Maltego Transforms | OSINT | crt.sh Local Transforms
I just released some local Maltego transforms for the site, https://crt.sh, which is a tool released by Comodo to identify SSL certificates. This site has so much potential for both sides of security, wether it be mapping an internal network, or making sure nothing wonky is going on with your certs internally.
In any case, I figured some Maltego transforms would go a long way. Before digging into the instructions below, check out the project here - https://github.com/brianwarehime/crt.sh-Maltego-Transforms
Requirements
- You need to have
requests
andBeautifulSoup
installed. Which can be done throughpip install requests
andpip install beautifulsoup
Installation
- Grab the .mtz file I have hosted on my github, here.
- Import this .mtz file into Maltego, by going to the top-left icon, then Import, then Import Configuration.
- Grab the Python code from my Github for the transforms. You'll grab crtsh.py and MaltegoTransform.py from this repo.
- Put crtsh.py and MaltegoTransform.py into a folder called crtsh
- Move the crtsh folder to
/opt/Maltego
You'll most likely need to create this folder first
Using this Transform
Once you import the transform, you'll add a new Website entity to the graph, and enter the domain as the entity name (i.e. nullsecure.org). The transform will search for any other hosts that have certificates under your domain name (i.e. test.nullsecure.org, stuff.nullsecure.org, etc.)
Sample Results
That should be all you need to get going, if you run into any issues or have bug reports/issues, please shoot them to me at brian@nullsecure.org, or on twitter @brian_warehime, or file an issue in Github.
Thanks!