bug fixes, performance improvements

AddNote transform
Samba Users from enum4linux

Author: shizzz477

.gitignore

@@ -13,3 +13,4 @@ msploitego/src/msploitego/transforms/common/scratch\.py
 /msploitego/src/msploitego/transforms/smblistshares.py
 /msploitego/src/msploitego/transforms/toHashFile.py
 /msploitego/src/msploitego/transforms/enum4linuxlive.py
+/msploitego/src/msploitego/transforms/enum4sambashare.py

msploitego/src/msploitego/resources/images/post-it-note.jpg

@@ -0,0 +1,28 @@
+from pprint import pprint
+
+from common.MaltegoTransform import *
+from common.corelib import inheritvalues
+
+__author__ = 'Marc Gurreri'
+__copyright__ = 'Copyright 2018, msploitego Project'
+__credits__ = []
+__license__ = 'GPLv3'
+__version__ = '0.1'
+__maintainer__ = 'Marc Gurreri'
+__email__ = 'marcgurreri@gmail.com'
+__status__ = 'Development'
+
+def dotransform(args):
+    mt = MaltegoTransform()
+    # mt.debug(pprint(args))
+    mt.parseArguments(args)
+    noteon = mt.getValue()
+    noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon))
+    noteent.setValue("Note:{}".format(noteon))
+    noteent.addAdditionalFields("note", "Note", False, "")
+    noteent.addAdditionalFields("link", "Link", False, "")
+    inheritvalues(noteent,mt.values)
+    mt.returnOutput()
+
+dotransform(sys.argv)
+# dotransform(args)

msploitego/src/msploitego/resources/maltego/msploitego.mtz

@@ -1,12 +1,8 @@
-import re
 from pprint import pprint
-
 from common.nsescriptlib import scriptrunner
 from common.MaltegoTransform import *
 import sys
 
-from common.corelib import bucketparser
-
 __author__ = 'Marc Gurreri'
 __copyright__ = 'Copyright 2018, msploitego Project'
 __credits__ = []
@@ -17,25 +13,25 @@
 __status__ = 'Development'
 
 def dotransform(args):
-    global nmap_proc
     mt = MaltegoTransform()
     # mt.debug(pprint(args))
     mt.parseArguments(args)
     ip = mt.getVar("ip")
     port = mt.getVar("port")
 
-    rep = scriptrunner("80", "banner", ip)
+    rep = scriptrunner(port, "banner", ip, args="-sV")
     if rep:
-        for scriptrun in rep.hosts[0].services[0].scripts_results:
-            regex = re.compile("^\s+Path:")
-            results = bucketparser(regex,scriptrun.get("output").split("\n"))
-            for res in results:
-                k,v = res.get("Header").split(":",1)
-                commententity = mt.addEntity("msploitego.SourceCodeComment", v)
-                commententity.setValue(v)
-                commententity.addAdditionalFields("comment", "Comment", False, "\n".join(res.get("Details")))
-                commententity.addAdditionalFields("linenumber", "Line Number", False, res.get("Line number"))
-                commententity.addAdditionalFields("path", "Path", False, v)
+        pprint(rep)
+    # for scriptrun in rep.hosts[0].services[0].scripts_results:
+    #         regex = re.compile("^\s+Path:")
+    #         results = bucketparser(regex,scriptrun.get("output").split("\n"))
+    #         for res in results:
+    #             k,v = res.get("Header").split(":",1)
+    #             commententity = mt.addEntity("msploitego.SourceCodeComment", v)
+    #             commententity.setValue(v)
+    #             commententity.addAdditionalFields("comment", "Comment", False, "\n".join(res.get("Details")))
+    #             commententity.addAdditionalFields("linenumber", "Line Number", False, res.get("Line number"))
+    #             commententity.addAdditionalFields("path", "Path", False, v)
     else:
         mt.addUIMessage("host is either down or not responding in this port")
     mt.returnOutput()

msploitego/src/msploitego/transforms/addnote.py

@@ -16,9 +16,17 @@
     'static_var',
     'bucketparser',
     'checkAndConvertToAscii',
-    'getFileContents'
+    'getFileContents',
+    'inheritvalues'
 ]
 
+noinheritfields = ["niktofile", "properties.", "created_at","updated_at","datastore"]
+
+def inheritvalues(ent,values):
+    for k,v in values.items():
+        if v and v.strip() and not any(x in k for x in noinheritfields):
+            ent.addAdditionalFields(k, k.capitalize(), False, v)
+
 def static_var(varname, value):
     def decorate(func):
         setattr(func, varname, value)

msploitego/src/msploitego/transforms/bannergrab.py

@@ -57,7 +57,12 @@ def getServices(self,hostid):
         return self._cur.fetchall()
 
     def getSessions(self,wid):
-        sql = "SELECT sessions.id, sessions.host_id, sessions.stype, sessions.via_exploit, sessions.via_payload,   sessions.desc, sessions.port, sessions.platform,sessions.opened_at, sessions.closed_at,   sessions.close_reason, sessions.local_id, sessions.last_seen, sessions.module_run_id, hosts.workspace_id as workspaceid FROM public.sessions, public.hosts, public.workspaces WHERE hosts.id = sessions.host_id AND workspaces.id = hosts.workspace_id AND hosts.workspace_id = {};".format(wid)
+        sql = "SELECT sessions.id as sessionid, sessions.host_id, sessions.stype, sessions.via_exploit, sessions.via_payload,   sessions.desc as sessiondescription, sessions.port, sessions.platform,sessions.opened_at, sessions.closed_at, sessions.close_reason, sessions.local_id, sessions.last_seen, sessions.module_run_id, hosts.workspace_id as workspaceid, hosts.address as ip FROM public.sessions, public.hosts, public.workspaces WHERE hosts.id = sessions.host_id AND workspaces.id = hosts.workspace_id AND hosts.workspace_id = {};".format(wid)
+        self._cur.execute(sql)
+        return self._cur.fetchall()
+
+    def getSessionsForHost(self,hostid):
+        sql = "SELECT hosts.address AS ip, sessions.host_id AS hostid, sessions.stype AS sessiontype, sessions.via_exploit, sessions.via_payload, sessions.desc AS sessiondescription, sessions.port,  sessions.platform, sessions.opened_at, sessions.closed_at, sessions.close_reason,   sessions.local_id AS localid, sessions.last_seen, sessions.module_run_id, sessions.id AS sessionid FROM   public.hosts, public.sessions WHERE hosts.id = sessions.host_id AND hosts.id = {};".format(hostid)
         self._cur.execute(sql)
         return self._cur.fetchall()
 

msploitego/src/msploitego/transforms/common/corelib.py

@@ -10,23 +10,25 @@
 __email__ = 'marcgurreri@gmail.com'
 __status__ = 'Development'
 
+webservices = ["http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http","http-proxy"]
+sambaservices = ["samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns", "netbios-dgm", "netbios"]
+
 def getserviceentity(s):
     entityname = "msploitego.MetasploitService"
     try:
-        servicename = s.get("servicename")
+        servicename = s.get("servicename").lower()
     except AttributeError:
         servicename = "NoName"
     try:
-        serviceinfo = s.get("info")
+        serviceinfo = s.get("info").lower()
     except AttributeError:
         serviceinfo = None
     if s.get("state").lower() in ["filtered", "closed"]:
         return "msploitego.ClosedPort"
     else:
         if not servicename and not serviceinfo.strip():
             return "msploitego.MetasploitService"
-        if servicename in ["http", "https", "possible_wls", "www", "ncacn_http", "ccproxy-http", "ssl/http",
-                           "http-proxy"]:
+        if any(x in servicename for x in webservices):
             if serviceinfo:
                 if "iis" in s.get("info").lower():
                     return "msploitego.IISWebservice"
@@ -77,14 +79,13 @@ def getserviceentity(s):
                 return "msploitego.WebService"
         elif s.get("port") == "32768":
             return "msploitego.PotentialBackdoor"
-        elif any(
-                x in servicename for x in ["samba", "netbios-ssn", "smb", "microsoft-ds", "netbios-ns", "netbios-dgm", "netbios"]):
+        elif any(x in servicename for x in sambaservices):
             return "msploitego.SambaService"
         elif servicename == "ssh":
             return "msploitego.SSHService"
         elif servicename in ["dns", "mdns", "domain"]:
             return "msploitego.DNSService"
-        elif "rpc" in servicename:
+        elif any(x in servicename for x in ["rpc","portmap"]):
             return "msploitego.RPC"
         elif "epmap" in servicename:
             return "msploitego.epmap"
@@ -104,111 +105,111 @@ def getserviceentity(s):
             return "msploitego.finger"
         elif "imap" in servicename:
             return "msploitego.imap"
-        elif "winrm" in servicename.lower():
+        elif "winrm" in servicename:
             return "msploitego.winrm"
-        elif "nmap" in servicename.lower():
+        elif "nmap" in servicename:
             return "msploitego.Nmap"
-        elif "ldap" in servicename.lower():
+        elif "ldap" in servicename:
             return "msploitego.LDAP"
-        elif "compressnet" in servicename.lower():
+        elif "compressnet" in servicename:
             return "msploitego.compressnet"
-        elif "ansys" in servicename.lower():
+        elif "ansys" in servicename:
             return "msploitego.ansys"
-        elif "boinc" in servicename.lower():
+        elif "boinc" in servicename:
             return "msploitego.boinc"
-        elif "bakbone" in servicename.lower():
+        elif "bakbone" in servicename:
             return "msploitego.bakbonenetvault"
-        elif "cisco" in servicename.lower():
+        elif "cisco" in servicename:
             return "msploitego.CISCO"
         elif "ntp" in servicename:
             return "msploitego.ntp"
         elif "dhcp" in servicename:
             return "msploitego.DHCP"
-        elif "dbase" in servicename.lower():
+        elif "dbase" in servicename:
             return "msploitego.dBase"
-        elif "chargen" in servicename.lower():
+        elif "chargen" in servicename:
             return "msploitego.chargen"
         elif "directplaysrvr" in servicename:
             return "msploitego.directplaysrvr"
-        elif "smtp" in servicename.lower():
+        elif "smtp" in servicename:
             return "msploitego.smtp"
-        elif "ident" in servicename.lower():
+        elif "ident" in servicename:
             return "msploitego.ident"
-        elif any(x in servicename.lower() for x in ["snmp", "smux"]):
+        elif any(x in servicename for x in ["snmp", "smux"]):
             return "msploitego.SNMP"
         elif "tcpwrapped" in servicename:
             return "msploitego.tcpwrapped"
         elif "mysql" in servicename:
             return "msploitego.mysql"
-        elif any(x in servicename.lower() for x in ["mssql", "ms-sql", "dbm"]):
+        elif any(x in servicename for x in ["mssql", "ms-sql", "dbm"]):
             return "msploitego.mssql"
         elif any(x in servicename for x in ["nat-pmp", "upnp", "natpmp"]):
             return "msploitego.natpmp"
-        elif any(x in servicename.lower() for x in ["confluent", "kafka"]):
+        elif any(x in servicename for x in ["confluent", "kafka"]):
             return "msploitego.ApacheKafka"
         elif any(x in servicename for x in ["ndmp"]):
             return "msploitego.NAS"
-        elif any(x in servicename.lower() for x in ["neod", "corba"]):
+        elif any(x in servicename for x in ["neod", "corba"]):
             return "msploitego.ObjectRequestBroker"
         elif "ajp" in servicename:
             return "msploitego.ajp"
-        elif "llmnr" in servicename.lower():
+        elif "llmnr" in servicename:
             return "msploitego.llmnr"
-        elif any(x in servicename.lower() for x in ["keysrvr", "keyshadow"]):
+        elif any(x in servicename for x in ["keysrvr", "keyshadow"]):
             return "msploitego.KeyServer"
-        elif servicename.lower() in ["kerberos", "kpasswd5", "kerberos-sec", "krb524"]:
+        elif servicename in ["kerberos", "kpasswd5", "kerberos-sec", "krb524"]:
             return "msploitego.kerberos"
-        elif "msexchange-logcopier" in servicename.lower():
+        elif "msexchange-logcopier" in servicename:
             return "msploitego.MSExchangeLogCopier"
-        elif any(x in servicename.lower() for x in ["nfs", "lockd", "amiganetfs"]):
+        elif any(x in servicename for x in ["nfs", "lockd", "amiganetfs","mountd","nlockmgr"]):
             return "msploitego.nfsacl"
-        elif "x11" in servicename.lower():
+        elif "x11" in servicename:
             return "msploitego.X11"
-        elif re.search("\bsip\b|sip-proxy", servicename.lower(), re.I):
+        elif re.search("\bsip\b|sip-proxy", servicename, re.I):
             return "msploitego.SIP"
-        elif "fmtp" in servicename.lower():
+        elif "fmtp" in servicename:
             return "msploitego.fmtp"
-        elif "telnet" in servicename.lower():
+        elif "telnet" in servicename:
             return "msploitego.telnet"
-        elif any(x in servicename.lower() for x in ["rdp", "xdmcp"]):
+        elif any(x in servicename for x in ["rdp", "xdmcp"]):
             return "msploitego.rdp"
-        elif "ipp" in servicename.lower():
+        elif "ipp" in servicename:
             return "msploitego.ipp"
-        elif "vnc" in servicename.lower():
+        elif "vnc" in servicename:
             return "msploitego.vnc"
-        elif "wap-wsp" in servicename.lower():
+        elif "wap-wsp" in servicename:
             return "msploitego.wapwsp"
-        elif "blackjack" in servicename.lower():
+        elif "blackjack" in servicename:
             return "msploitego.blackjack"
-        elif any(x in servicename.lower() for x in ["backorifice", "bo2k"]):
+        elif any(x in servicename for x in ["backorifice", "bo2k"]):
             return "msploitego.backorifice"
-        elif "rtsp" in servicename.lower():
+        elif "rtsp" in servicename:
             return "msploitego.rtsp"
-        elif "bacnet" in servicename.lower():
+        elif "bacnet" in servicename:
             return "msploitego.Bacnet"
-        elif "msdtc" in servicename.lower():
+        elif "msdtc" in servicename:
             return "msploitego.msdtc"
-        elif "wfremotertm" in servicename.lower():
+        elif "wfremotertm" in servicename:
             return "msploitego.wfremotertm"
-        elif "msdp" in servicename.lower():
+        elif "msdp" in servicename:
             return "msploitego.msdp"
-        elif "ssl" in servicename.lower():
+        elif "ssl" in servicename:
             return "msploitego.ssl"
-        elif all(x in servicename.lower() for x in ["afs", "fileserver"]):
+        elif all(x in servicename for x in ["afs", "fileserver"]):
             return "msploitego.AFS"
-        elif "adobeserver" in servicename.lower():
+        elif "adobeserver" in servicename:
             return "msploitego.AdobeserverService"
-        elif "ms-wbt-server" in servicename.lower():
+        elif "ms-wbt-server" in servicename:
             return "msploitego.MicrosoftTerminalServices"
-        elif servicename.lower() in ["rmiregistry", "java-rmi"]:
+        elif servicename in ["rmiregistry", "java-rmi"]:
             return "msploitego.JavaRMI"
         elif re.match("^ams$", servicename, re.I):
             return "msploitego.AdvancedMultithreadedServer"
         elif re.search("landesk", servicename, re.I):
             return "msploitego.Landesk"
         elif re.search("xmpp", servicename, re.I):
             return "msploitego.xmpp"
-        elif any(x in servicename.lower() for x in ["lansource","citrix"]):
+        elif any(x in servicename for x in ["lansource","citrix"]):
             return "msploitego.Lansource"
     return entityname
 

msploitego/src/msploitego/transforms/common/postgresdb.py

@@ -0,0 +1,56 @@
+import re
+from pprint import pprint
+from common.MaltegoTransform import *
+import sys
+
+from common.corelib import bucketparser
+
+__author__ = 'Marc Gurreri'
+__copyright__ = 'Copyright 2018, msploitego Project'
+__credits__ = []
+__license__ = 'GPLv3'
+__version__ = '0.1'
+__maintainer__ = 'Marc Gurreri'
+__email__ = 'marcgurreri@gmail.com'
+__status__ = 'Development'
+
+def dotransform(args):
+    mt = MaltegoTransform()
+    # mt.debug(pprint(args))
+    mt.parseArguments(args)
+    cleanse = re.compile("\[\+\]|denied|warning|failed|attempted|attempting|reconnecting", re.I)
+    # cleanse = re.compile("\[\+\]|\[v\]")
+    data = mt.getVar("data").split("\n")
+    # regex = re.compile("^Sharename")
+    # results = bucketparser(regex, data, sep=" ")
+    res = []
+    for line in data:
+        if "---" in line or not line or cleanse.search(line):
+            continue
+        res.append(line)
+    pprint(res)
+    # if data:
+    #     for line in data:
+    #         sid = name = typ = ""
+    #         if line.strip() and not regex.search(line):
+    #             details = line.split()
+    #             for d in details:
+    #                 if sidex.match(d):
+    #                     sid = d
+    #                 elif namex.match(d):
+    #                     name = d
+    #                 elif re.search("group|user",d,re.I):
+    #                     typ = d.strip(")")
+    #             if name:
+    #                 if typ.lower() == "group":
+    #                     entityname = "msploitego.SambaGroupInformation"
+    #                 else:
+    #                     entityname = "msploitego.SambaUser"
+    #                 sambauser = mt.addEntity(entityname, name)
+    #                 sambauser.setValue(name)
+    #                 sambauser.addAdditionalFields("sid", "Sid", False, sid)
+    #                 sambauser.addAdditionalFields("type", "Type", False, typ)
+    mt.returnOutput()
+
+dotransform(sys.argv)
+# dotransform(args)