On other occasions, in terms of Informatic security, we have expressed the following well-known phrase "The weakest link in the security chain is oneself". And this applies both personally and professionally. Given that many times we are leaving many traces of digital information value on us, both voluntarily and involuntarily. And third parties may obtain such information, using various services or tools, free or paid, such as «maltego».
For those less knowledgeable in this IT field, «maltego» is a tool of data mining capable of obtaining through the Internet, data from third parties such as: telephone numbers, domains, subdomains, email addresses, names, locations, social network profiles, among others.
And as usual, before entering fully into today's topic on this interesting data mining tool call «maltego», we will leave for those interested in previous publications related to other fields of Computer Security, Hacking, Pentesting and OSINT, the following links to these. In such a way that they can easily explore them, if necessary, after finishing reading this publication:
"OWASP is an open source project dedicated to determining and combating the causes of insecure software. While, OSINT is a set of techniques and tools used to collect public information, correlate data and process it, in order to obtain useful and applicable knowledge for certain objectives or areas. OWASP and OSINT: More on Cybersecurity, Privacy and Anonymity
Maltego: Collection of information on the internet
What is Maltego?
According to the developers of «maltego» at their Official website, it is described as follows:
"A comprehensive graphical link analysis tool that offers real-time data mining and information gathering, as well as representation of this information in a node-based graph, allowing patterns and multi-order connections to be easily identified between said information". What is it? Maltego
In addition, they add the following to it:
"With Maltego, you can easily pull data from disparate sources, automatically merge matching information into a graph, and visually map it to explore your data landscape. Maltego offers the ability to easily connect data and functionality from various sources through the use of transformations. Through the Transform Hub, you can connect data from over 30 data partners, a variety of public sources (OSINT), as well as your own data".
Features about Maltego CE
It is worth noting that, Maltego is not Free Software or Open Source, but it comes in several editions that include a free and community edition call Maltego Community EditionThe simplemente Maltego EC. Which is widely used by many professionals in the Informatic security Worldwide. Above all, because it usually comes integrated or easily accessible (installable) on GNU / Linux Distros in the field of Hacking and Pentesting, such as Kali and Parrot.
"Maltego CE is the community edition of Maltego that is available free of charge after a quick online registration. Maltego CE includes most of the same functionality as the commercial version, however it has some limitations. The main limitation is that the CE edition cannot be used for commercial purposes and there is a limitation on the maximum number of Entities that can be returned from a single Transformation.". What is it? Maltego EC
Maltego EC includes the following features:
- Ability to perform link analysis on up to 10.000 Entities on a single chart.
- Ability to return up to 12 results per Transform.
- Inclusion of collection nodes that automatically group entities with common characteristics.
- Share charts in real time with multiple analysts in a single session.
- Graph export options, including the following: Images (jpg, bmp, and png), Reports (PDF), Tabular formats (csv, xls, and xlsx), GraphML, and entity lists.
- Chart import options, including the following: Tabular formats (csv, xls, and xlsx) and chart copy and paste capabilities.
Installation and execution
In our use case, for your test, that is, your installation and execution on GNU/Linux, we will use as usual the Respin (Snapshot) based MX-21/Debian-11, called Miracles, as shown in the following images. In addition, if we have previously registered in the Maltego web platform, in order to make use of your Community Edition Maltego CE.
Download installer from its Download Section
Install via CLI (Terminal / Console) from the Download folder
Run command: «sudo apt install ./Maltego.v4.3.0.deb»
Launch via the Applications Menu
Tool configuration and exploration process
Maltego configuration menu for Java
Configuration and Exploration of Maltego CE
Finally, for more official information on Maltego EC the following links can be explored:
Also, its use in combination with the tool called SEAL, allows a more powerful generation of user and company profiles.
It is well known that professionals in the "Hacking & Pentesting" area prefer GNU/Linux over Windows, macOS or other Operating Systems for their professional work. Since, among many things, it offers a greater amount of control over each element of it. Also, because it is very well built and integrated around your Command Line Interface (CLI), ie your terminal or console. Additionally, it is more secure and transparent because it is free and open, and because Windows/macOS is often a more attractive target. Ethical Hacking: Free and open applications for your GNU / Linux Distro
Summary
In summary, «maltego» It is a useful and practical tool to collect information on the web. Going even to allow third parties to find user profiles in any social network, which may or may not raise suspicions of malicious operations or that are simply of interest to others. This, because its capacity includes obtaining valuable information through the use of OSINT open sources. And besides, it is very easy to install and use on our Free and open operating systems, in other words, GNU / Linux.
We hope that this publication is very useful for the entire «Comunidad de Software Libre, Código Abierto y GNU/Linux»
. And don't forget to comment on it below, and share it with others on your favorite websites, channels, groups or communities of social networks or messaging systems. Finally, visit our home page at «DesdeLinux» to explore more news, and join our official channel Telegram from DesdeLinux.
The bad thing is that it requires 4 GB of RAM.
Regards, ArtEze. Thanks for your comment. It is certainly not a lightweight tool.