Maltego from Paterva is
to information gathering as Nmap is to port scanning or Nessus is to vulnerability scanning. It’s an all in one, Swiss army knife toolkit for
everything related to online information gathering.
Maltego provides a single canvas to investigate all things
digital: domain names, IP addresses, email addresses, phone numbers and even
just a person’s name. Two building blocks make up the majority of Maltego’s
functionality: entities and transforms. Entities are objects or things.
Transforms are actions performed against entities which often result in the
creation of new entities. (Note: there is a really nice user’s guide on the
Maltego site so I am not going to cover how to install and get it up and
running.)
To demonstrate the power (aka usefulness) of Maltego lets
see what we can find out about Tevora. First I created a “Website” entity for
blog.tevora.com. Running the To Domain
[DNS] transform created a new domain entity for tevora.com (no big
surprises there). This domain entity allows many new transforms to run. After
running the available DNS transforms we are presented with the following image.
Removing all the sub-entities lets see what information we
can find from this blog and its contents. Maltego’s To Email Addresses transform crawls a website and retrieves all the
emails addresses it find. The results show only a handful of addresses and most
appear to be specifically created for use on the blog (a good security practice
by the way).
Another transform, To
Website [Incoming links SE], when run on the blog.tevora.com entity shows 3
other sites which have linked to this blog. The results of this transform
provide a picture of other sites linked to or mentioning your website or
blog.
As a final example let’s shift the focus from this blog’s
website to me, the author. Creating a “Person” entity and running the To Website [SE] transform on the person
object with my name assigned to it we are able to see websites and blogs where
my name was found. (And if you are looking at the image close enough I will
tell you there are 2 individuals named Brennen Reynolds to be found on the net and no I am not
the one who rides horses).
As this mini-tutorial shows, Maltego is
capable of providing a wide array of information gathering tools in a single
package. Next time you are doing a pen-test or just looking to get a better
picture of a site / domain / person, go download the Community Edition and take
it for a test drive.