Maltego is an open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. The information is rendered on a graph, showing the relationships between objects. This is the perfect tool for social engineering.
At the time of this writing, Maltego Community Edition (CE) 3.0 offers following components:
- Internet Autonomous System (AS)
- DNS Name
- Domain Name
- IPv4 Address
- MX Record
- NS Record
- Email Address
- Phone Number
$ cd /data/src/ $ wget http://www.paterva.com/malv3/MaltegoCESetup.v3.0.936.deb $ sudo dpkg -i MaltegoCESetup.v3.0.936.deb
It installs a shortcut in the menu. Depending on your distribution, you will commonly find it under the Internet section (e.g. for Kubuntu: K > Applications > Internet > Paterva Maltego CE).
When you first launch the tool, you will be presented with a wizard to help you finish the installation.
Optionally create a symbolic link in your /pentest/ directory:
$ mkdir -p /pentest/enumeration/maltego/ $ ln -s /usr/bin/maltego-ce /pentest/enumeration/maltego/maltego-ce
Maltego offers a very intuitive GUI which is commonly split on 3 panels:
- left: list of objects (domains, persons, ...)
- center: working space where you drag and drop objects from the left panel
- right: specific options displayed on click on the objects from the center panel
Right click on an object to display/select the list of all available transforms.
Looking for a person
Maltego is able to retrieve relevant information about domains, as you can see on the following picture.
Looking for documents
Considering a domain as entry point, it is possible to look for documents and try to gather meta description. As you can see on the picture, it is possible to gather information about the author, the company, and even a login.