The use of the Maltego tool

Having a research project in front of us implies the beginning of a conscientious work, a moment full of questions; with the skills and tools we have at our disposal we are going to try to carry out our task.

To this end, many research and software developers are working to provide the thousands of users who want to dive into metadata to find information with a range of tools to facilitate the arduous and painstaking task of intelligence analysis.

In this article we will focus on OSINT-based tools, and more specifically we will take a look at the Maltego software, where we will analyse how it can help us in our research work, as well as other tools that are a good complement for the extraction of information from open sources.

When we are faced with an investigation and we decide to use OSINT, whether for the prevention of possible threats, information about the online reputation of a natural or legal person, security audits, etc., it is just as important to capture the information as it is to organise and process it in order to analyse it later. For this purpose, there is software strategically designed to collect information on the web, both in social networks, domains, emails, telephones, DNS... a single platform concentrates the best tools so that our research and subsequent analysis is completer and more reliable.

Maltego is a software mainly focused on forensic analysis and developed to make the analysis of links and data mining from IP domains, emails, phones, geographic locations... that is, the starting point of an investigation.

It is worth noting that the software presents a simple and intuitive interaction with the user, so it is not necessary to have very technical computer knowledge. The programme itself guides you through the enormous range of possibilities for finding information, as well as the interpretation of the data collected, which is presented in graphical form and allows you to analyse it layer by layer.

In order to use this powerful tool, first of all, you need to install the software https://www.maltego.com/downloads/ and register as a user. Registration is free of charge.

Once installed, you can choose the plan that suits you best. There is a free demo version which, to start exploring the benefits of this programme, is not bad, although it should be borne in mind that you will not be able to use all the extensions it offers. Even so, it is still complete and not to be underestimated.

The software is executable on any operating system, which makes it really advantageous. It can be used for Windows, IOS, Linux, a virtual machine... and it is easy and quick to set up. We leave you the user guide in case you prefer to take a look at it before installation: https://docs.paterva.com/en/user-guide/.

When we want to start investigating, we will open a blank project and we will see a palette of entities, which are the options to start the search, for example: search for a domain.

We just have to drag the entity to the centre of the new project (Graph), go to properties and in the menu on the right we will insert the domain we are investigating (as long as we have permission).

The next step is to click on the right mouse button, Run Transform(s) and a series of options will appear, either the email address associated to the domain, the associated files, the DNS of the domain, or all the transformations (Maltego calls transformations to the searches).

Here is an example taken from Maltego's own page:

As you can see, the data is presented in graphical form where it is possible to see the details of each section and thus carry out a more exhaustive analysis of the information.

The information gathered in the research can be exported, so it is possible to complete a report by providing the evidence found in the research.

But the information does not appear by magic. To do this, the programme sends a request to the servers in XML format via HTTPS and these are transmitted via TAS servers to the service providers. The results of the request are collected in Maltego and displayed as shown in the picture.

The answer is yes. One of the most powerful and reliable software for analysing metadata in Microsoft Office, Open Office or PDF is FOCA, created by Eleven Paths https://github.com/ElevenPaths/FOCA. With this tool you will be able to scan even the most hidden places in the office suite.

It is a free software and also quite easy to use.

FOCA and Maltego are two complementary options, as is Wireshark, for example, a programme that allows you to monitor any personal or corporate data leakage.

In short, analysing information is a laborious and dedicated task, but more and more tools are becoming available that allow us to carry out more exhaustive and fruitful searches.

It goes without saying that the ethical component is inseparable in every investigation and that bad faith in the use of these resources is a reprehensible and illegal act.

Lourdes Fernández Manzano, collaborator in the Intelligence Analysis area of Sec2Crime.

References

-    DOWNLOADS. (2019). Maltego.com. https://www.maltego.com/downloads/
-    MALTEGO ¿Qué Es? + Cómo Aplicarlo ▷ 2021. (2020, August 26). Internet Paso a Paso. https://internetpasoapaso.com/maltego/
-    MALTEGO. (n.d.). Osintux. Retrieved September 28, 2021, from https://www.osintux.org/documentacion/maltego
-    Standard Transforms. (n.d.). Www.maltego.com. https://www.maltego.com/transform-hub/standard-transforms/