Update

README.md

@@ -0,0 +1,56 @@
+Malformity
+==========
+
+## 1.0 Introduction
+
+Malformity is a Maltego project based upon the [Canari Framework](https://github.com/allfro/canari).
+Using this framework greatly simplifies the process of installing local transforms in [Maltego](http://paterva.com/).
+
+The project directory structure is as follows:
+
+* `src/Malformity` directory is where all your stuff goes in terms of auxiliary modules that you may need for your
+  modules
+* `src/Malformity/transforms` directory is where all your transform modules should be placed.
+* `src/Malformity/transforms/common` directory is where you can put some common code for your transforms like result
+  parsing, entities, etc.
+* `src/Malformity/transforms/common/entities.py` is where you define your custom entities.
+* `maltego/` is where you can store your Maltego entity exports.
+
+If you're going to add a new transform in the transforms directory, remember to update the `__all__` variable in
+`src/Malformity/transforms/__init__.py`. Otherwise, `canari install-package` won't attempt to install the transform.
+Alternatively, `canari create-transform <transform name>` can be used within the `src/Malformity/transforms` directory
+to generate a transform module and have it automatically added to the `__init__.py` file.
+
+## 2.0 Installing Malformity
+
+### 2.1 - Supported Platforms
+Malformity has been tests on Mac OSX. Tranforms are written in Python version 2.7.
+
+### 2.2 - Requirements
+In order to make full use of Malformity, the setup script will download additional modules.
+
+If for some reason these fail, requirements are:
+* Canari 0.5
+* Mechanize 0.2.5
+* BeautifulSoup 3.2.1
+
+### 2.3 - Installation
+```bash
+$ sudo python setup.py install
+```
+
+After completing setup, the command below can be used to install Malformity in Maltego.
+
+```bash
+$ canari install-package Malformity
+```
+
+## 3.0 Credits
+Special thanks is due to the following people:
+
+* Nadeem Douba - For creating the Canari framework and offering great support
+* [ohdae](https://github.com/ohdae) - For allowing us to include his entity set in Malformity
+
+# Contact
+
+[@digital4rensics](https://twitter.com/Digital4rensics) - www.digital4rensics.com - [email protected]

maltego/mtz2py.py

@@ -0,0 +1,52 @@
+__author__ = 'ndouba'
+
+# What: A fast track script to convert Maltego entities into canari class files.
+# Howto: Export your entities into a mtz file and then run this script against it.
+
+
+from xml.etree.cElementTree import XML
+from zipfile import ZipFile
+from re import sub
+from sys import argv
+
+zip = ZipFile(argv[1])
+entities = filter(lambda x: x.endswith('.entity'), zip.namelist())
+
+
+def normalize_fn(fn):
+    # Get rid of starting underscores or numbers and bad chars for var names in python
+    return sub(r'[^A-Za-z0-9]', '', sub(r'^[^A-Za-z]+', '', fn))
+
+
+nses = dict()
+
+for e in entities:
+    xml = XML(zip.open(e).read())
+    id_ = xml.get('id')
+
+    ens = id_.split('.')
+
+    base_classname = None
+    namespace = '.'.join(ens[:-1])
+    name = ens[-1]
+    classname = name
+
+    if namespace not in nses:
+        base_classname = '%sEntity' % (''.join([ n.title() for n in ens[:-1] ]))
+        nses[namespace] = base_classname
+
+        print 'class %s(Entity):\n    namespace = %s\n\n' % (base_classname, repr(namespace))
+    else:
+        base_classname = nses[namespace]
+
+
+    for f in xml.findall('Properties/Fields/Field'):
+        fields = [
+            'name=%s' % repr(f.get('name')),
+            'propname=%s' % repr(normalize_fn(f.get('name'))),
+            'displayname=%s' % repr(f.get('displayName'))
+
+        ]
+        print '@EntityField(%s)' % ', '.join(fields)
+
+    print 'class %s(%s):\n    pass\n\n' % (classname, base_classname)

setup.py

@@ -0,0 +1,24 @@
+from setuptools import setup, find_packages
+
+setup(
+    name='Malformity',
+    author='Keith Gilbert - @digital4rensics',
+    version='1.0',
+    author_email='[email protected]',
+    description='This project is a collection of transforms and entities to assist in Malware and Malicious Infrastructure research.',
+    license='GPL',
+    packages=find_packages('src'),
+    package_dir={ '' : 'src' },
+    zip_safe=False,
+    package_data={
+        '' : [ '*.gif', '*.png', '*.conf' ] # list of resources
+    },
+    install_requires=[
+        'canari==0.3',
+        'mechanize==0.2.5',
+        'BeautifulSoup==3.2.1',
+    ],
+    dependency_links=[
+        # custom links for the install_requires
+    ]
+)

src/Malformity.conf

@@ -0,0 +1,2 @@
+[pDNS]
+apikey = <YOUR API KEY HERE>

src/Malformity/__init__.py

@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+
+__author__ = 'Keith Gilbert - @digital4rensics'
+__copyright__ = 'Copyright 2012, Malformity Project'
+__credits__ = []
+
+__license__ = 'GPL'
+__version__ = '0.1'
+__maintainer__ = 'Keith Gilbert - @digital4rensics'
+__email__ = '[email protected]'
+__status__ = 'Development'
+__all__ = [
+    'resources',
+    'transforms'
+]

src/Malformity/resources/__init__.py

@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+
+__author__ = 'Keith Gilbert - @digital4rensics'
+__copyright__ = 'Copyright 2012, Malformity Project'
+__credits__ = []
+
+__license__ = 'GPL'
+__version__ = '0.1'
+__maintainer__ = 'Keith Gilbert - @digital4rensics'
+__email__ = '[email protected]'
+__status__ = 'Development'
+__all__ = [
+    'etc',
+    'images'
+]

src/Malformity/resources/etc/__init__.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+__author__ = 'Keith Gilbert - @digital4rensics'
+__copyright__ = 'Copyright 2012, Malformity Project'
+__credits__ = []
+
+__license__ = 'GPL'
+__version__ = '0.1'
+__maintainer__ = 'Keith Gilbert - @digital4rensics'
+__email__ = '[email protected]'
+__status__ = 'Development'

src/Malformity/resources/etc/canari.conf

@@ -0,0 +1,8 @@
+# This was generated by running: canari install MalwareResearch
+# If you'd like to override any of the default settings for this package just go ahead and change em below!
+
+[default]
+# Additional config files that should be read to merge with the current config
+configs = Malformity.conf
+
+path = ${PATH},/usr/local/bin,/opt/local/bin

src/Malformity/resources/images/__init__.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+__author__ = 'Keith Gilbert - @digital4rensics'
+__copyright__ = 'Copyright 2012, Malformity Project'
+__credits__ = []
+
+__license__ = 'GPL'
+__version__ = '0.1'
+__maintainer__ = 'Keith Gilbert - @digital4rensics'
+__email__ = '[email protected]'
+__status__ = 'Development'

src/Malformity/transforms/__init__.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+__author__ = 'Keith Gilbert - @digital4rensics'
+__copyright__ = 'Copyright 2012, Malformity Project'
+__credits__ = []
+
+__license__ = 'GPL'
+__version__ = '0.1'
+__maintainer__ = 'Keith Gilbert - @digital4rensics'
+__email__ = '[email protected]'
+__status__ = 'Development'
+__all__ = [
+    'pDNS_Domain2IP',
+    'pDNS_IP2Domain',
+    'threatexpert_hash2hiddenproc',
+    'threatexpert_hash2dhash',
+    'malwr_hash2ua',
+    'malwr_hash2dhash',
+    'malwr_hash2process',
+    'malwr_hash2url',
+    'malwr_hash2domain',
+    'malwr_hash2ip',
+    'threatexpert_hash2mutex',
+    'common',
+    'threatexpert_hash2ip',
+]

src/Malformity/transforms/common/__init__.py

@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+__author__ = 'Keith Gilbert - @digital4rensics'
+__copyright__ = 'Copyright 2012, Malformity Project'
+__credits__ = []
+
+__license__ = 'GPL'
+__version__ = '0.1'
+__maintainer__ = 'Keith Gilbert - @digital4rensics'
+__email__ = '[email protected]'
+__status__ = 'Development'
+__all__ = [
+    'entities',
+    'malwr',
+    'pdns',
+    'threatexpert'
+]