# Pycon Africa - Developing Maltego Transform Using Python 


### By Tendai Marengereke - @marengz 
![Maltego](https://s3.eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/data/helpdesk/attachments/production/15003703853/logo/S9Zo5lDcEal_BOxSI6kXgxymhP_kN27jYQ.png)

Maltego is a tool for interactive link analysis and data gathering. Like any large and powerful software package, it can be overwhelming at first. This workshop starts with the basics of Maltego and introduces the attendee to the tool and its transforms for network and OSINT analysis. We also explore the use of Maltego when investigating breached passwords. 

The main aim of this workshop is to provide an introduction to Maltego and the process of coding Maltego transforms using Python. 

## Create a Virtual Environment

I use virtualenvwrapper-win on windows or virtualenvwrapper but feel free to use what you prefer.  run the following command in cmd with your virtualenv activated. 

## mkvirtualenv pyconafrica

# Step 1 : Create a project folder

First install the maltego-trx library by running the following commands:

## pip install maltego-trx

After the maltego-trx library has been installed, you can use the following command to create a new project folder with the recommended layout:

## maltego-trx start pyconafrica

The command above creates a directory named "pyconafrica" which contains the "project.py" file used to run your transforms, and the "transforms" directory that contains your transform code. This produces a directory structure as shown below. Two Example Transforms are added automatically.

# Step 2 : Default Example Transforms

*pyconafrica/transforms/GreetPerson.py*

In [1]:
from maltego_trx.entities import Phrase
from maltego_trx.transform import DiscoverableTransform


class GreetPerson(DiscoverableTransform):
    """
    Returns a phrase greeting a person on the graph.
    """
    @classmethod
    def create_entities(cls, request, response):
        person_name = request.Value

        response.addEntity(Phrase, "Hi %s, nice to meet you!" % person_name)
        

This transform will not return anything to the console, but we can check that the transform has been discovered by the library using the following command in "pythonafrica" directory:

inside *pyconafrica/* run the following in cmd

## python project.py list

The above command is used to show the transforms which have been discovered by the library and are ready to use in the Maltego Client. It should output the following:

# Running The Transform Server

You can start the development server, by running the following command:

## python project.py runserver

This will startup a development server that automatically reloads every time the code

# Adding the transform to Maltego

![Add Local Transforms](https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/data/helpdesk/attachments/production/15008885846/original/4iNHwg0zGFGfKM3BHHG2xyGcOqSqPA4gDg.png?1542716349)

This will open a new wizard that guide you through the process of adding a new local transform.


The first page allows you to describe the new transform. The most important details are the "Transform ID" (which must be unique) and Input Entity Type.

![Step 1](https://i.imgur.com/W1GXkaV.png)

The next page allows you to specify the settings used to execute the transform. 

![Step 2](https://i.imgur.com/hqwdiT4.png)

# python project.py list

The Parameters for our Transform are 

project.py local greetperson

The "Working Directory" filed should be set to your project folder, in this case pyconafrica


The should be all that is required, and you can now click "Finish" to save the local transform.

# Running the Transform

![Run transform](https://i.imgur.com/K4O22ax.png)

![Run](https://i.imgur.com/IH2qxhM.png)

 We are Done Now.  
 *I think I'm quite ready for another adventure"* - Frodo Baggins 