An Introduction To Maltego And Its Use Of OSINT

Maltego is a tool used for link analysis, providing real-time data mining and information gathering in form of a node-based graph for connections and patterns to be visualized in an easier way.

Let’s Start!

When downloading Maltego you’re introduced with various options, we will be using the community edition for this demonstration. Once you open a new graph search up domain in the search box provided to the left of the screen and drag it to the empty page you created.

Replace maltego.com with amazon.com and right click on the domain to run all transforms.

Once this step has been completed your graph should look similar to this

This might look overwhelming but it’s easy to filter through what you want to look for, the results were separated into companies, DNS, NS records, people, MX record, email addresses, and phone numbers. Let’s look at one of the people listed “Mark Caudill”. Once again right click on the name and run all the transforms.

There’s a list of emails that are supposedly connected to Mark, “ninjainvisible@gmail.com” is one that seemed interesting to me, let’s run all transforms again.

With this we can see that the email is affiliated with Myspace and Flickr, you must be wondering what the red symbol with the lock means, this symbol represents the IPQS Tag. The IPQS Tag provides information about fraud prevention, risk analysis, and threat detection, if you click the symbol where it says leaked a detailed view will be shown to the right of your screen explaining what “Leaked” means.

You can also be provided with IPv4 and IPv6 addresses, if you’re interested in this you can simply run all transforms on a DNS server and you will be given various addresses. There are many things you can search within this software, it’s important to play around with the different options and gain an understanding on the important things you need to look for.