In the previous post, we saw how to use Maltego’s machines and entities to gather information using as a starting point the name or alias associated with that individual.
But there are many other possibilities and one of the most effective is to start with a valid e-mail address.
Footprinting a person using an e-mail address
Let’s try to find info on a journalist.
- Create a new graph
- Search for “email” on the entities search box
- Drag the Email Address entity to the empty graph
- Rename it
- Run the transforms according to your needs or goals
Another example: a politician
Another possible approach is to focus on the security breaches associated with a specific address
Footprinting a website to find people
Imagine you want to get information on someone but you have nothing to star with and your only clue is a supposed relationship with a certain website. Can Maltego help you? Let’s find out, shall we?
Getting personal information from websites
- Create a new graph
- Search for “domain” on the entities search box
- Drag the Domain entity to the empty graph
- Rename it
- Run the transforms according to your needs or goals
I used a test domain (sitiodepruebas.org) and I wanted to find out who the owner/webmaster was. The first step was to get additional info on the domain itself and that revealed the addresses of four websites.
These websites are related to a Twitter profile. Digging into that profile I’ve found a Linkedin profile and a relationship to another set of websites (sombreroblanco) and some of their social profiles.
Opening these profiles on the Internet gave me the final answer:
Both websites sitiodepruebas and sombreroblanco are run by someone named Diego Muñoz, a Chilean cybersecurity professional.
Getting personal information from companies
One other possible situation might occur when the only thing you know about someone is where that person works. In that scenario, Maltego can be very useful in getting additional info using the company as a starting point.
As you can see, Maltego will find the domain associated with the company and then it will find a number of e-mail addresses, persons and phone numbers.
Conclusion:
As you can see, Maltego is an excellent tool to conduct open source data mining across the Internet in spite of the obvious limitation of the Community Edition. Still, it can automate the process of gathering crucial reconnaissance on a potential target and save ourselves many hours of tedious work and potential missed links. But remember that a lot of the info won’t be relevant so double check everything.
In the next post I will show you how to get network related information.
2 comments:
Through this post, I know that your good knowledge in playing with all the pieces was very helpful. I notify that this is the first place where I find issues I've been searching for. You have a clever yet attractive way of writing.
Ethical hacking Online Training
Hello Everyone !
USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Post a Comment