October 4, 2014
I’ve previously been writing on how to read and process Maltego mtgx graph archives. When you start to get a directory with a lot of them you will probably be like me “Where did I see this thing again?”
The solution can of course be done in Python like in my previous post, but let’s try a more native solution this time, zipgrep:
zipgrep will search files within a ZIP archive for lines matching the given string or pattern. zipgrep is a shell script and requires egrep(1) and unzip(1L) to function. Its output is identical to that of egrep(1).
In my testing I had 20 files, and everything worked pretty well in regard to searching the files by e.g.
zipgrep 126.96.36.199 \*.mtgx \*.graphml. The problem here being that zipgrep doesn’t seem to support printing the archive names, so thank you for that. Returning to the more basic zip tools, like zip cat was the solution in my case:
unzip -c \*.mtgx 2>&1 |egrep "(Archive: )|188.8.131.52" Archive: 1.mtgx Archive: 2.mtgx Archive: 3.mtgx Archive: 4.mtgx Archive: 5.mtgx Archive: 6.mtgx Archive: 7.mtgx Archive: 8.mtgx Archive: 9.mtgx Archive: 10.mtgx Archive: 11.mtgx Archive: 12.mtgx Archive: 13.mtgx Archive: 14.mtgx Archive: 15.mtgx Archive: 16.mtgx 184.108.40.206 Archive: 17.mtgx 220.127.116.11 Archive: 18.mtgx Archive: 19.mtgx Archive: 20.mtgx
A little Maltego archive insight helps us along speeding up the query, since the graphml file will always stay at
unzip -c \*.mtgx Graphs/Graph1.graphml 2>&1 |egrep "(Archive: )|18.104.22.168"
The latter results in the same results as given above.