Advanced Fooprinting with Maltego (Part II)

Footprinting is crucial for successful researchers, hackers or pentesters. Maltego is a wonderful tool for finding data from open sources across the Internet and displaying the relationships between this information in a graphical format.

Because of how much data people share about themselves and others, Maltego and tools like it can be used to track people, groups, companies, or other organizations rather invasively. These tools pull large amounts of data from APIs, apply "transform" algorithms to analyze and mine that data, and present the results in a very friendly graphical view. This kind of power and flexibility allows the user to make very specific questions answerable in a matter of clicks.

In this tutorial, we will see how to use Maltego to perform reconnaissance on a specific person. This might be used to help find or track that person, find what email addresses they use, find where they work or institutions they are associated with or even something as simple as a phone number.

Maltego is great at taking something like a screen name or email address and discovering everything there is to learn about related accounts or appearances on the Internet in seconds.

Fooprinting a person using a Maltego Machine

Let’s start by conducting a simple reconnaissance in an automated fashion by letting Maltego run a number of pre-selected transforms associated with one of the “machines” described in the previous post.

You can start the appropriate machines in two ways; either from the Machines tab or by pressing the Run Machine button in the top menu.

Starting the Person - Email Address machine from the menu

Starting the Person - Email Address machine from the button

In both cases you will be prompted to enter the full name of the subject to be investigated. I will use as the first example a very famous personality:

Inserting the name of the target

When you press the Finish button, Maltego will immediately create a new graph and run the transforms include in the selected machine. When several results are found, you can select the interesting ones and discard the rest before the machine finishes processing the transforms.

Selecting the best email results

And this is the end result:

Final result

If you select one of the e-mail addresses you can identify the transform responsible for getting the result so you know where the information came from.

But are these really related to the person we are trying to investigate?

Let’s try to find social media profiles associated with these e-mail addresses. Select the three e-mail addresses and right click to display the available transforms.

Preparing to run other transforms

Running all transforms might be interesting but it will usually generate a lot of undesired information. I always select individual transforms according to the info I’m trying to obtain. Thus, I search for “social” in the menu

Filtering transforms

And now I run only this transform. After that, I searched for documents referring the target. This is the result (I already removed the rubbish):

Searching for social profiles and documents

As you can see, apparently none of these e-mail addresses is owned or used by Cristiano himself. And running other transforms will provide just a bit more information related to this person.

Let’s try now with a completely different persona; a well-known musician with a big social media footprint.

Eminem results via Person - Email machine

Again, the results are not very exciting…

Let’s make one more try; a movie star!

Rober De Niro results via Person - Email machine

No comments…

Final attempt: a journalist very interested in cyber security.

Brian Krebs results via Person - Email machine

Finally, some really interesting results. But maybe we should try a different approach.

Fooprinting a person using Maltego Entities

When you select to use the “Person – Email Address” machine, the starting point is a maltego.Person entity.

Now we are going to repeat the same queries, for the same persons, using as a starting point the maltego.Alias entity.

Starting with the Alias entity

Start by creating a new empty graph clicking on the button

Creating a new graph

By default, you should have the Entity Palette on the left side of the screen. If you don’t, go to the Windows tab and select it.

Displaying the Entity Palette

Now search for the “alias” entity

Searching for the "alias" entity

Drag it to the empty graph and rename it accordingly

image

You can try to run all available transforms but it will be confusing even with the 12 entities limitation enforced by Paterva on the Community Edition. Select just the relevant transforms for the list on the lower left side.

[Github] – Search by Alias returns several profiles with Cristiano’s name and one interesting only because it is following someone listed as “Principal Engineer at @Nike-Inc”

Twitter Affiliation returns several fan pages but it is easy to select only the real one by looking at the number of followers.

The Wikipedia page contains some relevant topics

And there are lots of documents referring his name.

Final results for Cristiano Ronaldo alias entity

For Eminem, this is the most relevant information:

Final results for Eminem alias entity

All the social links on the left appear to be fake but I left them there exactly to highlight the need to be cautious with the gathered information.

Robert De Niro, apart from movies related information, has a very small digital footprint.

Final results for Robert De Niro alias entity

Brian Krebs has a significant online presence although many results are also irrelevant and not at all related to him. Curiously, Maltego was not able to find Brian’s Wikipedia page and his main website (https://krebsonsecurity.com/) was only found via the Twitter account associated with it.

Final results for Brian Krebs alias entity

In the next post we will explore other possibilities to get information on someone.

Posted by
Labels: , , ,

2 comments:

Shayzee said...

Hello Everyone !

USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

All SSN's are Tested & Verified.

**DETAILS IN LEADS/FULLZ**

->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS

*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers

->Hope for the long term business
->You can buy for your specific states too

**Contact 24/7**

Whatsapp > +923172721122

Email > leads.sellers1212@gmail.com

Telegram > @leadsupplier

ICQ > 752822040

August 24, 2020 at 7:00 PM
Mrs. Carolin Glowski said...

TESTIMONY ON HOW I GOT MY LOAN AMOUNT FROM A RELIABLE AND TRUSTED LOAN COMPANY LAST WEEK. Email for immediate response drbenjaminfinance@gmail.com

Hello everyone, My name is Mrs. Carolin Glowski, I'm from Europe, am here to testify of how i got my loan from BENJAMIN LOAN FINANCE after i applied Two times from various loan lenders who claimed to be lenders right here this forum, i thought their lending where real and i applied but they never gave me loan until a friend of mine introduce me to {Dr. Benjamin Scarlet Owen} the C.E.O of BENJAMIN LOAN FINANCE who promised to help me with a loan of my desire and he really did as he promised without any form of delay, I never thought there are still reliable loan lenders until i met {Dr. Benjamin Scarlet Owen} who really helped me with my loan and changed my life for the better. I don't know if you are in need of an urgent loan also, So feel free to contact Dr. Benjamin Scarlet Owen on his email address drbenjaminfinance@gmail.com


THANKS

January 1, 2022 at 3:24 AM

Post a Comment

Subscribe to: Post Comments (Atom)