thoughts/data/maltego-search.md

I've previously been writing on how to read and process Maltego
mtgx graph archives. When you start to get a directory with a lot
of them you will probably be like me "Where did I see this thing
again?"

The solution can of course be done in Python like in my previous
post, but let's try a more native solution this time, zipgrep:

> zipgrep will search files within a ZIP archive for lines
> matching the given string or pattern. zipgrep is a shell script
> and requires egrep(1) and unzip(1L) to function. Its output is
> identical to that of egrep(1).

In my testing I had 20 files, and everything worked pretty well in
regard to searching the files by e.g. ``zipgrep 1.2.3.4 \*.mtgx
\*.graphml``. The problem here being that zipgrep doesn't seem to
support printing the archive names, so thank you for
that. Returning to the more basic zip tools, like zip cat was the
solution in my case:

    unzip -c \*.mtgx 2>&1 |egrep "(Archive: )|1.2.3.4"

    Archive:  1.mtgx
    Archive:  2.mtgx
    Archive:  3.mtgx
    Archive:  4.mtgx
    Archive:  5.mtgx
    Archive:  6.mtgx
    Archive:  7.mtgx 
    Archive:  8.mtgx
    Archive:  9.mtgx
    Archive:  10.mtgx
    Archive:  11.mtgx
    Archive:  12.mtgx
    Archive:  13.mtgx
    Archive:  14.mtgx
    Archive:  15.mtgx
    Archive:  16.mtgx
              1.2.3.4
    Archive:  17.mtgx
              1.2.3.4
    Archive:  18.mtgx
    Archive:  19.mtgx
    Archive:  20.mtgx

A little Maltego archive insight helps us along speeding up the
query, since the graphml file will always stay at
``Graphs/Graph1.graphml``

    unzip -c \*.mtgx Graphs/Graph1.graphml 2>&1 |egrep "(Archive: )|1.2.3.4"

The latter results in the same results as given above.
initial migration 2024-08-05 18:24:56 +00:00			`I've previously been writing on how to read and process Maltego`
			`mtgx graph archives. When you start to get a directory with a lot`
			`of them you will probably be like me "Where did I see this thing`
			`again?"`

			`The solution can of course be done in Python like in my previous`
			`post, but let's try a more native solution this time, zipgrep:`

			`> zipgrep will search files within a ZIP archive for lines`
			`> matching the given string or pattern. zipgrep is a shell script`
			`> and requires egrep(1) and unzip(1L) to function. Its output is`
			`> identical to that of egrep(1).`

			`In my testing I had 20 files, and everything worked pretty well in`
			regard to searching the files by e.g. ``zipgrep 1.2.3.4 \*.mtgx
			\*.graphml``. The problem here being that zipgrep doesn't seem to
			`support printing the archive names, so thank you for`
			`that. Returning to the more basic zip tools, like zip cat was the`
			`solution in my case:`

			`unzip -c \*.mtgx 2>&1 \|egrep "(Archive: )\|1.2.3.4"`

			`Archive: 1.mtgx`
			`Archive: 2.mtgx`
			`Archive: 3.mtgx`
			`Archive: 4.mtgx`
			`Archive: 5.mtgx`
			`Archive: 6.mtgx`
			`Archive: 7.mtgx`
			`Archive: 8.mtgx`
			`Archive: 9.mtgx`
			`Archive: 10.mtgx`
			`Archive: 11.mtgx`
			`Archive: 12.mtgx`
			`Archive: 13.mtgx`
			`Archive: 14.mtgx`
			`Archive: 15.mtgx`
			`Archive: 16.mtgx`
			`1.2.3.4`
			`Archive: 17.mtgx`
			`1.2.3.4`
			`Archive: 18.mtgx`
			`Archive: 19.mtgx`
			`Archive: 20.mtgx`

			`A little Maltego archive insight helps us along speeding up the`
			`query, since the graphml file will always stay at`
			``Graphs/Graph1.graphml``

			`unzip -c \*.mtgx Graphs/Graph1.graphml 2>&1 \|egrep "(Archive: )\|1.2.3.4"`

			`The latter results in the same results as given above.`