What is Maltego?

What is Maltego?

by
Share on LinkedIn Share on Pinterest

Maltego is an analysis software that allows searching and linking information on the Internet. The data mining tool visually displays the information found using directed graphs and allows further analysis. Sources for searching information include websites, social networks, search engines, or publicly available databases.

What is Maltego?

Maltego is an interactive data mining tool that searches for information on the Internet and in publicly available sources, links them, and presents them in the form of directed graphs for further analysis.

The software is proprietary and is developed by South Africa-based Paterva and distributed by Maltego Technologies. In addition to commercially usable clients, a free client version (Maltego CE) is available for non-commercial use. To search for information, the tool uses publicly available sources such as websites, social networks, search engines, or databases.

The search is based on so-called Open Source Intelligence (OSINT). Among other things, social networks such as Facebook or Twitter and DNS or Whois entries can be searched. Due to the graph-based representation, relationships between the information found and any existing patterns are easily recognizable. Relationships between people, groups, networks, infrastructure components, domains, and other objects (entities) can be displayed.

READ:  What is BSI Standard 200-1?

The first version of the tool was released in 2007. The first commercial version of the software, version 2.0, was released in 2008. The clients are written in Java and run on Windows, Linux, and macOS operating systems. The software is used by security analysts, penetration testers, intelligence agencies, police authorities, hackers, private investigators, and numerous companies. The tool can also be used to prepare for social engineering or social hacking attacks.

The way the data mining tool works

The tool is based on the client-server principle. The client installed on the user’s own computer connects via the Internet to the Maltego server, which performs the actual searches on the network. The server has interfaces to online services, databases, and social networks. Public sources that are queried by the server are for example:

  • Search engines such as Bing or Google
  • DNS and Whois servers
  • Publicly accessible websites
  • GeoIP databases
  • PGP key servers
  • Social networks such as Facebook and Twitter

In addition, closed information sources can be integrated into the search. For this purpose, Maltego Technologies provides server software that can be flexibly adapted to different search requirements for operation on the user’s own infrastructure. The user can specify entities such as persons or domains via the client. The server shimmies through the various sources of the Internet via found links and displays the found entities in a graph with nodes and directed links.

READ:  What is PPTP (Point-to-Point Tunneling Protocol)?

The entities of a graph are for example People, phone numbers, domains, email addresses, aliases, groups of people, organizations, companies, DNS names, IP addresses, network areas, documents, and files.

The different client versions

Maltego Technologies currently offers two different clients for online data mining. These clients are Maltego One and Maltego CE. The former client versions XL and Classic are no longer available for new customers. The CE client is freely available and can only be used for non-commercial purposes.

Compared to the commercial versions, there are some restrictions, for example, regarding the maximum number of entities that can be displayed or the export functions of the graph. The basic functionality is the same for all three clients. The clients are all based on Java and run in the operating systems Windows, macOS, and Linux. They use ports 80, 443, 8081, and 5222 on the computer’s Internet connection by default.

Share on LinkedIn Share on Pinterest