next »

[Maltego Forum]

Maltego Forum » General » General Discussions
Getting started with writing transforms

[CG]

I''m probably going to get flamed but can anyone point me to any info on getting started writing transforms?

I did see the PyMaltego stuff.  is there anything else?

[RT]

CG,

We started a Maltego development list a while ago at http://groups.google.com/group/paterva-maltego. To be honest - it didn''t really take off. We were hoping for zillions of transforms...but we did not get any. A word of advise before you dash off to get the spec - we are hoping to bring back local transforms in 2.X (who knows what X is) that will allow you script transforms - probably in Python. So - feel free to download the spec and start writing code, but it might just get a lot easier in days to come. Having said that - I can''t give you timescales on local transforms. We want to do it - the question is just when.

RT

[CG]

well maybe we can start a step above.  Are the current transforms only located on the transform server and is it possible to look at the source for the existing ones?  if there were some examples and documentation on how they work i could probably get some ideas into code.

again, if this is already somewhere please point me to it, i''ll gladly read it then ask questions.

[RT]

CG,

Correct - the transforms are located on the TAS and is not open source. The framework for making the code speak to the client is open as well as the protocol for client <-> server comms.

The basic structure for a transform is easy:
1. Expand the question where applicable
2. Query the data source in the correct way
3. Parse / extract the information
4. Convert to entities and send back to client.

As an example - let''s say you want to build a transform that queries a router with SNMP (Community string would be an input for the transform) and return next-hop routers. Steps would be as follows:
1. N/A - it''s just an IP address.
2. Speak SNMP to the IP that was given as input - asking for next hops in the routing table.
3. Parse the response
4. Pack the response into an IPAddress Entity and return

Transform is run on first router, and returns all next hops. Output nodes are all selected and same transform is run on all of them. Repeat. After N rounds you''ll have a picture of all your internal routers and how they link together (of course only those where the community string is valid). Oh - and - this obviously only makes sense where the TAS is internal to your network.

The idea with transforms are always to keep them simple and rather build something interesting with a combination of transforms. For instance - if you want sub domains for a domain you could code it into one transforms, but you could also do Domain->Emailaddresses->Domain. If you then run it on domain hij.com and find an address like abc@xyz.klm.hij.com you''ll get klm.hij.com and xyz.klm.hij.com in the 3rd step as subdomains. I hope that makes sense.

OK sorry - I went off on a tangent a bit...but this should give you an idea.

RT

[CG]

RT that helps quite a bit (and a good example), let me do some more looking at the PyMaltego stuff before a follow up question, even though i do have a few churning