Our first basic example will return the IP address (A record) associated with a DNS name. The Transform will use the built-in “socket” of Python to resolve a hostname to an IP address.
For a complete reference of the constants and methods available in the library, refer to the documentation available at: https://github.com/MaltegoTech/maltego-trx.
Create a New Project
For this first example, we will assume that a Transform Server and either a Public TDS or an Internal iTDS has been deployed.
In a development environment, start a new project using the instructions from the previous section, “Creating a Transform Server”.
Create New Transform: DNSToIP.py
In the “Transforms” directory, within the new project, create a new Python file: DNSToIP.py, with the following content:
import socket
from maltego_trx.maltego import UIM_TYPES
from maltego_trx.entities import IPAddress
from maltego_trx.transform import DiscoverableTransform
class DNSToIP(DiscoverableTransform):
"""
Receive DNS name from the client, and resolve to IP address.
"""
@classmethod
def create_entities(cls, request, response):
dns_name = request.Value
try:
ip_address = socket.gethostbyname(dns_name)
response.addEntity(IPAddress, ip_address)
except socket.error as e:
response.addUIMessage("Error: " + str(e), UIM_TYPES["partial"])
response.addUIMessage("Slider value is at: " + str(request.Slider),
UIM_TYPES["inform"])This example includes the following elements:
- Importing UI-message types (UIM_TYPE)
- Importing a standard Entity type: IPAddress
- Adding a new IP Address Entity to the response message
- Sending an error message to the user should something fail
- Reading and returning the value of the “Slider” (result limit mechanism in Maltego)
To configure the TDS, you need to know what the address of the server endpoint for the Transform is. The URL will depend on how the web-server is configured. For the development environment used here, there is a convenience method in the Python library that will list the endpoints. From within the project, run the following command:
$ python project.py list
The output of this command should be similar to this:
= Transform Server URLs = /run/dnstoip/: DNSToIP /run/greetperson/: GreetPerson = Local Transform Names = dnstoip: DNSToIP greetperson: GreetPerson
Note the URL next to the DNS2IP Transform—this is the URL that will be required when configuring the TDS.
Configure Seeds on the TDS
A Seed is a URL that points to a group of Transforms. It’s this URL that Maltego will use to load all the Transforms contained in the Seed into its internal configuration.
Thus, the first step we want to take is to create a new Seed (container). From there we will create a new Transform and place the Transform inside that Seed.
Click on Seeds. Click the Add Seed button. Provide a Seed name, a Seed URL, and then select which Transforms you want to place into the Seed. You can complete the form as follows:
Once complete, click on Add Seed.
The Seed is now configured, however, there are no Transforms in the Seed yet. Instructions to populate the Seed can be found in this article: Adding an iTDS Seed to the Maltego Desktop Client.
Configure Transform on the TDS
You can easily navigate around using the ‘bread > crumb’ at the top of the screen:
Click on the very first item, Home, to navigate to the root of the TDS.
Click on Transforms. On the Internal TDS (iTDS) you will see a screen with some PHP sample Transforms. On the Public TDS, there won’t be any Transforms configured unless you’ve previously added them.
To add a Transform, click on Add Transform. To configure the Transform, refer to the Transform Details window below:
Change the fields as follows:
| Transform Name | DNSToIP |
| Transform UI Display | DNSToIP [TRX] |
| Transform URL | http://<your-server>:8080/run/dnstoip |
| Do not test URL | Unchecked |
| Input Entity | Maltego.DNSName (from the dropdown list) |
| OAuth Settings | None |
| Transform Settings | Nothing selected (it will be configured later) |
| Seeds | Add “MyTDSSeed” to the Seeds in Use field by selecting the Seed-name in the Available Seeds list, and then clicking the right arrow next to it. |
| Edit Meta Data | (Optional) |
Click Add Transform to finish this step.
If your Transform was added successfully, you should see a confirmation at the top of the screen:
‘Successfully Inserted 'DNS2IP'’
Your Transform has been successfully added to the Seed and this Seed can now be used in Maltego.
Connect Maltego to Seed
To connect Maltego and have it discover Transforms from a Seed, some once-off configuration is needed. Copy and paste the Seed from the TDS. Go to Seeds and click the Copy icon to copy the Seed URL to your clipboard:
Debugging Transforms (for Developers)
You can start the development server, by running the following command:
$ python project.py runserver
This will start up a development server that automatically reloads every time the code is changed.
=== Maltego Transform Server: v1.3.4 === = Transform Server URLs = /run/dnstoip/: DNSToIP /run/greetperson/: GreetPerson = Local Transform Names = dnstoip: DNSToIP greetperson: GreetPerson * Serving Flask app "maltego_trx.server" (lazy loading) * Environment: production WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Debug mode: on INFO:werkzeug: * Restarting with stat === Maltego Transform Server: v1.3.4 === = Transform Server URLs = /run/dnstoip/: DNSToIP /run/greetperson/: GreetPerson = Local Transform Names = dnstoip: DNSToIP greetperson: GreetPerson WARNING:werkzeug: * Debugger is active! INFO:werkzeug: * Debugger PIN: 559-185-588 INFO:werkzeug: * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)
Deploying Transforms
For basic instructions on how to deploy Transforms in a production environment, please refer to Production Transform Server.