Skip to main content

Maltego Update Pack!

Introduction

I know it really has been a while since we last updated anything or made a new blogpost (almost a month!) but things really have been crazy around here! Roelof has been away at 44con and should be making his way to the airport as you read this. It seems to have gone phenomenally well with one of the attendee's referring to him as 44con's "blue eyed boy". Additionally the guys over at Pinkmatter are frantically working on the new releases (3.1, CaseFile and the 4.0 branch!). Those of you lucky enough to attend 44con got to see the sneak peak of 4.0 and our ideas for it. Those of you not lucky enough will have to wait until Roelof decides its time for another video :)

But on with the updates! We have been slowly pushing transforms to the commercial and community users, however today we are unleashing all 50 (yes, 50) transforms! And as we speak I am uploading a document that covers the majority of them. All of them were developed using the TDS ( https://www.paterva.com/web5/TDS/index.php ). Feel free to develop some of your own - it's really easy!

The new transforms deal with things like Images, EXIF, GPS co-ordinates and Aliases, and as such you will need new entities so that you can use these types of information within Maltego. I've split it into two sections (I see we now blog with sections!), the quick way for people who know how to import entities already, and the long way which goes into a bit more detail (read pictures).

The quick way
  • Download the entity pack (www.paterva.com/UpdatePack/MaltegoUpdatePackEntities.mtz )
  • Manage Tab -> Import Entities -> locate file above
  • Next-> Next -> Finish

The long way

  • Download the entity pack (www.paterva.com/UpdatePack/MaltegoUpdatePackEntities.mtz )- It's a .mtz file, save it somewhere you can get to
  • Within Maltego click on the "Manage" tab at the top
  • Click on Import Entities
  • Select the file from the wizard and click Next
  • Check the entities checkbox and click Finish

1. Click on the Manage Tab

2. Click on Import Entities

3. Select the file you downloaded earlier and click Next

4. Check the entities checkbox and click Next


5. Click finish and enjoy!


At this stage you should now have new entities in the Palette on the left, as seen below:



Now that we have the entities setup, lets get some new transforms!

Discovering new Transforms

I didn't split this into sections as this is relatively quick and painless
  • Under the manage tab again, click Discover transforms
  • Click next through the wizard and enjoy your new transforms!
You should now have all whopping 50 transforms!


Some of my favourites
  • IPAddress to Wiki Edits - Shows what wikipedia pages specific IP addresses modified
  • Alias to Facebook Affliation - Use an alias found else where (say myspace) or added yourself to find out if there is a facebook affiliation with the same vanity URL!
  • To Exif Information - Useful when used in conjunction with twitpic to determine locations, devices and other information about targets
  • To Location GeoCode - Used to take GPS co-ordinates to a specific address

Documentation

Its definitely worthwhile however to read the documentation describing most of the new transforms, its a big download (24mb!), but definitely worth it!

Get the documentation here: http://www.paterva.com/UpdatePack/Maltego3TDSTransformGuideAM.pdf

Disclaimer

While we have done our utmost to test these transforms, please let us know if any don't work as advertised and we will try and get it fixed as quickly as possible.

"The way I see it, if you're gonna build a time machine into a car, why not do it with some style? "
-AM

Comments

  1. Building GPS co-ordinates into your software is a really nice idea. you guys keep up with the times...

    ReplyDelete

Post a Comment

Popular posts from this blog

Maltego 4 CE / Kali Linux release is ready for download!

Hi there,

We're happy to announce that Maltego 4 is now (finally) ready for the masses! We're releasing the community (free) edition today and the Kali distros have been updated by the kind people from Offensive Security (thanks Dookie/Muts!).  In other words - we're ready to roll on a major upgrade of your favorite information visualization tool.


(click on the image above to see our very grown-up/proper promotional video of Sandra the 15 year old Dachshund and Maltego/Kali Linux. !(We plan to screen this at our booth at a major conference.))

Our decision to make CaseFile free with the release of Maltego 4 had some interesting side-effects. In CaseFile importing data from CSV/XLS was enabled. So too printing. And reporting. So when we made CaseFile free it did not make sense to limit the Kali/CE releases - you'd simply open CaseFile, import the data and save the graph - then open in CE.

So - bottom line - reporting/printing/CSV import is now enabled in the free release…

Abracadabra! It's Sho(dan) time!

Shodan -- used by pentesters, stalkeˆWˆWˆWresearchers and data scientists everywhere to analyze information about computers on the Internet. From webcams to SCADA to looking at where various SSL information in certificates can tie organisations together. It is a common tool used by many different people. We really wanted to get some Maltego goodness on that!

TL;DR -- You can get the Shodan transforms in the transform hub right now. To use all of the different transform options (or you can stick with the free options) you can simply click on settings in the transform hub after installing to add your API key.

There have been transforms written for Shodan before, but we really felt like they needed refreshing. So we took it upon ourselves to look at the information provided by Shodan and decide how we could integrate it into the needs of Maltego users. We first started by looking at what information was readily and easily available and then if it was useful in an n-th order graph. This is…

Visualising the Bitcoin Blockchain in Maltego

This post will provide a quick overview of our new Maltego transforms for visualizing the Bitcoin blockchain. There are 11 new transforms in the seed which use Blockchain.info’s API to query data from the blockchain.

(Screenshot's in this post are taken with the Maltego 4 beta release.)
Before we begin, it is important to have an understanding of how Bitcoin and their transactions work so I will start with an overview of some of the main concepts:
Bitcoin Overview
Bitcoin address: Bitcoin addresses are transaction endpoints that are used to send Bitcoin to another person. A person can generate as many addresses as they want and people should (which they often don’t) use a new address for every transaction that is made. An address is represented with a 26-35 sequence of alphanumeric characters and looks like this: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2. For a more in-depth explanation of Bitcoin addresses you can have a look at the Bitcoin Wiki here.
Bitcoin wallet: A Bitcoin wallet is …