Maltego Advanced functionality

by Palenath

Posted on 06/20/2020

I advise you first of all to have some python base to do your custom transformation.
Maltego offers a large choice of transformations however you may find that you're missing your transformation so we'll see how to make our transformations here are some examples of custom transformations like this one:



Quidam Maltego


Or Toutatis Maltego

First of all you need a project for the example we'll see how I made a transformation that allows you to use the hashes.org api directly in maltego. First of all, start by downloading this file
MaltegoTransform.py
which will allow you to do your transformation without going through a server


from MaltegoTransform import *
import requests
hashToIdentify=sys.argv[1]#is the variable with the values of the entity from which you perform the transformation.
trx = MaltegoTransform() # I declare the class trx that corresponds to the object MaltegoTransform
apikey="yourapikey"
#I'm not going to detail what makes it possible to use the Hashes.org api because it depends on what you want to do
#To avoid detailing each function, I put a mini documentation just below.
def checkHash(hash,apikey):
    req = requests.get("https://hashes.org/api.php?key={}&query={}".format(apikey,hashToIdentify)).json()

    if req["status"]=="success":
        if str(req["result"][hashToIdentify])!=str("None"):
            return({"result":{"plaintext":req["result"][hashToIdentify]["plain"],"algorithm":req["result"][hashToIdentify]["algorithm"]}})
        else:
            return({"result":"Not Found"})
    else:
        return({"result":"Not Found"})

check = checkHash(hash,apikey)
if check["result"]!="Not Found":
    trx.addEntity("maltego.Phrase",check["result"]["plaintext"]).setNote("Plain text Hash, the Type of the Hash is "+str(check["result"]["algorithm"]))
else:
    trx.addEntity("maltego.Phrase","Not found")


print(trx.returnOutput())#Returns all entities of the trx object

Functionality of de MaltegoTransform.py :

Methods:

  • setType(type: str): Set the entity type (e.g. "Phrase" for maltego.Phrase entity)
  • setValue(value: str): Set the entity value
  • setWeight(weight: int): Set the entity weight
  • addDisplayInformation(content: str, title: str): Add display information for the entity.
  • addProperty(fieldName: str, displayName: str, matchingRule: str, value: str): Add a property to the entity. Matching rule can be strict or loose.
  • setIconURL(url: str): Set the entity icon URL
  • setBookmark(bookmark: int): Set bookmark color index (e.g. -1 for BOOKMARK_COLOR_NONE, 3 for BOOKMARK_COLOR_PURPLE)
  • setNote(note: str): Set note content

Link Methods:

  • setLinkColor(color: str): Set the link color (e.g. hex "#0000FF" for blue)
  • setLinkStyle(style: int): Set the link style index (e.g. 0 for LINK_STYLE_NORMAL, 2 for LINK_STYLE_DOTTED)
  • setLinkThickness(thick: int): Set link thickness (default is 1)
  • setLinkLabel(label: str): Set the label of the link

Installing these custom transformations in Maltego :

You have to click on

Fill you with the information of your transformation

And complete you once again with the information from your transformation


And you can use your transformation on the chosen entity you can find this transformation on my github