Monday, September 5, 2011

Maltego Update Pack!

Introduction

I know it really has been a while since we last updated anything or made a new blogpost (almost a month!) but things really have been crazy around here! Roelof has been away at 44con and should be making his way to the airport as you read this. It seems to have gone phenomenally well with one of the attendee's referring to him as 44con's "blue eyed boy". Additionally the guys over at Pinkmatter are frantically working on the new releases (3.1, CaseFile and the 4.0 branch!). Those of you lucky enough to attend 44con got to see the sneak peak of 4.0 and our ideas for it. Those of you not lucky enough will have to wait until Roelof decides its time for another video :)

But on with the updates! We have been slowly pushing transforms to the commercial and community users, however today we are unleashing all 50 (yes, 50) transforms! And as we speak I am uploading a document that covers the majority of them. All of them were developed using the TDS ( https://www.paterva.com/web5/TDS/index.php ). Feel free to develop some of your own - it's really easy!

The new transforms deal with things like Images, EXIF, GPS co-ordinates and Aliases, and as such you will need new entities so that you can use these types of information within Maltego. I've split it into two sections (I see we now blog with sections!), the quick way for people who know how to import entities already, and the long way which goes into a bit more detail (read pictures).

The quick way
  • Download the entity pack (www.paterva.com/UpdatePack/MaltegoUpdatePackEntities.mtz )
  • Manage Tab -> Import Entities -> locate file above
  • Next-> Next -> Finish

The long way

  • Download the entity pack (www.paterva.com/UpdatePack/MaltegoUpdatePackEntities.mtz )- It's a .mtz file, save it somewhere you can get to
  • Within Maltego click on the "Manage" tab at the top
  • Click on Import Entities
  • Select the file from the wizard and click Next
  • Check the entities checkbox and click Finish

1. Click on the Manage Tab

2. Click on Import Entities

3. Select the file you downloaded earlier and click Next

4. Check the entities checkbox and click Next


5. Click finish and enjoy!


At this stage you should now have new entities in the Palette on the left, as seen below:



Now that we have the entities setup, lets get some new transforms!

Discovering new Transforms

I didn't split this into sections as this is relatively quick and painless
  • Under the manage tab again, click Discover transforms
  • Click next through the wizard and enjoy your new transforms!
You should now have all whopping 50 transforms!


Some of my favourites
  • IPAddress to Wiki Edits - Shows what wikipedia pages specific IP addresses modified
  • Alias to Facebook Affliation - Use an alias found else where (say myspace) or added yourself to find out if there is a facebook affiliation with the same vanity URL!
  • To Exif Information - Useful when used in conjunction with twitpic to determine locations, devices and other information about targets
  • To Location GeoCode - Used to take GPS co-ordinates to a specific address

Documentation

Its definitely worthwhile however to read the documentation describing most of the new transforms, its a big download (24mb!), but definitely worth it!

Get the documentation here: http://www.paterva.com/UpdatePack/Maltego3TDSTransformGuideAM.pdf

Disclaimer

While we have done our utmost to test these transforms, please let us know if any don't work as advertised and we will try and get it fixed as quickly as possible.

"The way I see it, if you're gonna build a time machine into a car, why not do it with some style? "
-AM

2 comments:

  1. Building GPS co-ordinates into your software is a really nice idea. you guys keep up with the times...

    ReplyDelete