Advanced Footprinting with Maltego (Part IV)

So far I have showing you how to get information about individuals, persons of interest. But Maltego can also be used to get information about companies/enterprises.

Your goal might be to get information about the company’s online presence and organization, about the network infrastructure or even about the attack surface. Maltego can be useful for any of these scenarios.

Footprinting a company using Maltego machines

If you have been reading my posts, you’ve probably guessed by now that I’m not a big fan of using Maltego’s machines. But it’s always a good idea to explain and demonstrate why.

In Maltego CE there are five machines designed to automatically get information about companies and they all start with a domain names as an input but they all use different transforms so the output will be completely different.

Maltego machines to get company information

Remember what I did with Recon-ng? I was able to put together a lot of information on United Airlines only from open source origins. Let’s use that same company in Maltego to see what we discover.

This is the output of the Company Stalker machine:

Company Stalker machine results for United Airlines

And this is the output of the Footprint L1 machine:

Footprint L1 machine results for United Airlines

Just for your reference, here is a sum of all the results:

  • Company Stalker: 14 entities + 13 links
  • Footprint L1: 66 entities + 74 links
  • Footprint L2: 121 entities + 135 links
  • Footprint L3: 147 entities + 164 links
  • Footprint XXL: 205 entities + 217 links

However, as we have previously seen most of these entities are of no interest to us because their relationship with the target is not relevant.

Footprinting a company using Maltego entities

Starting with an entity is not a guarantee for success. If you just run all transforms without any criteria, you’ll end up with a huge number of information to analyze which will result in a huge waste of time.

Running all transforms

Let’s took a look at an example; starting with the company The New York Times and then running all transforms in the nytimes.com domain.

Results for the New York Times

The result is a collection of 338 entities and 395 links:

Overview of the results for the New York Times

But this graph has something we haven’t seen so far: results in the shape of squares? Let’s take a closer look.

Maltego entities grouped as collections of results

By default, Maltego will create collections to clean up the graph by grouping 'similar' entities, making it easier to view portions of the graph and find the key relationships you are looking for.

The minimum number of entities needed to create a collection can be adjusted in the Collections tab.

The Collections tab

Thus, our collections were formed because there were more than 25 similar entities in the results.

Detailed view of the Domain collection

In my humble opinion, this is too messy because we have too many results at once. Therefore, my favorite approach is always to start with an entity in an empty graph and then run just some of the transforms, selecting the relevant information as I move along.

Running selected transforms

So, when running this kind of tasks I always take the time to filter and process the information immediately as it is delivered to me.

Let’s try and see what kind of results we can get by following this slow method.

  • Create a new graph
  • Search for “company” on the entities search box
  • Drag the Company entity to the empty graph
  • Rename it
  • Run all the transforms

Initial information for United Airlines

Before we go any further, let’s take a moment to analyze what we’ve got so far.

  • We have three entities for united-airlines-flights; one company, one image and one domain
  • We have exactly the same for United Airlines Deals; one company, one image and one domain
  • We have two entities for United Airlines; one company and one image (empty)
  • We have two entities for mileageplusupdates; one domain and one image (check the properties)
  • And we have one domain; united.com

Merging similar Maltego entities

Maltego allows for these closely related entities to be merged into a single one, simplifying the graph and creating more complete entities.

Let’s start with united-airlines-flights.com.

  • Select the three entities by clicking each one of them while holding the Shift key
  • Right click
  • Press the merge button

Merging Maltego entities

Now you have to choose the primary entity. Choose wisely keeping in mind that the outcome will be a new entity with the combined properties of the individual parts.

Choosing the Primary entity

In this case, I’m going to choose as primary entity the domain because that is the one, I will eventually want to explore further. While the regular Maltego.domain entity has these properties:

Maltego regular domain properties

The resulting entity has these properties:

Merged entity properties

  • Repeat a similar procedure for United Airlines Deals.
  • Merge the two entities with the United logo as they are both related to the mileageplusupdates
  • Merge the two United Airlines entities
  • Just for fun, hijack the logo from the mileageplusupdates entity and apply it to the company by replacing the image URL

Replacing the company logo

This is the current situation; one company and four domains.

United Airlines ready for further footprinting

After a while, this is what I’ve got:

united.com final results

I have 204 entities and 276 links in a clean graph. Notice I’ve reduced the minimum size of the collections so now I have the Name Servers all nicely grouped together.

From here there are still many possibilities;

  • I have three more full domains to explore
  • I can drill down on the united.com website

But I don’t want to mess up this nice graph. Therefore, I copy the relevant entity to another graph and proceed from there:

Copying an entity to a new graph

And then I get something like this:

image

Conclusion: Even with all the limitations, Maltego’s Community Edition can be a very powerful tool for OSINT as long as you know how to take full advantage of all the available features.

In the next post I’ll show you how to footprint malware or suspicious sites.



Posted by
Labels: , , ,

2 comments:

Shayzee said...

Hello Everyone !

USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

All SSN's are Tested & Verified.

**DETAILS IN LEADS/FULLZ**

->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS

*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers

->Hope for the long term business
->You can buy for your specific states too

**Contact 24/7**

Whatsapp > +923172721122

Email > leads.sellers1212@gmail.com

Telegram > @leadsupplier

ICQ > 752822040

August 24, 2020 at 6:59 PM
Mrs. Carolin Glowski said...

TESTIMONY ON HOW I GOT MY LOAN AMOUNT FROM A RELIABLE AND TRUSTED LOAN COMPANY LAST WEEK. Email for immediate response drbenjaminfinance@gmail.com

Hello everyone, My name is Mrs. Carolin Glowski, I'm from Europe, am here to testify of how i got my loan from BENJAMIN LOAN FINANCE after i applied Two times from various loan lenders who claimed to be lenders right here this forum, i thought their lending where real and i applied but they never gave me loan until a friend of mine introduce me to {Dr. Benjamin Scarlet Owen} the C.E.O of BENJAMIN LOAN FINANCE who promised to help me with a loan of my desire and he really did as he promised without any form of delay, I never thought there are still reliable loan lenders until i met {Dr. Benjamin Scarlet Owen} who really helped me with my loan and changed my life for the better. I don't know if you are in need of an urgent loan also, So feel free to contact Dr. Benjamin Scarlet Owen on his email address drbenjaminfinance@gmail.com


THANKS

January 1, 2022 at 3:21 AM

Post a Comment

Subscribe to: Post Comments (Atom)