In this article, we will analyze practical examples, go through the functionality and working principles of the Maltego tool.
395 
We got acquainted with the appearance of the program in the previous article, now you can proceed to its use and understand what it can do. Maltego has a huge number of functions, it makes no sense to analyze them within the framework of one article. And the dimensions of this article will not be real, it is more correct to explain the principle of work on the most relevant examples. One of the most common uses for Maltego is to research and retrieve information about sites. This is what we will do. Because this will be the easiest way to understand how to work in this program. We need to create a starting point from which we will start collecting information. In our case, we know the domain, so we will start with it. Now we can proceed directly to the application of transformations. Here we should remember an important point. Depending on what information we need, we can either use transformations one at a time (or groups by section).
This is suitable if we need some specific information and we know what we are looking for. Alternatively, Maltego allows you to apply sets of transformations. They are called Machines. This is more suitable for analyzing the overall picture and choosing a direction for further research. As a result, we see the domain registration data. As you can see, here are the phone numbers, postal addresses, and geolocation. As you can see, with one action, we have already significantly expanded our knowledge about the object. Now, if desired, we can work with the received information. For example, to check whether there are phone numbers found on any other sites, whether other domains were registered on them, just run them through the search engine or try to find the e-mail addresses associated with them.
The working area is the place where you will place all the elements of the graph (Entities) and connect them using links (Links);
Entity layout – here you will take objects to place on the graph;
Graph layout control panel – if you don’t like the visual display of the graph in the process, you can change it using the panel. For example, from circular to hierarchical, as shown in the figure;
Toolbar – here we have concentrated all the main functions of Maltego. We will talk about this panel a little later and in more detail;
Graph display window – we can see a schematic reduced version of the graph to understand which part we are in. It is useless for small graphs, for graphs of medium and long length – it saves a lot of time when navigating between parts of graphs;
Properties window – here we can see the properties of the object that we have selected. With the help of these windows, you can change them without opening the object window;
The window for the text output of Transforms operations – the execution log of the Transforms you launched is displayed here. If there are errors in the execution process, then this is where you will see them;
Everything seems to be behind the basic interface. Now, as promised, let’s take a detailed look at the “Toolbar”
Investigate – tab for working with the graph. It contains tools for selecting and searching for elements and groups of elements on the graph. However, the most interesting thing to note is what I highlighted. The Number of Results slider is responsible for the number of added elements per graph after the Transforms have finished. Why is this important? Let me explain with an example: you launched Transform, which should download the accounts of all a person’s friends in VK. At the same time, a person has 100 friends. If you don’t switch the slider to display more results, Transform will download only 12 (VK accounts) and won’t even give an error. And you will puzzle why a person has 100 friends in VK, but Maltego does not upload what you see. The other function I mentioned is responsible for selecting connections. For a beginner, finding out how to highlight and remove false or unnecessary relationships between objects can be a real challenge. And the function is in the most prominent place. Why the separation of objects and connections is scattered is a mystery shrouded in darkness.
View – here everything follows from the name. Part of the functions duplicates the graph layout control panel. The rest helps with orientation near.
Entities – work on objects tab. Here we can customize the current objects and even add our own.
And here it is worth paying special attention to the Manage Entities section. It is not clear why, but initially not all available objects are displayed in the “Entity Layout”. I understand, it sounds strange, but the fact is the fact. The most eloquent example is the objects of social network profiles. By default, we only have Twitter and Facebook listed. And even the search from the layout does not help. To display the missing items, you need to do the following:
1. Go to the Manage Entities window.
2. In the window, find the object we need and click on the 3 dots next to it.
3. The object editing window will open, and in it go to the AdvancedSettings tab and check the PaletteItem check box;
4. PROFIT! Now the object we need is available in the layout window. Collections – a tab that determines the order of grouping of elements of the same type.
Maltego can group elements of the same type for ease of display. This simplifies the graph when working with large arrays of elements. Agree, it’s easier than, for example, 1000 VK accounts scattered across the graph…
Transforms – similar to Entities, this tab allows you to edit Transforms or add your own. Required for those involved in the development of Transforms. If you do not indulge in such things, then it is not very informative for you.
Machines – and this is already an interesting tab. We can run and create Machines on it. This is an automated sequence of Transforms that corresponds to the concept of searching for information on an object.
Now I will explain everything more simply. Here is, for example, a company. And there is the concept of finding information about it. That is, first we do Transform, which searches for all the domains of this company, then we download information on domains, then what mails are available in open sources under such domains… I think you got the idea. Machines is something like a sequence of Transforms we need to do to get all available information on a company.
Collaboration –this tab helps us make a common mode of operation. So! SO! In Maltego, even in the Community version, there is an opportunity for several people to work on the project at the same time.
In this case, the Paterva public server will be used. The data is encrypted using a key that you enter when layering the graph. In the paid releases of Maltego, there is an option to turn a private server into the same Paterva or to raise your own with blackjack and courtesans.
Import | Export – is responsible for inputting and outputting information to and from the graph, respectively. We are especially interested here in the “GenerateReport” function, which will not just throw information at us, but also structure it into a report, and do everything in PDF. In general, beauty and time.
Windows – last in line, but last in value. If you accidentally ticked a cross and closed a window, then you should come here. It is on this tab that we can re-enable any window that was accidentally closed.
That’s basically all I wanted to say about Maltego’s interface, without going too far. I hope this article will be useful to you. Especially for those who are just starting to work and get to know this program. Personally, at one time, I drank a lot of blood searching for how to display the necessary objects in the display.
395 
303 
299 
252 
255 
251