Reconnaissance is crucial for successful hacking/pentesting. Maltego is a unique tool for finding data via open source information across the world wide web and displaying the relationships between this information in a graphical format.
From Paterva's, Maltego's developer, own web page, they describe Maltego as;
"Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.
Maltego uses the idea of transforms to automate the process of querying different data sources. This information is then displayed on a node based graph suited for performing link analysis."
In an earlier tutorial, I demonstrated how to use Maltego to perform reconnaissance on a company or domain. In this tutorial, we will look to use Maltego to perform reconnaissance on a specific person. This might be used to help find or track that person, find what email addresses they use, find where they work or institutions they are associated with or even something as simple as a phone number.
Let's get started!
Step #1 Fire up Kali and Start Maltego
As usual, let's start by firing up Kali and then go Applications -->Information Gathering-->maltegoce. This will start the opening of Maltego Community Edition (ce) that comes standard in Kali, as seen below.
Maltego is a Java application and is VERY memory intensive, so give it as much memory as you can afford. It will run on as little as 2GB, but rather slowly.
Step #2 Log in to your Maltego Account
In my previous article on Maltego for domain reconnnaissance, we opened an account with Paterva, the developer of Maltego. If you haven't opened an account, do so now. If you have opened an account, simply login now.
Step #3 Start a Machine
Once you have logged in, you will be greeted with "Start a Machine" screen like below. In my previous article, we had chosen to search a domain. Here we will be looking for a person. Scroll down a bit until you come "Person-Email Address" and click on the radio button to the left.
Step #4 Choose A Target
The next step is to choose a target of our Maltego search. In this case, we will specifying the shadowy, Russian-born associate in President Trump's White House, Boris Epshteyn. Mr. Epshteyn worked in the Trump Administration until recently when he was fired as the FBI investigation into Trump's ties to Russia began to close in.
Let's make him our target and see what we can find out about him with Maltego.
After we hit Finish, we will be greeted by a screen like that below. You can specify the domain you want to search (e.g. whitehouse.gov, gmail.com, or others) for email addresses or put a space on that line to search ALL domains.
I put a space in to search all domains. In addition, I put a space in the next line, Additional term. Now, hit Run!.
Step #5 Select the Appropriate Email Addresses
Now, Maltego will go out to the web and search for any email addresses associated with the name "Boris Epshteyn". As you can see below, it has gathered a number of email addresses associated with that name. Not all of these will be linked to our target, but all will be linked to the name.
We need to next select which of these addresses we want to work with. I went ahead and selected all of them. When I hit Next at the bottom of the email list, Maltego begins to generate of graph of all the email addresses. as we can see below
In addition, we can go to the far left window labelled "Entity Palette". There we can find additional entities that Maltego can search for related to the target person. I went ahead and clicked on "Phone Number" to see whether we can find a phone number for our shadowy Mr. Epshteyn.
Step #5 Create a Graph of the Target
In the final step, we can the click Full Screen symbol to the upper left of the graph and we can display all the information that Maltego gathered about our target, Boris Epshteyn. Note all the email addresses and phone numbers displayed for our target and the links between them.
On this graph display, we have several choices on the left hand panel to display the information in multiple formats. Play around with each of these to find the format that best conveys the information you are seeking.
Conclusion
Maltego is an excellent tool to conduct open source data mining across the Internet. In this way, we can automate the process of gathering crucial reconnaissance on a potential target and save ourselves many hours of tedious work and potential missed links.