Maltego

Maltego is a great tool that uses OSINT. Maltego is able to visualize how information on your target is connected. Maltego is available in both free and paid versions. In this book, we will leverage the free version. Maltego is also pre-installed within Kali Linux, so there is no need to install it. You will notice that even though we will use the free version, it's able to derive a wealth of information on your target.

Let's get started and run Maltego. To get Maltego started, from the Kali Terminal, type in maltego. On the first launch of Maltego, you will need to select which version you will be using. The free edition is titled Maltego CE. Once you register your account and sign in, you will be presented with the start screen of Maltego.

Maltego uses transforms, which allow you to obtain richer results by plugging into various websites such as Shodan, VirusTotal and Threatminer. You will notice that the Transform Hub has a wealth of additions that you can plug into to beef up your results as shown in Figure 7:

Within Maltego, we have the option to run a machine. Think of a machine as a script or macro that runs a set of predefined transforms with various filters configured. Using a machine allows you to kick off information gathering quickly. To run a machine, you need to click on Run a machine and select your desired machine. In our example, we will run the Footprint L3 machine, which performs an intense footprint on a defined domain as shown in Figure 8:

Once the scan has completed, you will be presented with a wealth of information. In this example, I performed an information-gathering scan on one of my personal domains. Maltego was able to pick up other domains hosted on my hosting companies' shared DNS, my domain's website, shared public IP, MX records, and much more as shown in Figure 9:

Maltego is extremely useful for information gathering. When you make use of the additional transforms, it will allow you to obtain a lot of information about your target.