I just released some local Maltego transforms for the site, https://crt.sh, which is a tool released by Comodo to identify SSL certificates. This site has so much potential for both sides of security, wether it be mapping an internal network, or making sure nothing wonky is going on with your certs internally.
In any case, I figured some Maltego transforms would go a long way. Before digging into the instructions below, check out the project here – https://github.com/brianwarehime/crt.sh-Maltego-Transforms
- You need to have
BeautifulSoupinstalled. Which can be done through
pip install requestsand
pip install beautifulsoup
- Grab the .mtz file I have hosted on my github, here.
- Import this .mtz file into Maltego, by going to the top-left icon, then Import, then Import Configuration.
- Grab the Python code from my Github for the transforms. You’ll grab crtsh.py and MaltegoTransform.py from this repo.
- Put crtsh.py and MaltegoTransform.py into a folder called crtsh
- Move the crtsh folder to
/opt/MaltegoYou’ll most likely need to create this folder first
Using this Transform
Once you import the transform, you’ll add a new Website entity to the graph, and enter the domain as the entity name (i.e. nullsecure.org). The transform will search for any other hosts that have certificates under your domain name (i.e. test.nullsecure.org, stuff.nullsecure.org, etc.)
That should be all you need to get going, if you run into any issues or have bug reports/issues, please shoot them to me at firstname.lastname@example.org, or on twitter @brian_warehime, or file an issue in Github.