Maltego Part 4: VK, Instagram, LinkedIn, and others Fantastic Beasts

We’re continuing to discover Maltego and Social Links features and opportunities for OSINT investigations. With one of our users who observes Maltego products by himself, we’ll talk about Instagram, Vkontakte, LinkedIn, and other social media.

Instagram

First, we convert the Instagram link to the correct Entity. We have only a User ID. We upload all other data using Transform – [Instagram] User Details. At the exit, we get a correctly filled Entity for the Instagram profile.

Basic transforms

[Instagram] User Followers - upload a list of user's subscribers;
[Instagram] User Following - upload a list of those that the user has subscribed to;
[Instagram] User Media - upload user photos and videos;
[Instagram] User Tagged Media - upload media files on which the user is marked.

The first problem comes up by itself from the internal structure of the social network. Since in Instagram all page formats are accounts, in any case, we can only separate subscriptions and subscribers by the marks above Links. If we include the Entities grouping, then they all merge for us into a single block.

To work with the uploaded photos and videos, we have the following Transforms:

[Convert] To Entity - unloads and converts to add. Entities account URL, photo/video URL, and Alias account;
[Convert] To Location - unloads Entity with geolocation photos;
[Face Recognition] Search - identifies the faces in the photo and launches a search on them with the credentials of the photo owner;
[Instagram] Comments - unloads user accounts that have left comments under the photo/video;
[Instagram] Get Likes - unloads accounts of users who like photos/videos;
[Instagram] To Photo | Video Details - uploads available photo/video data to Entity
[Instagram] To Profile - provides the profile of the user who owns the photo/video.

All Transforms data is tied to the Face Recognition mechanism, the information output will be small: either there is an account or not.

What you can manage to get

One VK account;
Four Facebook accounts;
One Foursquare account;
Three Twitter accounts;
One Xing account (analog of LinkedIn);
One MySpace account.

LinkedIn

For the account, we have access to:

[Linkedin] People Also Viewed - downloads the list of recent users who viewed this account;
[Linkedin] User Details - downloads and creates Entities of the company, educational institution, and place of residence based on the information specified in the profile;
[Linkedin] User Posts - unloads all user posts;
[SL DB] Get Email by Linkedin Profile - search for an email of a user in the Social Links database by LinkedIn account.

For Entity Company we can do the following:

[Convert] To Entity - downloads Entity links from the URL of a company profile picture
[Linkedin] Company Details - uploads Entities office locations and affiliate company profiles
[Linkedin] Current Employees - unloads a list of profiles that indicate that they work in the company;
[Linkedin] Past Employees - uploads a list of profiles that indicate that they worked for the company.

Vkontakte

For information, we have the following Transforms in our arsenal:

[Vkontakte] Friends - upload a list of friends;
[Vkontakte] User Details - upload user information as separate Entities;
[Vkontakte] User Groups and Pages - upload a list of user groups and pages;
[Vkontakte] User Photos - upload a list of user photos;
[Vkontakte] User Posts - upload a list of user posts;
[Vkontakte] User Videos - upload a list of user videos.

The final output looks like this:

For Groups and Pages, everything is simple: we can get a list of users who are members of them and subscribe to them, respectively. User lists are uploaded, mutual subscription links are built. Do not forget to clean the graph from remote accounts (DELETED). For Posts, Videos and Photos, only one Transforms is available to us.

Upload the list of users who like the post, video, or photo. We begin to clean the issue. First, we remove all the lists, and then we begin to manually look at the resulting links. After 5 minutes, the picture begins to emerge.

Twitter

On Twitter account, we can:

[Twitter] Get info from password recovery page - get information from the password recovery page;
[Twitter] To User Followers - upload a list of followers;
[Twitter] To User Following - upload a list of those the user is following;
[Twitter] User Details - upload to the profile information from the account.

To the already specified Transforms are added:

[Twitter] To User RT - upload user retweets;
[Twitter] To User Tweets - upload user tweets;
[Twitter] To User Tweets + RT - upload tweets + retweets;
To Twitter Affiliation [This person receives Tweets from?] - upload a list of users who tweeted to this user;
To Twitter Affiliation [This person wrote Tweets to?] - upload a list to whom the user tweeted;
To Twitter details [From Twitter number or screen name] - analog of [Twitter] User Details;
To Twitter followers - an analog of [Twitter] To User Followers;
To Twitter friends — analog of [Twitter] To User Following.

As in previous cases, the success of OSINT using all these Transforms depends solely on how you build your line of investigation and what methods you use.

GitHub

Here we need a GitHub account and an API key that can be generated in your account's account. Based on the instructions on the Social Links website, uncheck all the boxes when creating the token.

Token created and added to Maltego. We can proceed.

[Github] Followers - unload the list of subscribers;
[Github] Following - upload a list of subscriptions;
[Github] Get Email - upload an e-mail account to a graph;
[Github] Organization - upload Entity of the organization specified in the account to the graph;
[Github] Starred - unload the list of repositories that the user marked;
[Github] User Details - upload user information;
[Github] User Repos - unload the list of user repositories;
[Github] User Subscriptions - unload user subscriptions.

There is also a wide range of Transforms for uploading the composition of repositories to a graph, but in this article, we consider GitHub in terms of receiving information from users. And here is also a complete set, if a person has filled it in his profile, of course.

OK.ru

This may seem that OK.ru, previously know as Odnoklassniki.ru is unremarkable it provides a lot of help in finding information for people aged 40+.

For changing all these parameters to private, you will be asked for money. And it's not a ridiculous amount of 50 rubles, but the fact that it's not very ethical to ask people for money for privacy. In terms of OSINT, however, this makes the task easier, because not all people are bothered by buying these options.

Unfortunately, for this social network, we have, so far, only the ability to upload a list of friends and information from an account to a graph. For basic methods, this is enough, but I would like more opportunities. Transforms is actively expanding from the side of Social Links and I think that the functionality will be very similar to the set of Transforms for VKontakte.

As we see, as a result, we have an Entity of a new type and now we can apply to it a full range of Transforms that are available for this Entity type, but were not available for Entity - Person. Thus, during OSINT, you can adjust the graph and make it logically more connected and easy to read.

Others

Snapchat, Myspace, Gravatar, Xing are presented as separate Entities with a set of parameters that are uploaded to the properties and the graph, if necessary. However, there is no full-fledged Transform for working with Entities of these networks. The exception is, perhaps, Foursquare. In it, you can upload a list of friends.

But here we can get a lot of useful information. Within OSINT, information from these networks can be used to confirm information that has already been identified and to reveal additional channels for searching for information in the form of a network of contacts, connected profiles of other social networks, places of work, work emails, and telephones.