Maltego is an open source intelligence (OSINT) and forensics data mining software developed by Paterva. Its key function is harvesting data, fingerprinting it, and providing visualisations, aiming to speed online investigations. Maltego was first released in 2007, is written in Java and runs in Linux, Windows, and macOS. Maltego is not an open source project; therefore, it is not possible to access its source code. It is also pre-packed in penetration testing bundles such as Kali Linux and VMs like Buscador.
There are four Maltego versions: Community Edition (CE); Classic; XL; and CaseFile. Maltego provides an investigative platform able to link and analyse connections among OSINT targets on: social network; companies and organisations; websites; internet infrastructure (DNS names, domains, netblocks, IP addresses, whois, SSL certificates, malware file hashes, malicious URLs).
Maltego offers a library of so-called transforms, which are usually scripts able to perform investigative requests. In the free CE version, the number of transforms is limited, and also the number of entities returned after running a set transform. More importantly, users shall obtain API keys of the companies offering third party’s transforms to the library, often in paid bundles. For advanced users, it is also possible to build ad hoc transforms, using lines of code generally in Python and PHP.
Any transform parses different kinds (and amounts) of data. Hence, it takes an intelligence-driven approach when using Maltego’s transforms. Aside the CaseFile version, meant to build up human-based investigations, the other versions allow to connect different entities, and run transforms accordingly.
The ability of Maltego to automate data collection and deliver user-friendly visualisations has contributed to increase Maltego’s popularity in the OSINT community. Visualisations can be encrypted, and also saved in different formats for secure sharing. In sum, Maltego is a powerful instrument for cyber intelligence, and it relies on a growing technical support and user community.
Comments