In the second articles of our series we continue to observe the Maltego interface
We continue a series of articles written by one of our users, which has gone its way to use the vast capabilities of the Maltego platform and conduct super-fast investigations using Social Links Pro in Open source, Social media, and Darknet.
Maltego is digital software that empowers investigators to focus on their strength: to spot relationships that seem invisible to others, keep digging when there appears to be a dead-end, and find the needle in the haystack is the key to solving a case. Maltego combines humans' creative exploration capabilities with the automation potential of machines. Maltego is a much loved and widely used tool for open-source intelligence and graphical link analysis.
Hello, friends. So, finally, I got around to writing the second article about Maltego. If you missed part one — catch it here. I covered what Maltego is all about, and in this one, I will tell you how to use Maltego in the right way. There will be a lot of images involved.
This article isn't precisely a usage tutorial. I'll try to show you most of the not-so-obvious nuances I ran into on my first try, but the best way to demonstrate any sort of framework is just to start using it and get the hang of it. First, let's examine the interface.
Workspace: the space where you'll put all the graph elements (Entities) and connect them using Links.
Entity layout: here's where you can grab objects to place them in the graph.
Graph layout toolbar, if you don't like the visual display of the graph in the process. You can change it using this panel. For instance, from circular to hierarchical, as shown in the images.
Toolbar: here we have all the key Maltego features. We will cover this panel in more detail a bit later.
Overview: here we can see the minimised schematic version of the graph to understand what part of the graph we're in. Useless for small graphs, but saves a lot of time navigating around a medium or large graph.
Property view / Detail view: here we see the properties of a selected object.
Run Transforms: here's where the running Transforms log goes. If any errors occur in the process, here's where you'll see them.
Looks like that's all on the basic interface. Now, as promised, let's look at the Toolbar in detail. There's a bunch of tabs here, and you need them all.
Investigate: the tab for working with the graph. The tools to find and select elements and element Groups on the graph are here. However, the most exciting things you should look at are the ones I picked.
The 'Number of Results' crawler displays the number of elements added to the graph after running Transforms. Why is it important? For instance, you ran a Transform that should upload all of someone's Facebook friends. That person has 100 friends. But if you don't change the crawler to a larger number, the Transform will only upload just 12 (profiles) and won't even display an error. And you'll be trying to wreck your brain around seeing one number on Facebook and another on Maltego.
The other tool I noted is responsible for selecting connections. A newbie can go through hell trying to locate where to choose and remove false or unnecessary links between objects. And it's right there, in plain sight. Why it's labeled that way is a mystery.
View: the title is pretty self-explanatory. Some of the tools are the same as in the graph layout toolbar. The rest help navigate the terrain.
Collections: the tab that controls the order and grouping of similar elements.
Maltego offers grouping similar elements for convenience. It simplifies the graph when working with features en masse. It seems more comfortable than, for instance, having 1000 Facebook profiles scattered all over the graph.
Transforms: similar to Entities, this tab allows editing Transforms or adding your own. It's meant for Transforms developers. If you don't dabble in that, you won't find much use for it.
Machines: now, this is an interesting tab. We can run and create Machines here. They're automated Transforms sequences that correspond to an object's data search concept.
I explain in simpler terms. For instance, there's a company and a data search concept for it. First, we run a Transform that looks up all of its domains, then upload info on the domains, then what public emails are under these domains. I think you get a general idea. Machines are something like a sequence of Transforms that you need to run to get all available information on this company.
An example of integrating the basic features of Maltego and Social Links transformations. Using Machine [Company Stalker], we find corporate emails for the domain. Further, the use of 25+ transformations is possible.
In the screenshot below, Search emails with similar password transformations were applied, which allowed me to find two other emails for Gmail and yahoo for the emails. Information is taken from various leaks on the Internet.
Collaboration: this tab helps us hook up collaborations. Yes! YES! Even the Community version of Maltego offers the option to work together with someone on a project.
In this case, you'll be using the public Paterva server. Data is encrypted with a key you enter when you share your graph. Commercial releases of Maltego have the option to hook up a private server at Paterva or even raise your own with blackjack and courtesans.
Import | Export: responsible for info input and output to and from the graph respectively. The 'Generate Report' feature is of particular interest to us. It won't just throw info at you, it will structure it into a tidy PDF report. Peachy all around, in all.
Windows: last but not least. If you accidentally smacked an x and closed any window, go here. This is the tab where you can retrieve any window you inadvertently closed.
Well, looks like that's all I wanted to say about the Maltego interface without going deep into the woods. Hopefully, you will find this article useful. Especially those of you who are just starting to explore this software. On a personal note, back in my day, figuring out how to view the objects I need in the layout drove me nuts.