Maltego is an interactive, visual data mining and link analysis tool used to conduct online investigations through a library of plugins called “transforms.” Maltego uses the idea of transforms to automate the process of querying different data sources. This information is then displayed on a node-based graph suited for performing link analysis.
Maltego fits into the exciting new realm of Big Data and Data Science. This is the field that enables us to find and make connections from all the data that is now available on the Internet and social networking sites. These include Twitter, Facebook, LinkedIn, Instagram and many others. If we can gather that info and make sense of it, it will enable us to know more about our target making exploits and social engineering more likely to be successful!
This allows security professionals to retrieve information on target(s) of interest – infrastructure, people, or companies – and explore simple and complex relationships using graph visualizations. It is pre-packaged in Kali Linux but if you want to download Maltego, it is distributed in three different versions: XL, Classic, and CE, each downloadable at the Paterva website.
For our example, we used the free Community Edition (CE) client. Don’t forget to register an account, as it is a mandatory requirement by Paterva.
Getting Started with Maltego
Let's start by firing up Kali and then opening Maltego.
The application can be found in Applications -> 01 – Information Gathering, as shown in the screenshot below.
Once you have logged into your account, you will be presented with a screen with a list of options to run a “machine”, a script/macro that runs multiple, predefined searches to conduct tasks such as footprinting domains. Go ahead and select the cancel button as we will be manually selecting what we want the tool to do.
The transform hub will allow you to install additional tools, some of them free but most of them paid. As you will see, we can get a lot of information only with free tools.
Adding API keys to the Transforms
Like Recon-ng (and all other reconnaissance tools), Maltego needs API keys to interact with most of the information providers. Obviously, these can be the same keys used in other tools. You’ll only need to add them to the proper place in each tool.
In Maltego, all you have to do is double click on a Transform’s details and then on the settings to add the required API info.
Running Maltego in stealth mode
During an investigation, it is often important to ensure that you never interact directly with the target. For example, if you are investigating a sensitive server, you do not want to leave a trace in the traffic logs that you were there.
In general, the Maltego client does not contact any targets directly, and only via the transform servers. One exception to this is when icons are fetched by the client itself to show on the graph, such as the Favicon overlay of the default Website entity.
The Privacy mode focuses on allowing or restricting Maltego to make a direct contact to the target.
Normal Privacy Mode
This mode allows Maltego to fetch certain information such as image from URLs or favicon for website overlays. All the connections will be made between the CTAS and the target not from the desktop client itself.
Stealth Privacy Mode
This mode will restrict Maltego to pull image or favicons from a URL. This is helpful if you are investigating an important or sensitive target.
Managing Maltego Transforms
The Transform Manager is a tool located in the Transforms tab to help with the addition of transform application servers (TAS) as well as the configuration of transforms from those servers and sets (groupings of transforms).
Clicking the Transforms Manager button will open the Transform Manager Window which is split between three tabs.
All transforms
From this tab, you can sort transforms by:
- Transform: The name of the transform.
- Status: Whether the transform is ‘ready’ or has requirements such as a disclaimer or input that needs to be set.
- Location: The Transform Application Servers (TAS) that this transform is found on.
- Default Set: The default set this transform can be found in.
- Input: The input entity type (what you click on to run this transform).
- Output: The output entity type(s) (What is returned after running this transform).
The bottom sections have additional information such as a brief transform’s description, who the author is, or if any user action needed, such as accepting disclaimers or if additional settings are needed. Is her you can also modify specific settings such as API keys, timeouts, setting fields to popup and so on.
Transform servers
The Transform Servers tab displays the servers that are available to you and that can be easily turned on and off. This might be useful if you have multiple servers and would prefer not to specify every time you run a transform which server it should be run on. You can also view transforms on specific servers by expanding each server with the (+) icon.
Transform sets
Transforms that are commonly run together can be organized grouped in sets. By default, Maltego as a number of preconfigured sets. This has been done so that instead of having to select each individual entity type you can run a set of transforms on them.
Managing Maltego Machines
The Machine Manager is a tool located in the Machines tab. Clicking the Manage Machines button will open the Machine Manager window which lists all the machines available in the Maltego client.
You enable or disable any machine and well as get some brief information on what the machine does. All machines that are installed from the transform hub are read-only and cannot be edited. However, you can clone the transform and then edit it.
Managing Maltego Entities
The Entity Manager is a tool located in the Entities tab. Clicking the Manage Entities button will open the Entity Manager window which lists all the entities currently available in your Maltego client.
From here you can import/export new entities and even create new ones.
2 comments:
Hello Everyone !
USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
TESTIMONY ON HOW I GOT MY LOAN AMOUNT FROM A RELIABLE AND TRUSTED LOAN COMPANY LAST WEEK. Email for immediate response drbenjaminfinance@gmail.com
Hello everyone, My name is Mrs. Carolin Glowski, I'm from Europe, am here to testify of how i got my loan from BENJAMIN LOAN FINANCE after i applied Two times from various loan lenders who claimed to be lenders right here this forum, i thought their lending where real and i applied but they never gave me loan until a friend of mine introduce me to {Dr. Benjamin Scarlet Owen} the C.E.O of BENJAMIN LOAN FINANCE who promised to help me with a loan of my desire and he really did as he promised without any form of delay, I never thought there are still reliable loan lenders until i met {Dr. Benjamin Scarlet Owen} who really helped me with my loan and changed my life for the better. I don't know if you are in need of an urgent loan also, So feel free to contact Dr. Benjamin Scarlet Owen on his email address drbenjaminfinance@gmail.com
THANKS
Post a Comment