A primer on how to use this powerful tool to uncover and relate information from publicly available sources
It is true that personal data is a valuable asset for cybercriminals, as it allows them to customize and enhance phishing and other social engineering attacks. The richness and diversity of personal data available online is exploited for attacks and scams targeting not only people but also companies.
But organizations can also take advantage of techniques such as Open Source Intelligence (OSINT) which allow them to see their network in a way an attacker might see it and to gather various types of publicly available information about themselves to identify their weak points and ultimately improve the network. they. security. One popular and powerful information gathering tool is a piece of software called Maltego.
What is Maltego and why use it?
Malta is software that enables ethical hackers, penetration testers, and other security practitioners to disclose information about people or companies on the internet. This allows them to match data and map connections between social media profiles, email addresses, phone numbers, locations, professional affiliations and other information. The information is represented in easy-to-digest graphical links and relationship diagrams.
Also read: 5 free OSINT tools for social media
Maltego offers many benefits to a variety of entities, both in the private and public sectors. Cybersecurity practitioners can leverage Maltego to gather valuable information about threats that can compromise the security of company information and infrastructure. Law enforcement agencies can use Maltego to collect valuable data that helps investigate fraud and gather digital evidence, among other things.
What types of information can Maltego collect?
The most frequently used tool features are those that allow you to identify and visualize relationships between entities called tools, such as IP addresses, domain names, emails, social media profiles, etc. In addition, Maltego allows you to integrate various sources of information, such as databases, online search tools, APIs, etc.
Even the free version of Maltego retrieves a large amount of information, including:
- Network information: Maltego can scan and gather information about network hosts, open ports, and protocols used. For example, with Maltego, you can download Shodan within the tool, which allows you to collect more specific information about the network to be analyzed.
- Domain and e-mail information: Maltego may collect information about domains, such as our DNS entries, email logs, and hostname logs. It can also collect information about email addresses, domain names, email providers and DNS records.
- Social media information: You can get Maltego to collect various types of information from social media, including profiles, posts, friends, followers, and connections.
- Information about people and organizations: Maltego may collect information about people or organizations, including their names, addresses, phone numbers, email addresses, websites and social media profiles.
- Malware information: Maltego may collect information about malware, such as file names, fingerprints, attack patterns, and behavior. This helps gather information about threats, making it a useful tool for threat intelligence tasks.
Here’s what’s happening under the hood:
- The Maltego client sends requests in XML format to the featured server via HTTPS.
- Requests from the seed server are sent to the transform application server (TAS) which, in turn, forwards them to the service provider.
- The results are sent to the Maltego client.
How to use Maltego
Download and install Maltego on Windows, macOS or Linux and create an account on the tool’s website that allows you to use free apps and servers. Once you’ve installed the software and logged in, you’ll need to create a new search page and drag an entity to it (that is, the type of search you want to perform – in this case, a person) to then run your search and view the results.
Once you have selected the type of search you want to perform, double click on the person icon to access the configuration section and, once you have entered the name, right click on the person icon and select “carry out the transformation”. Within this category, there are different subcategories, where you can search for certain information, such as email addresses, website IP addresses, etc. In this particular case, we will use “all transformations” to search all possible information on the Internet, so it will immediately start collecting data and the results will be similar to what is shown in the image below:
In the screenshot, you can see websites that say the name “John Doe” or have information related to it. It’s worth mentioning that this tool is so powerful that it can find profiles among Facebook, LinkedIn, Instagram, Tik Tok, Snapchat, Twitter, and Youtube, among others. But that’s not all, because you can also find friends related to this person on social media. To see it in more detail, click “List View“on” buttonSee” lateral bar, where you can see links and other information.
Information collected using Maltego can also be used by cyber criminals when carrying out their attacks. This is why it is important to understand what types of information cybercriminals can learn about us or our company and be aware of – and possibly reduce – our exposure levels.
It goes without saying that whenever you use OSINT tools, make sure you are aware of local and national laws and regulations related to the collection and use of information so that you don’t commit a crime or violate the privacy of others. In addition, when collecting and storing information, it is important to take steps to protect it from possible data theft or breach.