share a transform by multiple entities - multiple input_type #51
Comments
|
While there is no(t yet a) way to allow a transform to be only used by a few entities, it is possible to have it available for all the entities. The documentation states:
Unfortunately setting the However a thing that works is to create your own custom entity: class Unknown(Entity):
_category_ = 'Unknown'
_namespace_ = 'maltego'Then import your Unknown and create your transform: from <your_project>.transforms.common.entities import Unknown
class MyTransform(Transform):
input_type = Unknown
def do_transform(self, request, response, config):
pass # do magic here |
|
It would indeed be fantastic if there was support for multiple entities as input for transforms. I also really need it, and it seems many will need it if they get to build complex entity sets along with their transforms. Some have tried an even weirder approach, which is to re-implement (yes) a Maltego transform on top of the Canari framework. At least I guess they did it in that goal (Msploitego project). Thanks for sharing your hack on this, however I can foresee the coming mess when you have 200 different entities on your graph, and 10 transforms for each.... Waiting for news from the Canari maintainer, he might have an idea ! |
|
You can subclass the transform and set the entity input type without having
to rewrite your do_transform method
|
|
I've actually tried to subclass the same transform on 3 different entities (therefore ending up with 4 different classes). I doesn't work correctly for me. Let me try again and I'lll come back to you. |
|
Okay I had done something wrong, sorry for the useless complain... |
|
Anyway thanks a zillion times Allfro, I'm having so much fun with your framework. Lots of things to be done with it ! |
|
Glad to hear 😊
|
|
Regarding multiple entity type selection: I see what you mean. I think this is a problem with the Maltego client more than the framework itself. We can try to add workarounds in the framework but that may have adverse affects to the client-side in future releases. I have seen instances where this was not an issue in older versions of the client. However, this newer version is not as stable. I would open a ticket with Paterva for this. |
|
@cvandeplas, if you are kind enough to open a ticket with Paterva concerning this issue, could you keep us informed on this thread please ? |
|
Hello @cvandeplas @allfro, I again took a look at this issue of having multiple transforms with the same name when selecting different entities. Entity Inheritance - It is strongly recommended that if you do have entities that could be related to entities pre-existing in the tool that you use entity inheritance to avoid having to duplicate transforms. An example of this is the website, NS record and MX record that all inherit from the DNS entity. This means that instead of having to recreate the 'to IP Address' transform for each type we create it only once for the DNS record entity and the transform will be available to all of the different types. So, if you correctly use the fully qualified type of your Entities (so that you make a consistent Entity tree), you.... DON'T HAVE TO SUBCLASS THE TRANSFORMS IN YOUR PYTHON CODE ! (All of this sounds like you need to go back and forth between the Maltego client and the Canari Framework, understand all the implications of the namespaces and types, but at the end, everything runs fine and is easy to maintain !) |
|
@maxlandon thanks for the feedback. To my understanding this does not resolve the issue when using the default Also, an inheritance model is great to share transforms, but remains limiting on the level of flexibility. To me, the ideal way would be to allow multiple entities in the <InputConstraints>
<Entity max="1" min="1" type="maltego.Unknown"/>
</InputConstraints>You can edit this and add multiple entries: <InputConstraints>
<Entity max="1" min="1" type="maltego.Domain"/>
<Entity max="1" min="1" type="maltego.IPv4Address"/>
</InputConstraints>If you re-import this transform it will be accepted. |
|
@cvandeplas thanks for the feedback. I'll update this thread if there are "news from the frontline" concerning this ! |
|
I have several comments to add to this thread:
1. Entity inheritance doesn’t always make sense. For example, if you have a
transform that sends different kinds of entities to an API (say Person and
hash value) then subclassing person or hash doesn’t make sense. But
inheritance for something like person and owner does make sense. So using
entity inheritance isn’t the silver bullet. You have to use both transform
and entity inheritance.
2. I spent a lot of time playing with Maltego and fuzzing the profile when
building canari to see what it’s capabilities are and believe me when I say
that a lot of the things you are trying have been done before and with
mixed results. Mixed because each version of Maltego has interpreted the
profile differently. In some cases it completely corrupts Maltego’s base
profile and requires a delete of the config folder. So I would completely
avoid doing any direct editing if you want to things to work across
versions.
3. Subclassing a transform and providing it with the same display name is
as easy as setting the `display_name` class property on the subclassed
transform to match the original.
```python
class ParentTransform(Transform):
input_type = Person
class ChildTransform(ParentTransform)
display_name = “Parent Transform”
input_type = Email
```
The reason there is a one to one relationship between the transform input
type and transform is because local transforms don’t communicate the input
entity type to transforms. So you would have had to work with dictionaries
instead of Entity objects. Yuck! I wanted to abstract the entire underbelly
of Maltego and it’s api so that developers can focus on writing code and
not config files and XML. So this is why multiple entity types are not
allowed for one transform.
|
|
@allfro thanks a lot for these explanations. So: I ended up using the Transform inheritance the same way you put it in your message. I'll add a very last thing: The illustration of this message (and of the ones above as well) can be seen by looking/using my project at https://github.com/maxlandon/EffectiveCouscous/tree/v0.2. I hope this will be as useful to others as it has been to me ! |
|
Hello @allfro , two new findings (of which one enormous error of mine) I made today, maybe you can relate to them: 1) Confusing Python code Entity inheritance and Maltego code inheritance. class MetasploitHost(Entity):
_namespace = "foo.host"
prop_one = StringEntityField("")
prop_two = StringEntityField("")
class LinuxHost(MetasploitHost):
_namespace_ = "foo.host.MetasploitHost"
""" Using inheritance to get/set props on this Entity class """...And then accessing the values of host = LinuxHost()
host.name = "Foo"... because: Solution: There are 2 things to do (until proven wrong, both of them need to be done):
2) Random Maltego Client bug Finally |
Following the documentation I understand we can use inheritance to re-use code when different entities use the same logic. The
input_typefield defines which entity is allowed to use this code.This works indeed quite well.
However the downside is that this limits running a transform when the user selects multiple entities and wants to run the same transform in one click.
I have tried to set the
display_nameto the same thing, however this doesn't really result in the hoped effect:I have also tried to do put a list in the
input_type = [Domain, IPv4Address]but that does not work.Is there a way to assign multiple entities to one single transform? Or ensure one transform is created in the Transforms pane?
Thanks
The text was updated successfully, but these errors were encountered: