Maltego is a great tool for data mining, visualization, and information, and Intel Research. It is one of the top tools used by security researchers. Maltego is capable of extracting Intel about the network or even an individual. It is proprietary software developed by Patevra.
It provides a library of transforms that can be used for the discovery and extraction of Intel from various public and open sources, visualize them, and perform mining operations. The basic focus behind this tool is to build a relationship between entities representing real-world connections.
What can Maltego do?
It can perform various data mining and visualization to create and predict the real-world relationship between –
- Individuals or Groups
- Companies and Organizations
- Web Applications and Remote Servers
- Domains
- IP addresses and Netblocks
- Documents and files, etc.
Maltego is a cross-platform, easy-to-install tool that can be used on Windows, Mac, and Linux with the support of Java Dependencies (It requires Java to run).
It comes in various editions ranging from commercial
(enterprise) to community editions. Kali Linux has Maltego pre-installed. Before use, it is recommended to create an account for using it. You will need this
account to login and after that, you will be able to work with Maltego. You can
simply create an account on https://www.patervaa.com/web7/community/community.php
just like any other social media or email account setup.
Maltego Downloads
Maltego is a powerful OSINT (Open Source Intelligence) tool for link analysis, data mining, and visualization. Follow this link to access the official Maltego downloads page and get the latest version of the software for your operating system.
Please note that if you are using a system with low
configurations, it is recommended to turn off or suspend the unnecessary processes,
else it may result in the system hanging or Maltego and even the system may crash.
As we discussed, Maltego is an interactive Data Mining tool that renders directed graphs for relationship analysis. There are some terminologies associated with Maltego that you need to know:
- Entity – Represented as a node on the graph and can be anything such as a DNS Name, Person, Phone, etc.
- Transform – Price of code that takes one entity to another.
- Machines – Chain Multiple Transform together to automate common/tedious tasks.
Using Maltego (You can use the terminal as well)
Wait for a moment till it finishes initial loading and a prompt screen will ask for registration. If you haven’t registered yourself, create an account following the hyperlink, and choose Community Edition (CE).
.png)
Maltego works on transformation, so install all the required transformations with Transformation Hub. Some of the transformations may require APIs to work while some are present online for commercial editions. Refer to the below image for what the transformations hub looks like.
.png) |
| Accept the Licence and click Next |
.png) |
| Here, Input the email and password |
.png) |
| Login Successful |
.png) |
| Install transformation |
.png)
.png)
.png)
Once installed the Maltego will look like the below screenshot:
.png)
Create a new graph (new project) by pressing Ctrl + T or Cmd + T. This will open a blank graph to work on.
.png)
The Entity The palette on the left sidebar contains various targets that can be used and on which transformations can be applied. There are a variety of targets such as Domain-based, Location-based, Person based, etc.
.png)
To use an entity, click on it, and drag and drop it to the graph.
.png) |
| before drag |
.png) |
| After drag |
Provide Entity details, for example, we have selected Domain Entity, in this case, provide the target domain name by either Clicking on Entity Icon or in Property View in the Bottom Right Sidebar.
.png)
Right-click on the Entity to apply Transformations, you can select All, Multiple, or Individual Transformations depending upon the requirement.
.png)
For example, we will use DNS Transformation Provided by Paterva.
.png)
Once the transformation is run, it will start showing log details under the output section at the bottom of the graph. After completion of the scan, it will generate a link-directed relationship tree with a huge dataset of information.
.png)
The quality of data may vary according to the transformations used. You can click on the particular node to get more details about it. Refer to the below image to know what the transformation results will look like in Maltego.
.png)
This is how this tool works and provides various important Intel which sometimes can’t be gathered using another simple to complex tool. One of the major advantages is using transformation which allows us to integrate all major services under a single tool. It is recommended to spend your time playing around with this tool to master it. It is one of the essential and required tools to work with.
