skip it. 47 | continue 48 | 49 | campaigns[campaignname] = result[1] 50 | 51 | ent = me.addEntity(result[0], campaignname) 52 | ent.addAdditionalFields(fieldName='id', 53 | displayName=result[1], 54 | value=result[1]) 55 | 56 | me.returnOutput() 57 | -------------------------------------------------------------------------------- /transforms/relatedcertificates.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Certificate'): 12 | me.addEntity(result[0], result[1]) 13 | 14 | me.returnOutput() 15 | -------------------------------------------------------------------------------- /transforms/relateddomains.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Domain'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('Domain', result[1]) 14 | ent = me.addEntity(result[0], obj['domain']) 15 | ent.addAdditionalFields(fieldName='id', 16 | displayName='id', 17 | value=result[1]) 18 | 19 | me.returnOutput() 20 | -------------------------------------------------------------------------------- /transforms/relatedemails.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Email'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('Email', result[1]) 14 | ent = me.addEntity(result[0], result[1]) 15 | ent.addAdditionalFields(fieldName='date', 16 | displayName='Date', 17 | value=obj['date']) 18 | ent.addAdditionalFields(fieldName='from', 19 | displayName='From', 20 | value=obj.get('from', '')) 21 | ent.addAdditionalFields(fieldName='subject', 22 | displayName='subject', 23 | value=obj.get('subject', '')) 24 | 25 | me.returnOutput() 26 | -------------------------------------------------------------------------------- /transforms/relatedevents.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Event'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('Event', result[1]) 14 | ent = me.addEntity(result[0], obj['title']) 15 | ent.addAdditionalFields(fieldName='id', 16 | displayName='id', 17 | value=result[1]) 18 | 19 | me.returnOutput() 20 | -------------------------------------------------------------------------------- /transforms/relatedindicators.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Indicator'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('Indicator', result[1]) 14 | ent = me.addEntity(result[0], obj['value']) 15 | ent.addAdditionalFields(fieldName='id', 16 | displayName='id', 17 | value=result[1]) 18 | ent.addAdditionalFields(fieldName='ind_type', 19 | displayName='Indicator Type', 20 | value=obj['type']) 21 | ent.addAdditionalFields(fieldName='value', 22 | displayName='Indicator Value', 23 | value=obj['value']) 24 | 25 | me.returnOutput() 26 | -------------------------------------------------------------------------------- /transforms/relatedips.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'IP'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('IP', result[1]) 14 | ent = me.addEntity(result[0], result[1]) 15 | ent.addAdditionalFields(fieldName='ip', 16 | displayName='IP', 17 | value=obj['ip']) 18 | ent.addAdditionalFields(fieldName='type', 19 | displayName='Type', 20 | value=obj['type']) 21 | 22 | me.returnOutput() 23 | -------------------------------------------------------------------------------- /transforms/relatedpcaps.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'PCAP'): 12 | me.addEntity(result[0], result[1]) 13 | 14 | me.returnOutput() 15 | -------------------------------------------------------------------------------- /transforms/relatedrawdatas.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'RawData'): 12 | # For each related object, get the details. 13 | obj = crits.get_single_obj('RawData', result[1]) 14 | ent = me.addEntity(result[0], result[1]) 15 | ent.addAdditionalFields(fieldName='title', 16 | displayName='Title', 17 | value=obj['title']) 18 | 19 | me.returnOutput() 20 | -------------------------------------------------------------------------------- /transforms/relatedsamples.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | for result in crits.get_related(crits_type, id_, 'Sample'): 12 | me.addEntity(result[0], result[1]) 13 | 14 | me.returnOutput() 15 | -------------------------------------------------------------------------------- /transforms/relatedscreenshots.py: -------------------------------------------------------------------------------- 1 | from MaltegoTransform import * 2 | from mcrits_utils import * 3 | 4 | crits = mcrits() 5 | 6 | me = MaltegoTransform() 7 | me.parseArguments(sys.argv) 8 | id_ = me.getVar('id') 9 | crits_type = me.getVar('crits_type') 10 | 11 | # While rare, screenshots can actually be related to other objects. 12 | for result in crits.get_related(crits_type, id_, 'Screenshot'): 13 | me.addEntity(result[0], result[1]) 14 | 15 | # They are more commonly stored as a list of IDs in a given object. 16 | obj = crits.get_single_obj(crits_type, id_) 17 | for screenshot in obj.get('screenshots', []): 18 | me.addEntity('mcrits.Screenshot', screenshot) 19 | 20 | me.returnOutput() 21 | --------------------------------------------------------------------------------