Maltego… the Information Gathering Swiss Army Knife

Maltego from Paterva is to information gathering as Nmapis
to port scanning or Nessus is to vulnerability
scanning. It’s an all in one, Swiss army knife toolkit for everything related to online
information gathering.

Maltego provides a single canvas to investigate all things digital: domain names,
IP addresses, email addresses, phone numbers and even just a person’s name. Two building
blocks make up the majority of Maltego’s functionality: entities and transforms. Entities
are objects or things. Transforms are actions performed against entities which often
result in the creation of new entities. (Note: there is a really nice user’s guide
on the Maltego site so I am not going to cover how to install and get it up and running.)

To demonstrate the power (aka usefulness) of Maltego lets see what we can find out
about Tevora. First I created a “Website” entity for blog.tevora.com. Running the To
Domain [DNS] transform created a new domain entity for tevora.com (no big surprises
there). This domain entity allows many new transforms to run. After running the available
DNS transforms we are presented with the following image.
 

Removing all the sub-entities lets see what information we can find from this blog
and its contents. Maltego’s To Email Addresses transform crawls a
website and retrieves all the emails addresses it find. The results show only a handful
of addresses and most appear to be specifically created for use on the blog (a good
security practice by the way).

 

 

Another transform, To Website [Incoming links SE], when run on the
blog.tevora.com entity shows 3 other sites which have linked to this blog. The results
of this transform provide a picture of other sites linked to or mentioning your website
or blog.

 

 

As a final example let’s shift the focus from this blog’s website to me, the author.
Creating a “Person” entity and running the To Website [SE] transform
on the person object with my name assigned to it we are able to see websites and blogs
where my name was found. (And if you are looking at the image close enough I will
tell you there are 2 individuals named Brennen Reynolds to be found on the net and
no I am not the one who rides horses).

 

 

As this mini-tutorial shows, Maltego is
capable of providing a wide array of information gathering tools in a single package.
Next time you are doing a pen-test or just looking to get a better picture of a site
/ domain / person, go download the Community Edition and take it for a test drive.