Now that you have your iTDS setup and understand how the architecture sits together you probably want to add your first custom transform. For this you need to set up a server to host your transform code that can also access the data that you want to integrate into Maltego. There are a few standard iTDS transform libraries available for writing iTDS transform in different programming languages however the most supported and recommended one to use is the TRX Python library.
TRX Python library page explains how to set up a server to host Python transforms that use the TRX framework.
Once your transform host server has been setup you can continue to the iTDS Module section below.
You are now ready navigate to the iTDS module interface where you can add a transform.
The image above shows the link to the iTDS module from the server's start page. The image below shows the home page for the iTDS module.
From the iTDS module interface you can manage the following for your iTDS:
The idea of writing transforms for Maltego may seem daunting but really its a simple process and once you have written your first transform it becomes an incredibly simple process. We will first look at building a really simple iTDS transform.
Copy the following script to your Transform Host's Webserver:
header("content-type:text/xml"); echo "<MaltegoMessage> <MaltegoTransformResponseMessage> <Entities> <Entity Type="maltego.Phrase"> <Value>Hello World</Value> <Weight>100</Weight> </Entity> </Entities> <UIMessages> </UIMessages> </MaltegoTransformResponseMessage> </MaltegoMessage>";
from Maltego import * def trx_helloWorld(m): # construct a return vessel TRX = MaltegoTransform() # Add entity Ent = TRX.addEntity('maltego.Phrase', "Hello World") # return the XML to the TDS server return TRX.returnOutput()
Save the file as something on your server that is accessible on the Internet. You can test this by browsing to the script where you should see the following (please note for the Python you may need to also specify the port of the listener and will only get back a blank page):
If you can see that then your server side is all setup, now we just need to configure the iTDS!
A seed is really just a URL that points to a group of transforms. It’s this URL that Maltego will use to load all of the transforms contained in the seed into its internal configuration. Thus, the first step we want to do is create a new seed (container). Once we’ve done that we’ll create a new transform and put the transform inside that seed.
Click on ‘Seeds’. You’ll see a list of seeds (if you have any). Click on the ‘Add Seed’ button’. You need to give a seed name, a seed URL and select which transforms you want to add into the seed.
For this basic transform setup we will just configure a Seed Name and Seed URL:
The second section that you need to configure is the transform itself. You can get to this screen by selecting "Transforms" from the home screen and then selecting "Add Transform" at the bottom left of the screen. For our transform we will simply be configuring the Transform Name,Transform UI Display,Transform URL,Input Entity and seeds:
Your output should thus look like the following before clicking 'Add Transform':
After clicking Add Transform you should see a message indicating the transform was successfully added:
The last step is to copy the Seed URL that we will use in the next section. To get to this screen again you can simply navigate to the home screen and click on the 'seeds' link. From this screen you can either click the 'Copy to Clipboard...' button or manually copy the link in the 'URL' column of the table:
Next we go to the Maltego client. Seeds are added to your Maltego client from the Transform Hub by clicking on the first item which is a plus (+) button as shown below:
After clicking the plus (+) button, the Add Transform Seed window will open. Here you can add your seed URL as well as other details about the transform seed. Such as the hub item's name and its display name.
After entering your transform seed URL and the other fields for the seed you can click "OK" and then "Install". The transform from this seed will then be installed to your Maltego client and you should see a summary page describing what was installed.
The following steps are what happens when the Maltego client installs transforms from a seed url in the transform hub:
Once installed you will be able to run the transform included in this seed when you open a new Maltego graph. It will be found under the hub item name in the context menu.
If you want to share this transform with anyone you can simply give them the URL and guide them through the installation process in the same way as which you did. And – if you change the code on the server the change will transparently happen on all clients (as the transform runs on the server). You can now add more transforms to the seed. Maltego periodically checks for new transforms in the seeds – which mean you never need to touch the client side anymore. Joy!
If you are using the TRX framework on your transform host, you will find that a sample transform is included in the framework called DNS2IP. The transform script is found in the DNSTRANSFORM.py file. This section will add this transform on your iTDS interface. This can be done by clicking 'Add Transform' under the 'Transform' section just as you did in the previous example.
The table below shows the fields that can be filled in on the transform page to add the DNS2IP transform to your iTDS:
|Change the fields as follows:|
|Input Entity:||maltego.DNSName (from the dropdown)|
|Disclaimer:||Leave empty unless you feel like putting something there|
|Description:||My first sample transform (or get creative)|
|Leave as is – we’ll get to this later|
|Seeds:||Click on ‘ExampleSeed’ to highlight.|
Click 'Add Transform' and if everything worked you should see Successfully Inserted DNS2IP':
Now the DNS2IP transform will be added to your transform seed 'ExampleSeed' that was added in the previous section. You will just need to re-install the transform hub item in your Maltego client to ensure that the Maltego client is aware of the new transform that was added to your seed.
The next sub sections explains the step-by-step process of what happens when the DNS2IP is run in your Maltego client.
Let’s see what really happens here when the transform is run. These are the steps:
After you installed the hub item from your iTDS server, Maltego knows that there’s an additional transform called DNS2IP available on the entity type Maltego.DNSName.
When you right click on a DNS Name it makes this transform visible
It sends the transform request to the iTDS server
The iTDS server knows that the transform really lives on http://<Your_DevServer_Here>:9001/DNS2IP
The iTDS makes a connection to port 9001 on the dev server and sends some XML in a POST
The Apache WSGI configuration on the dev server sends all requests on port 9001 to a file located in /var/www/TRX/TRX.wsgi
TRX.wsgi sees that it’s destined for /DNS2IP and routes it to the right piece of code
The Maltego Python library interprets the XML to something that’s easy to work with in Python and passes it along
A DNS lookup is done
The reply is wrapped back into XML by the library and the data flows back the way it came in.
Seems like a mouthful. The actual transform code is quite simple and looks like this:
def trx_DNS2IP(m): TRX = MaltegoTransform() DNSName=None try: DNSName = socket.gethostbyname(m.Value) TRX.addEntity("maltego.IPv4Address",DNSName) except socket.error as msg: TRX.addUIMessage("Problem:"+str(msg),UIM_PARTIAL) return TRX.returnOutput()
Hardly rocket science.
© Copyright 2017, Paterva PTY Limited