Well, if you\u2019ve ever been curious about how investigators dig up all that information online, you\u2019re in the right place. Open Source Intelligence, or OSINT, is all about gathering publicly available information to piece together a bigger picture. And when it comes to OSINT, Maltego is like a supercharged magnifying glass\u2014it helps you see connections you might otherwise miss.<\/p>\n
In this guide, we\u2019re going to walk you through the basics of OSINT and show you how to use Maltego to become an information detective. Whether you\u2019re just starting out or looking to sharpen your skills, by the end of this article, you\u2019ll have a solid grasp on how to use Maltego for your OSINT adventures. Let\u2019s get started! <\/p>\n\n
So, OSINT stands for Open-Source Intelligence, but don\u2019t let the fancy name throw you off. It\u2019s basically about gathering and analyzing information that\u2019s out there in the open\u2014stuff anyone can access. Think of it as being a digital detective, where you\u2019re piecing together clues from publicly available sources like websites, social media, news articles, and even public records.<\/p>\n
Why use OSINT? Well, a lot of organizations, especially in cybersecurity, use OSINT to figure out where they might be vulnerable to attacks. It helps them spot potential risks and patch up any weak points in their systems. But it\u2019s not just the good guys using OSINT\u2014cybercriminals are on it too! They use these techniques to plan phishing attacks, social engineering tricks, and other not-so-nice things.<\/p>\n
And it doesn\u2019t stop there. OSINT is also super useful in areas like law enforcement, national security, marketing, journalism, and even academic research. Basically, if there\u2019s info out there to be found, OSINT can help you find it and make sense of it. <\/p>\n
Alright, let\u2019s talk about Maltego. Developed by the folks at Paterva, Maltego is like a Swiss Army knife for anyone diving into OSINT. It\u2019s a powerful tool that helps you visualize and analyze connections in a sea of information. Whether you\u2019re looking at public websites, social media, email addresses, or even cryptocurrency transactions, Maltego makes it easy to spot hidden relationships and patterns.<\/p>\n
Now, there are different versions of Maltego out there. There\u2019s a Community Edition that you can use for free, though it has some limitations. And if you need more firepower, there are commercial versions packed with extra features and capabilities.<\/p>\n
For penetration testers and cybersecurity pros, Maltego is a game-changer. It helps you map out a target\u2019s digital footprint and find connections that might be crucial for a security assessment. Plus, it speeds up the whole process\u2014working with Maltego can be up to 80% faster than traditional methods. <\/p>\n
Alright, now that we\u2019ve got a handle on what Maltego is, let\u2019s dive into getting it up and running. If you\u2019re ready to start uncovering some digital breadcrumbs, here\u2019s how to get started:
Which Maltego version should I download?<\/p>\n
There are several versions of Maltego available: The main difference between Maltego Classic, Maltego XL and Maltego CE are the number of entities that can be returned from a single transform and the maximum number of entities that can be on a single graph.<\/p>\n For our purposes here I will be using Maltego CE which is a free version with limited Transforms. Maltego comes pre-installed in the Buscador Linux distribution which is typically a favorite of Open-Source Intelligence investigators. <\/p>\n https:\/\/docs.maltego.com<\/a><\/p>\n Buscador:<\/strong>\u00a0If you have Maltego via Buscador it will initially present as the Casefile version. You will need to go to the\u00a0Maltego\u00a0<\/a>site and create an account. Once your account is created you will receive a key which will turn your Casefile into CE.<\/p>\n Kali:\u00a0<\/strong>Maltego comes pre-installed on Kali.\u00a0<\/strong>You will need to go to the\u00a0Maltego\u00a0<\/a>site and create an account. Once your account is created you will receive a key that will allow you to use the Community Edition.<\/p>\n Fresh Install:<\/strong>\u00a0If you are doing a fresh install on Win, Mac, or Linux here is a\u00a0step-by-step guide<\/a>\u00a0provided by Paterva.<\/p>\n Screenshot of Transforms in the Windows version<\/p>\n An API is an Application Programming Interface and in very simple terms it is what connects other software like Shodan and Threatminer with Maltego. Maltego calls these connections \u201cTransforms\u201d and if you are running Maltego CE you will find that some transforms are free while others are pay. The downside of running the free version of Maltego is that not all of the transforms come pre-installed, therefore, to use them you will need to sign up on each website to get the API code to activate the corresponding transform. Depending on your needs, you can focus on specific transforms made for OSINT, Threat Intel, Organization mapping, etc. which will limit the amount of legwork you need to do for activation. <\/p>\n Starting with a domain name we can begin to map out the structure of an organization including other sites they own. It is surprising how much information can be found by using nothing more than a domain name.<\/p>\n Click the\u00a0new graph<\/strong>\u00a0button in the upper left corner and a blank new graph pane will open.<\/p>\n new graph<\/p>\n From the\u00a0Entity Palette<\/strong>\u00a0on the left, scroll until you find\u00a0Domain\u00a0<\/strong>and then drag it into your blank graph pane.<\/p>\n Find Domain in the Entity Palette<\/p>\n Double click\u00a0<\/strong>on the\u00a0domain icon\u00a0<\/strong>and change the name to the domain you want to investigate, I chose hbo.com.<\/p>\n Right-click<\/strong>\u00a0on the\u00a0domain icon<\/strong>, this opens the\u00a0Run Transforms<\/strong>\u00a0box. Here you could be very specific about what you want to search for by scrolling through the palette and selecting but we are going to go crazy and just choose\u00a0Run All Transforms<\/strong>\u00a0by selecting the little fast forward arrows beside it.<\/p>\n Run All Transforms on the domain<\/p>\n As soon as\u00a0Run Transform<\/strong>\u00a0is selected, Maltego begins its work by graphing out the structure of the network.\u00a0Note:<\/strong>\u00a0on the left side of the graph pane there are several options for viewing the graph in different layouts.<\/p>\n Screenshot of hbo.com domain<\/p>\n You can see in the image below that all sorts of information pops up including DNS servers, related sites, related emails, email servers\u2026<\/p>\n Image showing network<\/p>\n You can use these connections to make even more detailed connections like names associated with emails and phone numbers.<\/p>\n Let\u2019s take a closer look at one of the people that showed up connected to hbo.com \u201cThomas Peterson.\u201d\u00a0Right-click<\/strong>\u00a0on Thomas\u2019s icon and\u00a0run All Transforms<\/strong>.<\/p>\n When the transforms finish running, we will have an added graph of all of Thomas Peterson\u2019s associated emails.<\/p>\n Thomas Peterson\u2019s emails<\/p>\n Sometimes this can lead to some strange findings. I have stumbled upon a lot of funny\/hidden emails while doing similar searches.<\/p>\n Image of Thomas Peterson\u2019s email associations<\/p>\n I was curious about Thomas\u2019s Rick Grimes Tormail address so I decided to take a closer look.<\/p>\n Create a new graph\u00a0<\/strong>the same way we did in the previous step. This time, select\u00a0Email Address\u00a0<\/strong>in the\u00a0Entity Palette\u00a0<\/strong>and drag it over to the empty graph.<\/p>\n Double-click\u00a0<\/strong>on the\u00a0email address icon<\/strong>\u00a0and change the text to the email address you want to search. In this case, I used \u201crealrickgrimes@tormail.org\u201d<\/p>\n Right-click\u00a0<\/strong>on the\u00a0email address icon<\/strong>\u00a0and\u00a0run All Transforms<\/strong>\u00a0by selecting the fast forward arrows.<\/p>\n Screenshot of running transforms on an email address<\/p>\n After the transforms run, a graph will pop up displaying all the connections to the address. You can see here that realrickgrimes@tormail.org connects to a person \u201cRick Grimes\u201d who then connects to several other emails. I was intrigued by Rick\u2019s connection with carl.grimes1995@gmail.com so I decided to run another all transforms on that email.<\/p>\n Running all transforms on the email address<\/p>\n Carl.grimes1995@gmail.com led me to several more interesting people like Carl Grimes and Steve Brule. I feel a bit like I am getting sucked into a black hole of Walking Dead references so I run a Transform on Steve Brule.<\/p>\n me.me<\/p>\n Steve Brule leads me to steve@checkitout.com and steve@brule.com as well as the site checkitout.com.<\/p>\n
\u2022\u00a0Maltego XL-\u00a0<\/strong>Premium version for large data
\u2022\u00a0Maltego Classic-\u00a0<\/strong>Pay version which includes all APIs (transforms)
\u2022\u00a0Maltego CE-\u00a0<\/strong>Free Version with limited APIs (transforms)
\u2022\u00a0Casefile-\u00a0<\/strong>For examining links in offline data<\/p>\nInstalling Maltego<\/h1>\n
What is all this API\/Transform nonsense?<\/h1>\n
How to perform simple network recon<\/h1>\n
How to run an email address in Maltego<\/h1>\n