Well, if you’ve ever been curious about how investigators dig up all that information online, you’re in the right place. Open Source Intelligence, or OSINT, is all about gathering publicly available information to piece together a bigger picture. And when it comes to OSINT, Maltego is like a supercharged magnifying glass—it helps you see connections you might otherwise miss.

In this guide, we’re going to walk you through the basics of OSINT and show you how to use Maltego to become an information detective. Whether you’re just starting out or looking to sharpen your skills, by the end of this article, you’ll have a solid grasp on how to use Maltego for your OSINT adventures. Let’s get started!

What is OSINT?

So, OSINT stands for Open-Source Intelligence, but don’t let the fancy name throw you off. It’s basically about gathering and analyzing information that’s out there in the open—stuff anyone can access. Think of it as being a digital detective, where you’re piecing together clues from publicly available sources like websites, social media, news articles, and even public records.

Why use OSINT? Well, a lot of organizations, especially in cybersecurity, use OSINT to figure out where they might be vulnerable to attacks. It helps them spot potential risks and patch up any weak points in their systems. But it’s not just the good guys using OSINT—cybercriminals are on it too! They use these techniques to plan phishing attacks, social engineering tricks, and other not-so-nice things.

And it doesn’t stop there. OSINT is also super useful in areas like law enforcement, national security, marketing, journalism, and even academic research. Basically, if there’s info out there to be found, OSINT can help you find it and make sense of it.

Overview of Maltego

Alright, let’s talk about Maltego. Developed by the folks at Paterva, Maltego is like a Swiss Army knife for anyone diving into OSINT. It’s a powerful tool that helps you visualize and analyze connections in a sea of information. Whether you’re looking at public websites, social media, email addresses, or even cryptocurrency transactions, Maltego makes it easy to spot hidden relationships and patterns.

Now, there are different versions of Maltego out there. There’s a Community Edition that you can use for free, though it has some limitations. And if you need more firepower, there are commercial versions packed with extra features and capabilities.

For penetration testers and cybersecurity pros, Maltego is a game-changer. It helps you map out a target’s digital footprint and find connections that might be crucial for a security assessment. Plus, it speeds up the whole process—working with Maltego can be up to 80% faster than traditional methods.

Getting Started with Maltego

Alright, now that we’ve got a handle on what Maltego is, let’s dive into getting it up and running. If you’re ready to start uncovering some digital breadcrumbs, here’s how to get started:
Which Maltego version should I download?

There are several versions of Maltego available:
• Maltego XL- Premium version for large data
• Maltego Classic- Pay version which includes all APIs (transforms)
• Maltego CE- Free Version with limited APIs (transforms)
• Casefile- For examining links in offline data

The main difference between Maltego Classic, Maltego XL and Maltego CE are the number of entities that can be returned from a single transform and the maximum number of entities that can be on a single graph.

For our purposes here I will be using Maltego CE which is a free version with limited Transforms. Maltego comes pre-installed in the Buscador Linux distribution which is typically a favorite of Open-Source Intelligence investigators.

https://docs.maltego.com

Installing Maltego

Buscador: If you have Maltego via Buscador it will initially present as the Casefile version. You will need to go to the Maltego site and create an account. Once your account is created you will receive a key which will turn your Casefile into CE.

Kali: Maltego comes pre-installed on KaliYou will need to go to the Maltego site and create an account. Once your account is created you will receive a key that will allow you to use the Community Edition.

Fresh Install: If you are doing a fresh install on Win, Mac, or Linux here is a step-by-step guide provided by Paterva.

What is all this API/Transform nonsense?

Screenshot of Transforms in the Windows version

An API is an Application Programming Interface and in very simple terms it is what connects other software like Shodan and Threatminer with Maltego. Maltego calls these connections “Transforms” and if you are running Maltego CE you will find that some transforms are free while others are pay. The downside of running the free version of Maltego is that not all of the transforms come pre-installed, therefore, to use them you will need to sign up on each website to get the API code to activate the corresponding transform. Depending on your needs, you can focus on specific transforms made for OSINT, Threat Intel, Organization mapping, etc. which will limit the amount of legwork you need to do for activation.

How to perform simple network recon

Starting with a domain name we can begin to map out the structure of an organization including other sites they own. It is surprising how much information can be found by using nothing more than a domain name.

Click the new graph button in the upper left corner and a blank new graph pane will open.

new graph

From the Entity Palette on the left, scroll until you find Domain and then drag it into your blank graph pane.

Find Domain in the Entity Palette

Double click on the domain icon and change the name to the domain you want to investigate, I chose hbo.com.

Right-click on the domain icon, this opens the Run Transforms box. Here you could be very specific about what you want to search for by scrolling through the palette and selecting but we are going to go crazy and just choose Run All Transforms by selecting the little fast forward arrows beside it.

Run All Transforms on the domain

As soon as Run Transform is selected, Maltego begins its work by graphing out the structure of the network. Note: on the left side of the graph pane there are several options for viewing the graph in different layouts.

Screenshot of hbo.com domain

You can see in the image below that all sorts of information pops up including DNS servers, related sites, related emails, email servers…

Image showing network

You can use these connections to make even more detailed connections like names associated with emails and phone numbers.

Let’s take a closer look at one of the people that showed up connected to hbo.com “Thomas Peterson.” Right-click on Thomas’s icon and run All Transforms.

When the transforms finish running, we will have an added graph of all of Thomas Peterson’s associated emails.

Thomas Peterson’s emails

Sometimes this can lead to some strange findings. I have stumbled upon a lot of funny/hidden emails while doing similar searches.

Image of Thomas Peterson’s email associations

How to run an email address in Maltego

I was curious about Thomas’s Rick Grimes Tormail address so I decided to take a closer look.

Create a new graph the same way we did in the previous step. This time, select Email Address in the Entity Palette and drag it over to the empty graph.

Double-click on the email address icon and change the text to the email address you want to search. In this case, I used “realrickgrimes@tormail.org”

Right-click on the email address icon and run All Transforms by selecting the fast forward arrows.

Screenshot of running transforms on an email address

After the transforms run, a graph will pop up displaying all the connections to the address. You can see here that realrickgrimes@tormail.org connects to a person “Rick Grimes” who then connects to several other emails. I was intrigued by Rick’s connection with carl.grimes1995@gmail.com so I decided to run another all transforms on that email.

Running all transforms on the email address

Carl.grimes1995@gmail.com led me to several more interesting people like Carl Grimes and Steve Brule. I feel a bit like I am getting sucked into a black hole of Walking Dead references so I run a Transform on Steve Brule.

me.me

Steve Brule leads me to steve@checkitout.com and steve@brule.com as well as the site checkitout.com.

I tried visiting the site but it wasn’t active so I did a quick WhoIs search. The WhoIs search came back registered to CSC Global which runs a digital brand services and domain management company.

The previous registrant was the Hearst Corporation

At this point, instead of continuing down the Steve Brule rabbit hole, I am going to assume the Hearst organization and now CSC is holding the domain either to protect it from misuse or to resell it at some point.*-*


Frequently Asked Questions

Got questions about using Maltego for OSINT? Here are some common ones that might help you out:

1. Is Maltego free to use?

Yes, Maltego offers a Community Edition that is free to use, though it comes with some limitations, like fewer transforms and data constraints. For more advanced features, you can go for the commercial versions, which offer a lot more power and flexibility.

2. What kind of data can I analyze with Maltego?

Maltego can analyze all sorts of data—from domain names, IP addresses, and email addresses to social media profiles, cryptocurrency transactions, and more. If it’s out there on the web, Maltego can help you find and visualize it.

3. Do I need programming skills to use Maltego?

Not really! Maltego is pretty user-friendly with its drag-and-drop interface and built-in transforms. However, if you want to create custom transforms or automate workflows, a bit of scripting knowledge (like Python) can be a big plus.

4. Can I use Maltego for non-cybersecurity purposes?

Absolutely! While it’s a favorite among cybersecurity professionals, Maltego is also used in other fields like law enforcement, journalism, academic research, and marketing. Anytime you need to dig into data and find hidden connections, Maltego can be a useful tool.

5. How do I keep my investigations private when using Maltego?

Good question! When using Maltego, make sure to be mindful of privacy and data protection. Use VPNs, be cautious about the data you expose, and always adhere to legal guidelines when conducting investigations.

6. Can I integrate Maltego with other tools?

Yes, Maltego supports integration with external data sources and APIs, which can significantly expand its capabilities. You can bring in data from other OSINT tools, threat intelligence feeds, or even custom databases to enrich your analysis.

7. Where can I learn more about using Maltego?

There are plenty of resources out there! You can check out Maltego’s official documentation, tutorials, and forums. Plus, there are many OSINT communities and courses that offer deeper dives into using Maltego effectively.


Post credit: wondersmith_rae

That’s all. Have a nice day, everyone!

❤️ If you liked the article, like and subscribe to my channel Codelivly”.

👍 If you have any questions or if I would like to discuss the described hacking tools in more detail, then write in the comments. Your opinion is very important to me!

Shares:

Leave a Reply

Your email address will not be published. Required fields are marked *