Tuesday, January 17, 2017

Making Buzzfeed's TrumpWorld tables into a Maltego graph

Maltego 4.0.15 is on it's way, and with it a brand new interface for importing data into Maltego. With Buzzfeed's recent data dump of "TrumpWorld" we thought we would have some fun mapping out the data, whilst doing a walk-through of the new Tabular importer.

TL;DR
-----

With just a few easy clicks you can map out hundreds of links and entities. We can see the complex layout of Trump business empire, as well as how his social and business circles overlap.

Maltego provides a wide array of transforms to dig deeper into the information we have here. We'll leave that as an exercise for the reader ;)

Person - Company mapping



Person - Person mapping


Company - Company mapping


Just in case anyone was worried that we were getting too political (we're neutral, like Switzerland), here's a graph of Hillary Clinton's email infrastructure. What's the SSLVPN box by the way? ;)

Try It For Yourself

Here are all the Maltego graphs - feel free to open them in any version of Maltego as long as it starts with a 4.  (including the free (4) CE version!).

Download Graph Files


Maltego 4.0.15's new tabular import (aka how we did it)

Start by clicking "Import Graph from Table" under the "Import|Export" section of the ribbon bar.


Click "Next" and select an Excel or csv file.


In this case we will be using "TrumpWorld Data — Public - Person-Org". Once you have selected your file click "Next".


The Hint at the bottom of the next dialogue explains the different connectivity options. We're going to pick "Sequential" because it's really a A->B mapping, but the other defaults are useful in other situations.


We have to tell Maltego which column represents which type of data. We have chosen to map column 1 to a "Company" entity (we've imported it using the CaseFile entity pack in the Transform Hub) and column 2 to a "Person" entity.

The information in the other two columns we won't be using to make entities, so we set them to "Unmapped".


Under the "Map Columns to Links" tab we can choose to use column 3 as the label for the connection between column 1 and column 2.



We can now see a visual representation of how each row will be imported by going to "Connectivity Graph". We see that a link will be made from the Person to the Company.


The final step is to check that all the settings are correct and click "Next" to import the data into Maltego.


You will then see a summary of what was imported.





No comments:

Post a Comment