Search All The Maltego Graphs
October 04 2014
I’ve previously been writing on how to read and process Maltego mtgx graph archives. When you start to get a directory with a lot of them you will probably be like me “Where did I see this thing again?”
The solution can of course be done in Python like in my previous post, but let’s try a more native solution this time, zipgrep:
zipgrep will search files within a ZIP archive for lines matching the given string or pattern. zipgrep is a shell script and requires egrep(1) and unzip(1L) to function. Its output is identical to that of egrep(1).
In my testing I had 20 files, and everything worked pretty well in
regard to searching the files by e.g.
zipgrep 18.104.22.168 \*.mtgx
\*.graphml. The problem here being that zipgrep doesn’t seem to
support printing the archive names, so thank you for
that. Returning to the more basic zip tools, like zip cat was the
solution in my case:
unzip -c \*.mtgx 2>&1 |egrep "(Archive: )|22.214.171.124" Archive: 1.mtgx Archive: 2.mtgx Archive: 3.mtgx Archive: 4.mtgx Archive: 5.mtgx Archive: 6.mtgx Archive: 7.mtgx Archive: 8.mtgx Archive: 9.mtgx Archive: 10.mtgx Archive: 11.mtgx Archive: 12.mtgx Archive: 13.mtgx Archive: 14.mtgx Archive: 15.mtgx Archive: 16.mtgx 126.96.36.199 Archive: 17.mtgx 188.8.131.52 Archive: 18.mtgx Archive: 19.mtgx Archive: 20.mtgx
A little Maltego archive insight helps us along speeding up the
query, since the graphml file will always stay at
unzip -c \*.mtgx Graphs/Graph1.graphml 2>&1 |egrep "(Archive: )|184.108.40.206"
The latter results in the same results as given above.
Read with Gemini