{"id":13790635,"url":"https://github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform","last_synced_at":"2025-05-12T09:33:01.175Z","repository":{"id":103990425,"uuid":"344845081","full_name":"INTERPOL-Innovation-Centre/GraphSense-Maltego-transform","owner":"INTERPOL-Innovation-Centre","description":"Query GraphSense clusters,  details and attribution tag-packs directly in Maltego. By an initial idea of our Swiss Federal Police colleagues.","archived":false,"fork":false,"pushed_at":"2024-12-22T10:34:54.000Z","size":22150,"stargazers_count":24,"open_issues_count":5,"forks_count":7,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-12-22T11:31:00.280Z","etag":null,"topics":["analytics","analytics-platform","bitcoin","bitcoin-cash","ethereum","graphsense","litecoin","maltego","maltego-transformations","zcash"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/INTERPOL-Innovation-Centre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-05T15:02:02.000Z","updated_at":"2024-12-22T10:34:57.000Z","dependencies_parsed_at":"2024-01-28T17:11:55.508Z","dependency_job_id":"272942e3-ac86-4f69-ab97-96097f969dcf","html_url":"https://github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/INTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/INTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/INTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/INTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/INTERPOL-Innovation-Centre","download_url":"https://codeload.github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253709370,"owners_count":21951126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analytics","analytics-platform","bitcoin","bitcoin-cash","ethereum","graphsense","litecoin","maltego","maltego-transformations","zcash"],"created_at":"2024-08-03T22:00:48.648Z","updated_at":"2025-05-12T09:33:01.065Z","avatar_url":"https://github.com/INTERPOL-Innovation-Centre.png","language":"Python","funding_links":[],"categories":["I - Tools List","\u003cimg src=\"https://cryptologos.cc/logos/ethereum-eth-logo.png\" alt=\"btc\" style=\"width:25px;\" width=\"25\" height=\"25\"  /\u003e Ethereum - ETH","Understanding OSINT Fundamentals, according to [VEEXH](https://wondersmithrae.medium.com/a-beginners-guide-to-osint-investigation-with-maltego-6b195f7245cc):"],"sub_categories":["ETH Other"],"readme":"# GraphSense Maltego Transform\nThis tranform set for GraphSense is from an original idea of our Swiss colleagues and aims at querying GraphSense data directly in Maltego.  \nThe tranforms enable simple queries on GraphSense data and tag-packs to obtain transaction graphs and attribution tags in Maltego.  \n|Graphsense and this transform set work for BTC, BCH, LTC, ZEC and ETH|  \n|:---:|\n|\u003cimg src=\"images/bitcoin.png\" height=\"80\"\u003e\u003cimg src=\"images/bitcoincash.png\" height=\"80\"\u003e\u003cimg src=\"images/litecoin.png\" height=\"80\"\u003e\u003cimg src=\"images/zcash.png\" height=\"80\"\u003e\u003cimg src=\"images/ethereum.png\" height=\"80\"\u003e|  \n|![A screen copy of the transform result in Maltego](images/Maltego%20BTC%20to%20GraphSense%20Tags.png?raw=true \"Maltego BTC GraphSense Tag\")|  \n\n## Original authors and attribution\nVincent Graber  \n[github/grarbervi](https://github.com/grabervi)  \nVincent Danjean  \n[github/VinceICPO](https://github.com/vinceicpo)  \nIkna.io  \n[Soad003](https://github.com/soad003)  \n\nImages on this page are our own, and made from Maltego 4.2.19 Enterprise.  \n\n## Disclaimer\nThis set of tools is provided as-is with no guaranty of accuracy.  \nCheck the facts before building your case on the finding from this tool.  \n\n*Prior to working on this repository and its contents, please make sure your agree to our [disclaimer](https://github.com/INTERPOL-Innovation-Centre/DISCLAIMER)*  \n*This repository only contains the code, not the police data. Please do not store your TagPack(s) in this repository.*  \n*Please let us know by opening an [Issue](https://github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform/issues) if you want to suggest a new feature or data source or find a bug.*\n\n## Prerequisite\n\nWorks with Python3  \n\nUse the package manager [pip](https://pip.pypa.io/en/stable/) to install the below required python librairies.  \nInstall Microsoft Visual C++ 14.0 or higher. It is required to install [maltego-trx](https://github.com/paterva/maltego-trx), below.  \n```bash  \npip3 install maltego-trx  \npip3 install requests  \n```  \nCheck the [graphsense-python](https://github.com/graphsense/graphsense-python) instructions to setup the required Python API tools from GraphSense.  \nNormally, this is done by running:  \n```bash\npip3 install git+https://github.com/graphsense/graphsense-python.git\n```\n\n### Updating a previous install\nIf you already have PIP, Maltego-TRX, and other prerequisits please make sure you have the latest releases.  \n```bash  \npython3 -m pip install --upgrade pip  \npip3 install --upgrade maltego-trx requests git+https://github.com/graphsense/graphsense-python.git\n```  \n\nAll of this was successfully tested with:  \n- python 3.12  \n- pip-24.3.1  \n- maltego_trx-1.6.1  \n- requests-2.3.1  \n- [graphsense-python API v1.8.1](https://github.com/graphsense/graphsense-python)  \n\n## Configuration\n\nYou need to provide your own token from the GraphSense API.  \nSimply edit the *config.json* file to add your own API Token:  \n- `\"api_key\": \"*12345*\",`  \n- `\"api_url\": \"https://api.graphsense.info\"`  \nOther GraphSense instances exist such as:  \n- `\"api_url\": \"https://api.ikna.io\"`  \n\n## Installation of the required transforms inside Maltego\n\nClone this repository to a local folder on your machine.  \n\nIn Maltego, from the transform hub, install:  \n- the *Blockchain.info (Bitcoin) by Paterva* to work with Bitcoin Address Entities. \n- the *Tatum Blockchain Explorer by Maltego Technologies*, it adds support for other cryptocurrencies [(list here)](https://docs.tatum.io/supported-blockchains). The Tatum transforms run out of the box but you may consider getting your own free API key for more queries a month by registering at: [https://dashboard.tatum.io](https://dashboard.tatum.io)  \n\n1/ In the *Transforms Tab* or in *Transforms manager*, add a *New Local Transform*.  \n\n2/ Fill-in the required fields:  \nIn the *Display Name* box, enter:  \n```To details [Graphsense]```  \nIn the *Transform ID* box, enter:  \n```graphsense.ToDetails```, no space, no special characters here.  \nIn the *Author* box, enter whatever you like.  \nIn the *Input entity type* box, choose:  \n```Unknown [maltego.Unknown]```, as you type, Maltego will propose the corresponding entries.\n\n\u003cimg src=\"images/ConfigureDetails1.png\" width=\"70%\"\u003e  \nIf all is good, your configuration should look similar to the above.  \n\nClick on *Next\u003e*  \n\n3/ In the *Command line* box, provide the path to your python3 executable:  \n- ```C:\\Users\\Unicorn\\AppData\\Local\\Programs\\Python\\Python37\\python.exe``` by default for Windows 10. Check on your own machine for the exact path.  \n- ```python3``` by default for Mac OS X. (See \"*Troubleshooting for Mac*\"[^1] below if you experience problems).  \n\n4/ In the *Command parameters* box, type:  \n```project.py local todetails```  \n\"totags\" is one of the transforms available. Please see 6/ below.  \n\n5/ In the *Working directory* box, insert the full path to the folder where you have cloned this project.  \n\u003cimg src=\"images/ConfigureDetails2.png\" width=\"70%\"\u003e  \nIf all is good, your configuration should look similar to the above.  \n\nClick on *Finish*  \n\n6/ You need to repeat 1/ to 5/ above for each of the transforms contained in this set:\n- To Tags (project.py local totags)  \n- To Cluster (project.py local tocluster)  \n\n7/ Import the GraphSense Entities:  \nFor this, go to *Entities* tab, click on *Import Entities*  \nBrowse to and select the \"Graphsense Entities.mtz\" file. Click *Next\u003e*  \nTick both the *Entities* and the *Icons* boxes to import everything. Click *Next\u003e*  \n\nClick on *Finish*  \n\n-- Done ! --  \n\n## Use\n\nYou can now use this set of transforms in a Maltego Graph starting from a supported cryptocurrency address or cluster.  \nYou may do this on any cryptocurrency address but this set of tranforms works for BTC, BCH, LTC, ZEC and ETH.  \n\nAs with any other Maltego Transform, all that is needed is a right-click on the entity and choosing the transform you want to run.  \n\u003cimg src=\"images/Choose%20a%20transform.png\" width=\"300px\"\u003e  \n\u003cimg src=\"images/Cluster.png\" height=\"100px\"\u003e  \n\nThe illustration above is a cluster in the Graphsense meaning. It is an item that ties together several cryptocurrency adresses that the GraphSense algorithms and euristics have found to be controlled by one same entity.  \nIf the cluster tags is accompanied by a businessman on the top left corner overlay,  -like in the illustration above-, this implies that the cluster or some of the cryptocurrencies within have been associated with attribution tags.  \nIn a cluster shows a businessman, use the \"to tags\" transform to display the associated tag(s).  \nThe number on the left, below the businessman represents the number of cryptocurrency addresses belonging to that cluster.  \n\n\nA normal way of using this to follow the money trail would be:\n- Start by creating the entity you know of: drag and drop a cryptocurrency address from the entity palette.  \n- Alternatively you may use the import function and use a csv file to create a batch of entities.  \n- Right-click on the entity(ies) and run \"to details\" tranform. This will document the properties with all dates, amounts, etc.   \n- if the entity now has a businessman overlay, right-click on the entity(ies) and run \"to tags\" transform to find out what the attribution tags is.  \nTo go further:  \n- Right-click on the entity(ies) and run \"to inbound (and/or outbound) transactions\" from the Blockchain.info tranforms.  \n- Right-click on the entity(ies) and run \"to cluster\" tranform. Again here if the resulting cluster shows a businessman overlay, run the \"to tags\" transform.  \n- if nothing is found, run the \"to Source address\" or \"to destination address\" from Blockchain.info. Repeat the above process on these new addresses.  \n\n\n## Contribute\nYou may help us develop this tool.  \nThe current local transform is possible thanks to the use of [paterva/maltego-trx](https://github.com/paterva/maltego-trx).  \nIt support a few entities but is very flexible in adding custom properties. Refer to the details of [supported entities](https://github.com/paterva/maltego-trx/blob/master/maltego_trx/entities.py).  \nThe results displayed are from queries to [GraphSense OpenAPI](https://github.com/graphsense/graphsense-openapi/blob/master/graphsense.yaml).  \nFeel free to open an [Issue or improvement request](https://github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform/issues).  \nThe developement is done in the [Dev branch](https://github.com/INTERPOL-Innovation-Centre/GraphSense-Maltego-transform/tree/Dev).  \n\n\n\n[^1]: *Troubleshooting for Mac*  \nOn Mac OS X it is important to check that the above pip is installing the modules in the same python3 as Maltego expects.  \nTo check which Python Maltego is effectively using, set the tranform with the `Command line` box as `which` and the `Command parameters` box as `python3`.  \nRun the transform once and look for the result in the debug output box.  \nThis will give you the path to the python version used by the Maltego app.  \nIt needs to be the same path as the pip used above (check by runing ```pip -V``` in terminal).  \nIf it isn't, try with pip3 instead of pip. You may need to reinstall the Prerequisites above once this pip and python path is fixed.  \nIf you are unsure which python you are using, run \"which python3\".  \nYou may use an alias to point to the correct python or pip.  \nAnother issue you may face is an error in validating SSL certificates. In this case, run ```/Applications/Python\\ 3.11/Install\\ Certificates.command``` to fix the root certificates on your Mac. Please refer to: https://stackoverflow.com/a/58525755.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FINTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FINTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FINTERPOL-Innovation-Centre%2FGraphSense-Maltego-transform/lists"}