Figure 3-3. Running a machine from Maltego
During this process, the machine will ask for guidance about what entities to include
and what entities to exclude;
when the machine is done, you will have a graph. This
isn’t a graph that you may be used to. It is a directed graph showing relationships
between entities. In the center of the graph resulting from the machine we ran, we
can see the domain name we started with. Radiating out from there are a variety of
entities. The icon for each entity indicates its type. For example,
an icon that looks
like a network interface card is an IP address entity. Other entities that may look like
stacks of systems belong to DNS and MX records, depending on their color. You can
see an example
of a Maltego graph in
Figure 3-4
.
90 | Chapter 3: Reconnaissance
Figure 3-4. A directed graph in Maltego
From each entity, you can get a context menu by right-clicking. You will be able to
view transforms that you can then apply to the entity. If
you have a hostname but you
don’t have the IP address for it, you can look up the IP by using a transform. You
could also, as you can see in
Figure 3-5
, get information from a regional internet reg‐
istry associated with the entity. This would be the whois transform provided by
ThreatMiner.
Figure 3-5. Transforms to apply to entities
Open Source Intelligence | 91
Anytime you apply a transform, you make the graph larger. The more transforms you
have, the more data you can acquire. If you start with a single entity, it doesn’t take
long before you can have a lot of information. It will be presented
in a directed graph
so you can see the relationships, and you can easily click any entity to get additional
details, including the associated entities, both incoming and outgoing.
This can make
it easy to clearly see how the entities are related to one another and where the data
came from.
If you are the kind of person who prefers to visualize relationships in order to get the
bigger picture, you may enjoy using Maltego. Of course,
you have other ways to get
the same information that Maltego provides. It’s just a little more laborious and cer‐
tainly a lot more typing.
