Maltego is a tool developed by Paterva that is marvelously utilized by experienced penetration testers and OSINT investigators. Maltego holds the capability of being able to discover and accumulate data of a potential target in a single instance for a domain. It can visualize the accumulated data in a graph format for future analysis.
Maltego can collect data from OSINT and scrutinize real-life correlations among individuals, groups, domains, corporations, internet infrastructure, affiliations, and websites.
IT security professionals, hackers, state intelligence agencies, and government organizations use Maltego to assist with their unique objectives.
Using Maltego In Kali Linux To Get Information Of A Target
Maltego may collect data pertaining internet infrastructure, notably domains. It can also gather information about individuals such as their potential email addresses.
Let’s go collect some information.
Open Maltego In Kali
Start Kali and then open Maltego by going to Applications > Information Gathering > Maltego
Select Maltego Community Edition In Product Selection Window
After opening Maltego, you will have to wait a little bit while the GUI loads.
When Maltego GUI finishes loading, you’ll be presented with a product selection window that has four versions of Maltego listed:
CE (Community Edition)
Choose Community Edition.
Register For A Maltego Account
After selecting a version of Maltego, you’ll be asked to log in or register for an account.
Remember your new password since you need it when you log in to use the software.
Finish Configuring Maltego
You’ll see Maltego’s GUI. On our right, you will see supplemental features which you may install for more comprehensive OSINT. Remember that they need APIs.
Choose Type Of Footprinting For The Target
Click on the red circle logo (With spikes), and you’ll see a menu where you can decide which type of footprinting you’ll like to initiate against our target. We will go ahead and choose “Footprint L3” which takes the longest time but generates the most data as possible.
Select A Target
Now we have to select a domain name which is also the target.
Maltego Starts Collecting Information On The Target
Maltego will proceed to collect information on the target domain and present it in a graphical map for us to view.
Wait for a little bit while data is being obtained.
Maltego Target Domain Results
When all information has been gathered, the “machine” will be marked as “completed.”
We’ll see a graph with various circles of distinctive colors. More importantly, we’ll see what those colors represent on our right:
Therefore, we’ll see that Maltego has gathered information of the domain such as IPv4 addresses, netblocks, MX records, NS records, and email addresses. The data is essential for reconnaissance.
NOTE: The above screenshot shows the graph set in the default layout which is Organic.
We can zoom in while using Organic mode and see the various relationships of the target, especially internet infrastructure.
Let’s change the layout mode to Block.
We’ll be shown a more structured graph where Maltego displays the relationships among our target such as its numerous NS records and associations with linked sites.
We can even toggle fullscreen and zoom in.
Performing Reconnaissance On An Individual
Maltego allows us to also perform reconnaissance on a particular individual of interest. The data could potentially be deployed to assist in locating or pursuing an individual, the organizations they are correlated with, phone numbers, and their email addresses.
Click on the red circle logo (With spikes) as we did earlier, and we’ll see a familiar menu where we will go ahead and choose “Person – Email Address.”
Select A Target
Now we have to select an individual who is also the target.
Select The Relevant Email Addresses
Maltego proceeds to find information on the internet relating to any email addresses related to the target. It typically collects various email addresses correlated with the specific name entered earlier. Obviously, not all emails addresses will be connected to the target, but they will all be associated with the name.
We have to decide which of the above email addresses to select. For this tutorial, I selected all of them.
Maltego proceeds to construct a graph with all of the email addresses selected.
We should pay close attention to our left window which is labeled “Entity Palette.” Significantly, we can use Maltego to search for related information pertaining the target of interest. Scroll down or enlarge the window and let’s choose “Phone Number” to see if we can discover a phone number for the target.
We can toggle fullscreen and zoom in to see all the data Maltego has collected for us regarding the target.