Converting Maltego Domains and IPs To CSV
What I'm about to show you is pretty nice if you do a lot of work in Maltego. I created it for improving my own workflow when working with domains and IP addresses, so that I didn't have to do as much manual conversion to use the data in other tools.
You may have noticed, that if you right-click a node and copy it - and then you paste it in a text-editor, you will have it pasted as graphml. Now remember our previous Python Gist in From Maltego To A Distributed Graph Environment. Instead of outputting the data to Titan, we can create a CSV file (or what format you would prefer) by adding a new method:
def printCsv(vertices): print "entity_type, value" for vertice in vertices: if options.entity_filter: if options.entity_filter==vertice['entity_type']: if vertice['entity_type']=="maltego.IPv4Address": type = "ipv4" val = vertice['value']['ipv4-address'] elif vertice['entity_type']=="maltego.Domain": type="fqdn" val = vertice['value']['fqdn'] print u"%s,%s"%(type,val) else: if vertice['entity_type']=="maltego.IPv4Address": type = "ipv4" val = vertice['value']['ipv4-address'] elif vertice['entity_type']=="maltego.Domain": type="fqdn" val = vertice['value']['fqdn'] print u"%s,%s"%(type,val)
The above is a little limited, since it ugly-implements support for outputting only Maltego's IPv4 and domain entities. I guess you get the concept, right?
Running the new
mtgx2csv Gist with
python mtgx2csv.py -f from_ctrl_c.graphml and just taking a couple of IP and domain entities and copying them to the given file will result in a list written to stdout:
entity_type, value fqdn,vg.no ipv4,184.108.40.206
You can grab a copy from this Gist to get started.
Edit 21/02: As Paterva points out, you may also right-click-copy-as-list to get the data in a key/value fashion.
That will bring you a similar list:
If you are doing manual analysis, as in the case of this post - that will take you as far as the output of the script I showed you above (and a beyond since you only get domains and IPs from mtgx2csv). If automating extraction from your graphs, you could use the mtgx2csv for that though.