https://github.com/aaarghhh/atop_maltego

Maltego transformation for TON investigations
https://github.com/aaarghhh/atop_maltego

cryptocurrency osint

Last synced: 3 months ago
JSON representation

Maltego transformation for TON investigations

• Host: GitHub
• URL: https://github.com/aaarghhh/atop_maltego
• Owner: aaarghhh
• Created: 2023-02-03T14:08:27.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-01T23:30:02.000Z (10 months ago)
• Last Synced: 2024-04-26T18:31:29.222Z (7 months ago)
• Topics: cryptocurrency, osint
• Language: Python
• Homepage:
• Size: 208 KB
• Stars: 23
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• On-Chain-Investigations-Tools-List - TON + Maltego

README

        
# ATOP Maltego Transform

A new Maltego transform useful to make investigations on TON assets like TON nickname, TON DNS and TON Telephone Number. These kinds of entities are NFT based on TON network. The transform is base on [ATOP](https://github.com/aaarghhh/a_TON_of_privacy).  

```

 ▄▄▄         ▄▄▄█████▓ ▒█████   ███▄    █     ▒█████    █████▒   

▒████▄       ▓  ██▒ ▓▒▒██▒  ██▒ ██ ▀█   █    ▒██▒  ██▒▓██   ▒    

▒██  ▀█▄     ▒ ▓██░ ▒░▒██░  ██▒▓██  ▀█ ██▒   ▒██░  ██▒▒████ ░    

░██▄▄▄▄██    ░ ▓██▓ ░ ▒██   ██░▓██▒  ▐▌██▒   ▒██   ██░░▓█▒  ░    

 ▓█   ▓██▒     ▒██▒ ░ ░ ████▓▒░▒██░   ▓██░   ░ ████▓▒░░▒█░       

 ▒▒   ▓▒█░     ▒ ░░   ░ ▒░▒░▒░ ░ ▒░   ▒ ▒    ░ ▒░▒░▒░  ▒ ░       

  ▒   ▒▒ ░       ░      ░ ▒ ▒░ ░ ░░   ░ ▒░     ░ ▒ ▒░  ░         

  ░   ▒        ░      ░ ░ ░ ▒     ░   ░ ░    ░ ░ ░ ▒   ░ ░       

      ░  ░                ░ ░           ░        ░ ░             

                                                                 

 ██▓███   ██▀███   ██▓ ██▒   █▓ ▄▄▄       ▄████▄▓██   ██▓        

▓██░  ██▒▓██ ▒ ██▒▓██▒▓██░   █▒▒████▄    ▒██▀ ▀█ ▒██  ██▒        

▓██░ ██▓▒▓██ ░▄█ ▒▒██▒ ▓██  █▒░▒██  ▀█▄  ▒▓█    ▄ ▒██ ██░        

▒██▄█▓▒ ▒▒██▀▀█▄  ░██░  ▒██ █░░░██▄▄▄▄██ ▒▓▓▄ ▄██▒░ ▐██▓░        

▒██▒ ░  ░░██▓ ▒██▒░██░   ▒▀█░   ▓█   ▓██▒▒ ▓███▀ ░░ ██▒▓░        

▒▓▒░ ░  ░░ ▒▓ ░▒▓░░▓     ░ ▐░   ▒▒   ▓▒█░░ ░▒ ▒  ░ ██▒▒▒         

░▒ ░       ░▒ ░ ▒░ ▒ ░   ░ ░░    ▒   ▒▒ ░  ░  ▒  ▓██ ░▒░         

░░         ░░   ░  ▒ ░     ░░    ░   ▒   ░       ▒ ▒ ░░          

            ░      ░        ░        ░  ░░ ░     ░ ░             

                           ░             ░       ░ ░   

                                                ....FOR MALTEGO

```

## REQUIREMENTS

To run ATOP Maltego transform you need:

- Python3 and pip 

- Install atop `pip install "atop>=0.1.8"`

- Install Maltego CE

- Choose a directory where your local transform will be downloaded and clone this repo `git clone https://github.com/aaarghhh/atop_maltego.git`

- Install Entities from the packege atop.mtz

- Create three new local transform in Maltego CE

- Define your .env file following this [specs](https://github.com/aaarghhh/a_TON_of_privacy#telegram-pivoting)

## INSTALLATION

Firstly, we have to download the project and copy or directly clone it in a directory related to atop_maltego. We have to keep in mind that Maltego will call the python script directly, like a common command executed by a CLI.



  



After that,  we have to install the Entity package `atop.mtx`




  



We'll be able to see and use all the new entities imported. Each entity **has 2 properties**, the address and the name attribute. The TON address entity will contain information about the current balance and the related nickname used by the owner.



  



### CREATION OF EACH TRANSFORM

Unfortunately, each transfer must be created manually.    

  

**STEP #1**: Select "Add Local Transform" and complete the form like the image below. As you can see in "Input Entity Type" this transform will work only for the standard "Phone Maltego entity".



  



**STEP #2**: In the next part of the form, we'll be able to set the path of the atop-maltego.py script.



  



> To enable Domain and nickname transform, we have to follow **STEP1** and **STEP2** and create 2 new local transforms.

The domain transform will be created as "Domain Maltego alias" for "Input Entity Type".



  



To enable the nickname transform, we have to create a new Maltego transform related to an "Alias Maltego alias" as "Input Entity Type".



  



## EXECUTION

From a Domain, Alias or Telephone entity we'll be able to selected the relating ATOP transform. Launching the procedure, Maltego will render all identified assets.



  



The graph will contain TON domain, nickname, domains and NFT related to an identified TON owner. **For a domain search, ATOP will make an extra pivoting trying to identify any possible ENS domain**, in this case ETH address and a first related ENS domain will add to the relations. 



  



## TELEGRAM INTEGRATION

ATOP Maltego transform could be used to pivot from a TON NFT to a Telegram account. To enable this feature, we have to set up a .env file in the same directory of the atop-maltego.py script. 

The .env file must contain the following variables:

```

API_ID=123456

API_HASH=aaaaaaaavvvvvvbbbbbbbbb1223

PHONE_NUMBER=+11234XXXXXX

SESSION_STRING=aabababababbababab123123...

```

If you will use session string, you don't need to set up the phone number. The session string is a string generated by the [Telethon](https://docs.telethon.dev/en/latest/) library. To generate a session string, you have to run the following command using atop:

```

a-ton-of-privacy -l

```

You will be asked to insert your phone number and the OTP code. After that, the session string will be generated and you will be able to use it in the .env file.

```

 [!] Please enter your API ID: 123232132131

 [!] Please enter your API Hash: 12321312321321321321321

 [!] Please enter your phone number: +112312312312 ( sock puppet account BEWARE!! )

Please enter your phone (or bot token): >? +112312312312 ( sock puppet account BEWARE!! )

Please enter the code you received: >? 12345

Warning: Password input may be echoed.

Please enter your password: xxxxxxxx 

```

Check this for further information about [Telepathy](https://github.com/aaarghhh/a_TON_of_privacy#telegram-pivoting).  

After that, you will be able to use the Telegram integration. Telegram integration will be enabled only for TON Telephone Number and TON Nickname entities, and will disable simply removing .env file or its configurtation.  

  

If your Telegram settings is properly configured, if some TON assets will be related to a Telegram account, you will be able to see the Telegram entity with its detail and Telegram profile picture in the graph.



  



---

## OPSEC CONSIDERATION

Beware, This is a new feature that requires a fine tune in order to avoid bad OPSEC mistake. 

Be sure setting up an empty Telegram account and use it as a sock puppet. **DO NOT USE YOUR PERSONAL TELEGRAM ACCOUNT!!!!**. 

---

**Keep in mind that Maltego CE supports only 12 new entities for a single transform, so the result could be incomplete.!!!**