After activating the server, you should be able to see the Certificate Status that includes the Common Nam, start/end date of the validity of the server and days remaining till the server can be used.
Upload Certificate option is used upload the server activation certificate. If any, this will replace the certificate which is currently used to activate the server. This can be used when a renew certificate is to be uploaded.
Clicking on ‘View Admin UI’ will take you to the management console Home page. Please note that the browser accessing the Admin UI should have the same certificate which is used to activate the server currently.
This section contains the link to various configuration options of the iTDS. A short description to each option is provided next to it.
This option by far would be the most important option of the server. Here you can add/remove and manage all your individual transform.
Visiting this option for the first time will show you some example transforms already present and configured in the server. These transforms are hosted in the /var/www-nossl/TDSTransforms directory of itdsphp_1 docker container. These transforms can be used for reference or to test the successful deployment of server by adding them to the client which we will discuss down below.
Filter Table on top right corner can be used to find transforms added to the TDS. Add Transform button at bottom left can be used to add a new transform to the server but before we will discuss the purpose of seven columns for each transform.
Name: This column will display the unique name of each transform added to the TDS and there can not be more than one transform with the same unique name.
URL: This will display the complete URL of the transform where it is kept for execution.
Input Entity: This column shows on which entity will the transform run on.
MetaData: When three dots on this column is clicked, a popup message will appear and show meta data of the transform such as Description, Owner, Disclaimer, Author, Version, and Debug.
Seeds: This column shows with which seed will this transform will be distributed.
Clone: This column has a clickable icon that will clone the transform but will prompt you to provide a unique name first. Then you will be redirected to edit transform page, but the transform will be already added to the server.
Delete: This column has a clickable icon to delete a transform. You will be asked to confirm before deletion.
Clicking on Add Transform button will take you to a new page where the transform will be configured.
Let’s discuss the purpose of each field
Transform Name: This field takes in an alpha-numeric name of the transform which will be unique in this instance of the server.
Transform UI Display: This field will takes a name of the transform which will be displayed in the client when running or viewing the transform.
Transform URL: This field will take in the complete URL of the transform where transform can be executed by sending an HTTP POST request.
Do not test URL when unchecked will make a connection to the transform when the form is submitted, if the connection fail the transform will not be added to the server. To skip the URL test, check this box.
Input Entity: Every transform will have an entity on which it will run and will take it as the input.
This has two options:
Paterva Entities: Contains a list of all Maltego entities that you can choose one from.
Custom Entities: If you have a custom entity that you want to select, choose this option. Entities can be added from Entity Management option of the server.
OAuth Settings: If the transform require OAuth authentication, select the correct settings from the drop down menu. OAuth Settings can be added from OAuth Settings option.
[+ / -] Show/Hide Meta Data: This option has various fields that can be used to provide information about the transform that can be viewed from within the client.
Debug: When checked, iTDS will send all error logs to the client if there are any.
Transform Settings: This option will allow you to add certain input prompts to the transform when it is executed in the client. A transform can have zero or more Transform Settings. These Transform Settings can be added/modified in Transform Settings option.
Seeds: Each transform should belong to atleast one seed. You can choose any seed available on the server. New seed can be added/modified from Seeds option on the server.
The Maltego client uses the seed URL to discover transform, entities and machines from the iTDS.
When this option is visited for the first time, you can find an example seed already present.
On top right corner there a Filter Table option to search for seed on this instance of the server.
Add Seed at bottom left corner will allow you to add a new seed but before that let’s discuss the 8 columns displayed on this page.
Name: A unique alpha-numeric seed name of the seed.
URI-Name: A unique URI name that is a part of the actual seed.
URL: The complete URL of the seed with URI-Name at the last.
Copy Button: This button will copy the URL in clipboard and the browser will notify you.
Paired Configuration: A seed can be added with the client configuration. This configuration will be distributed to all the client which installs this seed.
View Transforms: Clicking on the three dots at this column will show a list of all transforms added to this seed.
Edit Seed: Clicking on Edit Seed button will take you to the edit page for that seed.
Delete: Clicking on this button will delete the seed after confirmation.
A new seed can be created by clicking of Add Seed button at bottom left corner of the Seeds option.
Seed Name: This is a mandatory field requiring a unique alpha-numeric name for the seed.
Seed URL: This is a mandatory field requiring a unique alpha-numeric string which will be a part of the actual Seed.
Seed Paired Configuration: This is an optional field. Upload the client export configuration to Paired Configuration option of the server that you want to be distributed using this seed.
Transforms: This is an optional setting. You can add zero or more transforms present on the iTDS to a seed. A transform can be added to multiple seeds at a time.
Transforms settings are the inputs that can be sent to a transform from within the client. Before running a transform, a user can edit the input.
By default, there are 4 Transform Settings already present in the iTDS. There is a Filter Table field on top right corner to search for Transform Settings. At bottom left corner Add Transform Setting button can be used to create a new setting page.
There are 8 columns on this page.
Name: A unique name of the setting that can be used as a key in the transform to get its value.
Type: Input data type of the setting. The value sent to the transform will still be string but can be safely be parsed as input data type.
Display: This column shows the text that will be shown as the label of the input in the client.
Default Value: The default value of the Transform Setting.
Optional: Green check mark, if the transform can be executed without giving a value to the Transform Setting. Red cross, if the Transform Setting value is a mandatory requirement for the transform to run.
Popup?: Green check mark, if the user is prompted with a pop up to input/edit the value of the transform setting before execution. Red cross, if the setting input/edit does not pop up when the transform is run.
Edit Transform Settings: This button will take you to the transform edit page
Delete: This button will delete the Transform Setting after confirmation.
Add Transform Setting
Name: A mandatory field requiring a unique name of the Transform Setting which can be used programmatically in the transform to get the value of the input.
Display: This text will be displayed as the label to the field in the client.
Type: Data type of the input in client.
Popup?: Yes or No if you want the user to be prompted to add/edit the value before running the transform. User can also check a box in the client to remember the input to prevent popup again, which will not affect the setting in the server.
Default Value: Mandatory field holding a default value for the Transform Setting. This can be modified in the client.
Optional?: True or False, allowing user to either send a value or not.
There are no OAuth settings configured on iTDS by default. The purpose of each column is:
Name: The display name of the OAuth service which will show up on the client.
Description: Short description of the setting.
Edit Transform Settings: Clicking on the Edit OAuth Setting button will take you to the edit page for the OAuth setting.
Delete: Delete button when clicked will delete the setting after confirmation.
Add OAuth Setting
Add OAuth Setting page will provide two methods in which OAuth can be configured.
Re-use previous OAuth configuration
Authenticator Name: A unique name that will be shown up in the client Service Manager.
Access Token Variable Name: The variable name which will hold the value of Access Token in transform
New OAuth configuration
Authenticator name: Name of the OAuth provider or you can name it anything.
Description: A short description of the OAuth provider.
Version: Which version of OAuth being used, the currently supported versions are OAuth 2.0 and OAuth 1.0a.
Access token endpoint: The endpoint that the Maltego client will request for the access token.
Request token endpoint: The endpoint that the Maltego client will send the user to for application approval.
Authorization URL: URL used to by the client to approve/grant access tokens. This can have hard coded URL parameters if required.
Application key: API or Application key that the developer is issued from the provider.
Application secret: API or Application secret/private key that the developer is issued from the provider.
Icon: Base64 of the 64x64 pixel Icon to be used within the Maltego client application.
Access token variable name: The variable name used within the transforms (this is what the transform will receive).
Variable description: Simply describes the variable used.
Public Key: The public key used to encrypt the access token when it is sent to the transform code itself. You can paste your own Public Key or generate a new one by clicking Generate an RSA Key Pair.
Sometimes it is necessary that new custom entities are created according to your needs and some transforms are needed to run on them. Since each transform requires an input entity, the unique name of the custom entity that you created has to be added in Entity Management so that while adding/editing the transform this new entity can be selected.
Standard Paterva entities are already added to the server. To add new entities, simply paste in the unique name of the entity in new line of the text area, then click Update Entities button at bottom to save the changes.
Paired configuration is used to share Maltego working environment. The .mtz file to be uploaded to this page can be generated from Export Config feature from the desktop client. This export file can include Entities, Icons, etc.
The purpose of each column is:
Configuration Name: Unique name given to configuration setting in iTDS.
Seeds: List of seed to which the paired configuration is attached.
Edit Config: ‘Edit Configuration’ button to allow editing to the paired configuration.
Delete: Delete Configuration to delete the configuration after confirmation.
Add Paired Configuration
To add new Paired Configuration, click on ‘Add paired configuration’ button at bottom left corner of the page
Configuration Name: Add a unique alpha-numeric name of the configuration.
Configuration File: Choose .mtz config file to be uploaded.
Seeds: Select all the seeds that you want this config file to be attached with.
Click on ‘Add Configuration’ button to upload the file and save changes.
This option is used to modify global settings of the iTDS.
Force debug on all transforms: True/False to set debug for all the transforms on the server.
Meta Information Overrides – User email address: Set transform meta email address (no used)
userFullName: Full Name of the user (not used)
username: username of the user (not used)
End user identification – Forward user identifier: If True, the iTDS will pass the Maltego API key along in the URL to the transform server otherwise not.
Hash user identifier: If True, the iTDS will do double MD5 hash of the Maltego API key otherwise not.
Save Changes button at bottom left corner will save the changes made.
This option of the iTDS will allow you to take a backup/restore of your server. This can also be helpful in migrating the server from one host to another. The backup can also be encrypted.
Entering password is optional, however it is recommended. Please use a unique and strong password.
As soon as the Create Backup button is clicked, a backup zip file will be downloaded from the web browser. This will also result in certificate being removed from the server but all the data and configuration will still be present in the server.
You can upload the certificate again to activate the server.
To restore the iTDS backup, choose the backup zip file and enter the password used to encrypt the backup if any else leave the field blank.
Click on Restore Backup button to restore the backup. This will result in resetting the server certificate. Upload the certificate again to activate the server.
This option allows you to manually remove the activation certificate from the server. This can be helpful in activating the server with the certificate with different Common Name.
While the server is hosted without an activation certificate, anyone with a valid iTDS certificate can activate the server and access the Admin UI. This will result in you being locked out of your server.
Check mark the check boxes that you understand the risk and wants to continue.
Click on Rest My Certificate button to reset the server certificate.
This section of iTDS shows some basic statistics of the iTDS
Number of Transforms: Total number of transforms present in this instance of iTDS.
Number of Seeds: Total number of seeds present in this instance of iTDS.
Number of Transform Fields: Total number of Transform Settings present in this instance of iTDS.
License Details shows the Common Name in the brackets of the server activation certificate and number of days left with expiry date of the server.
This section of the server will provide you with a link that will redirect you to the latest server documentations.