New Tool Learned: Maltego!

DISCLAIMER!
This content is intended solely for educational and ethical purposes. All activities related to cybersecurity must comply with available regulations. The author (me) is not responsible for any misuse or illegal activities performed using the knowledge shared here. Any actions taken by the readers using this info are at the reader’s own risk. 

Maltego

In the previous posts, we have learned to gather information using theHarvester, SecurityTrails, DNSEnum, search engine, etc. Now, we will learn a new tool in Kali Linux called Maltego. Maltego is an Open-Source Intelligence (OSINT) and link analysis tool for gathering data and investigating the target.

Image source: https://www.domaintools.com/integrations/maltego/

Its key feature is to map and create a connection graph between entities from the data collection. It also has many other useful tools embedded inside it. However, some of them require you to subscribe to their service.

For today, we will only cover the basics of Maltego. I am using Maltego CE (Community Edition), which offers free but more limited sources. However, that will be enough for us now. So, without further ado, let’s start diving into Maltego together!

To open Maltego, we first need to open Kali Linux in our Virtual Box. After that, click the Kali Linux icon in the top left part of the desktop. Click “01-Information Gathering” and choose “OSINT-Analysis” from the right pane. Here, you will see Maltego as one of the tools. (I already marked the said icon with a red pen, so it is easier for us to see).

If you haven’t installed Maltego, then the name of the tool will not be “maltego” like in the picture above, but “maltego (installer)”. Just click to install Maltego and follow the step-by-step instructions there to register for an account to use Maltego. The steps aren’t hard, so way to go! :D

After installing Maltego or when your activation ID is expired, you usually have to configure it again on this page. For new users, you have to create a new account for the ID, while for me, I just log in to my account in my browser.

After all processes are finished, we can finally get into Maltego! The first thing that we see is this homepage. From here, we can see the start page and also the data hubs. Data hub is a platform that provides access to various data sources, so it is considered as a bridge between Maltego and third-party data providers. Different data hubs may have access to different types of data sources. Some of them are also only available in Premium.

To create a new graph, you can click the ‘New’ button in the top left of the window. Then, you will see this display. The huge whiteboard on the center is the location where the graph will be constructed. The entity palette on the left is used to drag and create an entity in the whiteboard area.

 

Now, before moving further, I would like to recommend a setting to make our life easier in Maltego. First, click the G orange icon on the top leftmost in the window. After that, double-click “Options”.

 

Next, after the Options pop-up appeared, choose Transform.

Make sure that you have the Run All checkbox checked so that you can run all transforms at the same time. Click OK to close the Options window.

Now, we will conduct transforms for an entity in Maltego. A transform in Maltego is basically a function that retrieves data from external sources, connects them, and visualizes their connections in a graph-based format. In this example, we will use “maltego.com” as our entity.

First, in the Entity Palette, search “domain”. Drag and drop the Domain entity into the whiteboard. You can click on the entity to see the detailed view in the right bar.

 

Next, right click the Domain entity and select All Transforms. Some Transform may require certain inputs, you can fill in the required information if asked. You can also perform only one specific transform if you want to.

Done! Maltego will generate the connection of maltego.com to entities across all data sources in the form of a graph like in the picture below.

If we zoom in, we can see many different entities connected to maltego.com. However, if you want to have an accurate result, you should also check the entity, such as the content of the document to make sure that the document is indeed related to maltego.com.

Closing Remarks

Maltego is a powerful OSINT tool that will help us a lot in gathering data about the target. However, some data may be inaccurate, so to be in the safe lane, we should check it first.

Besides that, as usual, I would like to remind every reader to be ethical in using this tool and to please do not abuse it to gather illegal data.

Hopefully, this page will help you in your cybersecurity journey. See you in the next post!