Maltego Introduction

by Palenath


Posted on 06/20/2020


Introduction a Maltego :

What is Maltego ?

Maltego is a software that allows to investigate and map information from open sources.
Entity : An entity is a piece of information represented by a node on the graphic.
Different types of entities are used to differentiate between the different elements of information that can be represented in Maltego. An entity can be anything an ip, mail, ect.

Transformations:

A transformation is a piece of code that looks for information about an entityon the graph.
Transformations allow you to query an API or an local script to display related information on the graph.
Some of these transformations are integrated in Maltego and others can be installed with the "transform hub" you can find services such as shodan, have i been pwned or virus total .

Machine :

On Maltego there are machines that allow several transformations to be carried out with different types of filters.
They are very useful to avoid launching several transformation manually.

Export:

Maltego allows you to export information in different types: xml, csv.
But Maltego allows generated some very nice reports, from the graph

Type of client Maltego :

  • Maltego Classic – Commercial version returning 10,000 results per Transform, with access to all functionalities of Maltego, OSINT Transforms and commercial hub partners.
  • Maltego XL – Commercial version for large investigations to view up to 1,000,000 pieces of information​
  • Maltego CE – Community version for non-commercial use available for free after a quick online registration. It ships with Kali Linux out-the-box.​
  • CaseFile – Free version for commercial use to visualize connections in offline data and does not require the use of Transforms.

Example Maltego graph :

Here is an example an investigation about nordVPN by members of OSINT-FR.