This Maltego transform is used to explore the domain and IP relations of the domain systems for Namecoin and Emercoin. The queried SQL database includes both current and past relations, as the blockchain allows the viewing of historical values.
Example graph where the starting node was pationare.bit:
Make sure that settings.py has correct credentials for your Namecoin and Emercoin client and that you have enabled JSON RPC on them.
Change working directory to export_code and execute export_main.py.
Two transforms needs to installed, one for IP lookup and one for Domain lookup.
The maltego project filename is maltego_project.py and located in the root folder of the project. The class for IP transform is named Blockchain_DNS_Transform_IP and for Domain transform Blockchain_DNS_Transform_Domain.
With that, the installation part of this Maltego documentation should be enough to get through the installation.
The dependencies in requirements.txt only need to be installed if a regenaration of the database will be done.
The following paper and presentation by Kevin Perlow is a great intro into this research field:
- Beating the Blockchain - Mapping Out Decentralized Namecoin and Emercoin Infrastructure
- https://www.youtube.com/watch?v=1iwsouV8ouQ
This project is more of a POC than an error-free product. It should however be possible to use it in order to aid investigations of threat-actors utilizing the name system of Emercoin and Namecoin.