Thursday 19 June 2014

Maltego Local Transform Hello World

Maltego is an open source intelligence and forensics application. It will offer timous mining and gathering of information as well as the representation of this information in a easy to understand format. Local transforms are pieces of code that run on the same machine which the client application is. 

 Ref: 
https://www.paterva.com/web6/
http://www.paterva.com/web6/documentation/developer-local.php

How we can write our own Local Transform, here is the step-by-step guide for beginner.

Run the Maltego Python Code (Ref: https://github.com/Lookingglass/Maltego)
The codes are adapted from "Lookingglass" so as to start up more easily. (not all the codes will be used in the sample files)

1. Download the zip file, it contains 3 files:
- MaltegoClass.py
- MaltegoTransform.py
- vxicon.png
putting them into the same directory.

2. MaltegoClass.py contains the EntityType, MaltegoEntity and MaltegoTransform, which are the basic classes for the Local Transform in Maltego.
Here we add our own EntityType, my.Input and my.Output, which will be used for creating a new Entity later.


3. In MaltegoTransform.py, it has our Local Transform functions and rendering the output. Here we have the helloworld which takes "myInput" as input and output as "myOutput" which we defined in MaltegoClass.py. we simply "process" the input by adding "processed" as demostration.



4. We add the function names to the dict, it can be called by adding the corresponding arguments in command line.


5. We try to run MaltegoTransform.py in command line. It returns the XML as result.
python MaltegoTransform.py helloworld 'Yeah baby!'


So now we have the MaltegoClass and MaltegoTransform ready, next step is to create the new Entity and Local Transform.

Create a new Entity
1. Choose "New Entity Type"


2. Type the information as below,
Display name: My input, which will display in the palette
Short description: whatever you like
Unique type name: it is the unique name that we will reference in our LocalTransform code
Inheritance: we choose "maltego.Phrase" here, which is text input
Icon: you may add your own icon from clicking "manage" and add the icon to Custom Category

Click"Next >"


3. Create a custom main property and click "Next >"


4. Add to category, we type our own category "My Entity Category" and click "Finish"


5 . We repeat the above steps and Create "my.Output", after we have done so, we click "Manage Entities", we can find "My Input" and "My Output"


Create Local Transform
1. Choose "Manage Transforms"


2. Create new Transform Sets, click "Transform Sets" tab, and click "New Set..", type the set name and description.


3. After creating the New Transform Set, choose "All Transform" tab and choose "New Local Transform".


4. Type the following information as below, and Input entity type as "My Input" which we created previously, and choose "Transform Set" as "My Local Transform Set" that we created before. Click "Next >"


5. Type the commands for running the Transform
Command: python (if using Windows, may change full path)
Parameters: MaltegoTransform.py helloworld (the command that runs the function)
Working directory: The location of the python files

Click "Finish"


6. "My Local Transform" is added to the list.


Create a new graph using our new Local Transform
1. Create a new graph, our new Entities are under "My Entity Category", drag "My Input" to the graph, and type the text you want.


2. Right click the icon and choose "My Local Transform Set" -> "My Local Transform".


3. It will run MaltegoTransform.py and return the results, "Processed: Yeah baby!!".



Export Configuration
After creating the new Entities, Local Transforms and icon, we can export them as *.mtz together with the python files (MaltegoClass.py and MaltegoTransform.py) for the others to use

1. Export > Export Configuration


2. Choose "Custom selection", we just want to export the new stuff we created just now.


3.  We check "Entities", "Transforms", "Transform Sets" and "Icons".


4. Expand it and check the necessary items, ie "My Input", "My Output", "My Local Transform", "My Local Transform Set" and custom icon.




Choose "Next >"

5. Save the file as "myConfig.mtz", and it can be use imported into another Maltego, and also copying the python files to the corresponding locations.



Choose "Finish". and that's all

Summary
The above is just the simple steps to create new Entities, Transforms and run the hello world function, we can develop more complex Transforms and use the power of Maltego for further investigation and analysis.

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)