Getting Started
The library can be used in either Python2 or Python 3.
To install the trx library run the following command:
After installing you can create a new project by running the following command:
This will create a folder new_project with the recommend project structure.
To install all kali Linux tools, type 0 (zero) and press ENTER key. This will install all tools. It will take a while depending upon the Internet speed. Also, make sure you have sufficient space available in your hard drive. Installing all Kali Linux might consume a lot of disk space. If you don’t all tools, just install only what you want to use.
Adding a Transform:
Add a new transform by creating a new python file in the 'transforms' folder of your directory.
Any file in the folder where the class name matches the filename and the class inherits from Transform, will automatically be discovered and added to your server.
A simple transform would look like the following:
new_project/transforms/GreetPerson.py
Running The Transform Server
For Development
You can start the development server, by running the following command:
This will startup a development server that automatically reloads every time the code is changed.
For Production
You can run a gunicorn transform server, after installing gunicorn on the host machine and then running the command:
For publicly accessible servers, it is recommended to run your Gunicorn server behind proxy servers such as Nginx.
Run a Docker Transform server
The
demo
folder provides an example project. The Docker files given can be used to setup and run your project in Docker.The Dockerfile and docker-compose file can be used to easily setup and run a development transform server.
If you have copied the
docker-compose.yml
, Dockerfile
and prod.yml
files into your project,then you can use the following commands to run the server in Docker.Run the following to start the development server:
Run the following command to run a production gunicorn server:
For publicly accessible servers, it is recommended to run your Gunicorn server behind proxy servers such as Nginx.
Local Transforms
Transforms written using this library can be used as either local or server transforms.
To run a local transform from your project, you will need to pass the following arguments:
You can find the correct transform_name to use by running
python project.py list
.Caveats
The following values are not passed to local transforms, and will have dummy values in their place:
type
:local.Unknown
weight
: 100slider
: 100transformSettings
: {}
Legacy Transforms
If you have old TRX transforms that are written as functions,they can be registered with the server using the
maltego_trx.registry.register_transform_function
method.In order to port your old transforms, make two changes:
- Import the MaltegoTransform class from the
maltego_trx
package instead of from a local file. - Call the
register_transform_function
in order for the transform to be registered in your project.
For example
In the legacy transform file, change:
To:
In the
project.py
file add the following:CLI
The following commands can be run using the project.py file.
Run Server
Start a development server that you can use to develop new transforms.
List
List the available transforms together with their transform server URLs and local transform names.
Reference
Constants
The following constants can be imported from
maltego_trx.maltego
.Message Types:
UIM_FATAL
UIM_PARTIAL
UIM_INFORM
UIM_DEBUG
Bookmark Colors:
BOOKMARK_COLOR_NONE
BOOKMARK_COLOR_BLUE
BOOKMARK_COLOR_GREEN
BOOKMARK_COLOR_YELLOW
BOOKMARK_COLOR_PURPLE
BOOKMARK_COLOR_RED
Link Styles:
LINK_STYLE_NORMAL
LINK_STYLE_DASHED
LINK_STYLE_DOTTED
LINK_STYLE_DASHDOT
Request/MaltegoMsg
The request/maltego msg object given to the transform contains the information about the input entity.
Attributes:
Value: str
: The display value of the input entity on the graphWeight: int
: The weight of the input entitySlider: int
: Results slider setting in the clientType: str
: The input entity typeProperties: dict(str: str)
: A key-value dictionary of the input entity propertiesTransformSettings: dict(str: str)
: A key-value dictionary of the transform settings
Methods:
getProperty(name: str)
: get a property value of the input entitygetTransformSetting(name: str)
: get a transform setting value
Response/MaltegoTransform
Methods:
addEntity(type: str, value: str) -> Entity
: Add an entity to the transform response. Returns an Entity object created by the method.addUIMessagte(msg: str, messageType='Inform')
: Return a UI message to the user. For message type, use a message type constant.
Entity
Methods:
setType(type: str)
: Set the entity type (e.g. 'Phrase' for maltego.Phrase entity)setValue(value: str)
: Set the entity valuesetWeight(weight: int)
: Set the entity weightaddDisplayInformation(content: str, title: str)
: Add display information for the entity.addProperty(fieldName: str, displayName: str, matchingRule: str, value: str)
: Add a property to the entity. Matching rule can bestrict
orloose
.setIconURL(url: str)
: Set the entity icon URLsetBookmark(bookmark: int)
: Set bookmark color index (e.g. -1 for BOOKMARK_COLOR_NONE, 3 for BOOKMARK_COLOR_PURPLE)setNote(note: str)
: Set note content
Link Methods:
setLinkColor(color: str)
: Set the link color (e.g. hex '#0000FF' for blue)setLinkStyle(style: int)
: Set the link style index (e.g. 0 for LINK_STYLE_NORMAL, 2 for LINK_STYLE_DOTTED)setLinkThickness(thick: int)
: Set link thickness (default is 1)setLinkLabel(label: str)
: Set the label of the linkreverseLink()
: Reverse the link direction