1
00:00:06,446 --> 00:00:08,409
- [Omar Santos] Maltego
is a pretty interactive

2
00:00:08,409 --> 00:00:11,482
data mining tool that is
used in online investigations

3
00:00:11,482 --> 00:00:15,520
for finding relationships
between pieces of information

4
00:00:15,520 --> 00:00:18,824
from many different
sources on the Internet.

5
00:00:18,824 --> 00:00:22,194
It is used by many pentesters
to do reconnaissance

6
00:00:22,194 --> 00:00:26,041
of things like a company
or an organization

7
00:00:26,041 --> 00:00:30,806
or individuals, and then
actually you use that information

8
00:00:30,806 --> 00:00:33,893
to perform social engineering attacks.

9
00:00:33,893 --> 00:00:37,220
It actually allows you
to build relationships

10
00:00:37,220 --> 00:00:41,242
between these entities so then
you can actually understand

11
00:00:41,242 --> 00:00:46,094
your target and perform those
social engineering attacks.

12
00:00:46,094 --> 00:00:50,095
Now, the Maltego Community
Edition is the free version

13
00:00:50,095 --> 00:00:52,762
of Maltego that you can download

14
00:00:54,297 --> 00:00:57,511
after a quick online registration.

15
00:00:57,511 --> 00:00:59,388
You do have to actually register

16
00:00:59,388 --> 00:01:01,391
in order to actually use Maltego.

17
00:01:01,391 --> 00:01:05,558
It will actually ask you for
the registration credentials

18
00:01:06,415 --> 00:01:09,167
whenever you first start it.

19
00:01:09,167 --> 00:01:12,161
Now, Maltego comes by
default in Kali Linux

20
00:01:12,161 --> 00:01:15,786
so the Maltego Community Edition,
and this Community Edition

21
00:01:15,786 --> 00:01:18,788
includes most of the same functionality as

22
00:01:18,788 --> 00:01:22,664
the commercial version, however,
it has some limitations.

23
00:01:22,664 --> 00:01:25,884
The main limitation with
the Community Edition is

24
00:01:25,884 --> 00:01:29,985
that the application cannot be
used for commercial purposes

25
00:01:29,985 --> 00:01:33,516
so again if you're a
commercial pentester, make sure

26
00:01:33,516 --> 00:01:36,574
that you actually have the full version,

27
00:01:36,574 --> 00:01:39,456
so the commercial version,
and there's also a limit

28
00:01:39,456 --> 00:01:43,354
on the amount of number of
entities that can be returned

29
00:01:43,354 --> 00:01:46,483
from a single transform,
and you will actually learn

30
00:01:46,483 --> 00:01:51,045
what are entities and what are
transforms in a few minutes.

31
00:01:51,045 --> 00:01:53,966
Now, Maltego is maintained by Paterva,

32
00:01:53,966 --> 00:01:56,869
and I'm actually including
a link to their website

33
00:01:56,869 --> 00:02:00,415
and also showing here a
table that they actually have

34
00:02:00,415 --> 00:02:02,766
on their website that
includes a comparison

35
00:02:02,766 --> 00:02:04,718
between all the versions of Maltego,

36
00:02:04,718 --> 00:02:07,958
including the Community Edition.

37
00:02:07,958 --> 00:02:11,388
Now, let's first define
the three main components

38
00:02:11,388 --> 00:02:13,021
of the Maltego tool.

39
00:02:13,021 --> 00:02:15,171
The first one is actually the entity,

40
00:02:15,171 --> 00:02:19,686
and an entity is represented
as a note on a graph,

41
00:02:19,686 --> 00:02:22,593
and it can be anything,
such as a DNS name,

42
00:02:22,593 --> 00:02:27,364
the name of a person, a phone
number, an email address,

43
00:02:27,364 --> 00:02:28,864
and many others.

44
00:02:28,864 --> 00:02:30,577
Now, the Maltego client comes with

45
00:02:30,577 --> 00:02:34,049
about 20 different entities
that actually you use

46
00:02:34,049 --> 00:02:36,740
in online investigations,
but you can also make

47
00:02:36,740 --> 00:02:39,968
your own custom entities as well.

48
00:02:39,968 --> 00:02:43,783
Now, the second component is a transform,

49
00:02:43,783 --> 00:02:48,595
and a transform is apiece of
code that takes one entity

50
00:02:48,595 --> 00:02:52,060
to another, in other words,
it actually does this

51
00:02:52,060 --> 00:02:56,486
by querying data from a
data source on the Internet

52
00:02:56,486 --> 00:02:59,746
and then returning the
results as new entities

53
00:02:59,746 --> 00:03:03,913
in your graph, and data sources
are places like DNS servers,

54
00:03:05,084 --> 00:03:09,251
search engines, social
networks, who-is information,

55
00:03:10,315 --> 00:03:11,648
and many others.

56
00:03:12,500 --> 00:03:15,303
Now, you also have the
concept of machines,

57
00:03:15,303 --> 00:03:17,944
and machines chain multiple
transforms together

58
00:03:17,944 --> 00:03:22,027
to automate common tasks,
to provide you actually

59
00:03:23,119 --> 00:03:25,803
with the ability to do automation.

60
00:03:25,803 --> 00:03:28,437
Now, there are a couple of
ways to create a new graph

61
00:03:28,437 --> 00:03:31,811
in Maltego: you can
either click the plus sign

62
00:03:31,811 --> 00:03:35,978
in the top left-hand corner
of the Maltego client,

63
00:03:36,846 --> 00:03:40,389
it's actually the one next
to the application button,

64
00:03:40,389 --> 00:03:44,556
or use the shortcut in
the keyboard, Control + T.

65
00:03:46,324 --> 00:03:49,459
Now, once you have created
a new graph, you will get

66
00:03:49,459 --> 00:03:53,897
a fresh page within the new
tab, and this is actually

67
00:03:53,897 --> 00:03:57,471
surrounded by a range of control windows.

68
00:03:57,471 --> 00:04:02,225
Under the entity pallette,
or the panel, you will see

69
00:04:02,225 --> 00:04:05,755
the different entities
available in Maltego.

70
00:04:05,755 --> 00:04:10,529
You can add entities from the
community, which I will show

71
00:04:10,529 --> 00:04:15,313
later in this lesson, or you
can actually create your own.

72
00:04:15,313 --> 00:04:18,864
Now, to add a new entity to your graph,

73
00:04:18,864 --> 00:04:22,955
click and hold the desired
entity and then drag it

74
00:04:22,955 --> 00:04:24,622
onto the graph area.

75
00:04:25,490 --> 00:04:29,062
Now, in this example, I'm
actually using the person entity

76
00:04:29,062 --> 00:04:32,048
and I'm actually adding my name to it.

77
00:04:32,048 --> 00:04:35,443
The once you actually
have this entry created,

78
00:04:35,443 --> 00:04:38,455
so this entity, you can
then right-click the entity

79
00:04:38,455 --> 00:04:42,629
and select a specific
transform that you want to run,

80
00:04:42,629 --> 00:04:44,195
and in this case actually I'm going to run

81
00:04:44,195 --> 00:04:46,325
all the transforms that are available

82
00:04:46,325 --> 00:04:49,427
to see what the tool
discovers, and as you can see,

83
00:04:49,427 --> 00:04:51,333
the tool is actually pretty fast

84
00:04:51,333 --> 00:04:53,362
and also pretty comprehensive.

85
00:04:53,362 --> 00:04:56,826
You can see that within
a couple of seconds

86
00:04:56,826 --> 00:05:00,201
it actually found my picture
and other relationships,

87
00:05:00,201 --> 00:05:03,453
and other, eight pieces of information

88
00:05:03,453 --> 00:05:05,141
that are available on the Internet

89
00:05:05,141 --> 00:05:07,782
and within the different transforms

90
00:05:07,782 --> 00:05:10,420
that are enabled in Maltego.

91
00:05:10,420 --> 00:05:12,909
It actually even found
things like where I work

92
00:05:12,909 --> 00:05:15,245
and the team that I belong to.

93
00:05:15,245 --> 00:05:18,529
You can even right-click on
the things that are found

94
00:05:18,529 --> 00:05:21,435
like I'm showing here, and
then run transforms against it,

95
00:05:21,435 --> 00:05:25,594
so here I'm actually running
a transform against the team

96
00:05:25,594 --> 00:05:29,652
that I belong to so, the
entity that actually showed,

97
00:05:29,652 --> 00:05:33,067
as you can see, with
time and with patience

98
00:05:33,067 --> 00:05:36,734
you can build a pretty
good relationship map

99
00:05:37,598 --> 00:05:40,879
of an individual or a company.

100
00:05:40,879 --> 00:05:43,252
You can then use this
information to carry out

101
00:05:43,252 --> 00:05:46,621
social engineering attacks,
for example, you can find

102
00:05:46,621 --> 00:05:50,242
an individual's LinkedIn
profile or other folks

103
00:05:50,242 --> 00:05:54,307
that he or she may know
or may be related to,

104
00:05:54,307 --> 00:05:58,399
whether the person actually
has worked or currently works,

105
00:05:58,399 --> 00:06:02,150
any other references to the
things he or she has done

106
00:06:02,150 --> 00:06:06,429
in the past or posted on
Internet, and of course

107
00:06:06,429 --> 00:06:08,966
you can do the same
thing against a company,

108
00:06:08,966 --> 00:06:12,101
and there's actually a
function within Maltego

109
00:06:12,101 --> 00:06:14,601
that is called a company stalker.

110
00:06:14,601 --> 00:06:17,936
In this case, I'm actually
showing that functionality

111
00:06:17,936 --> 00:06:22,082
and I'm just using
example.com as an example.

112
00:06:22,082 --> 00:06:24,199
Now, in this other
example I'm actually using

113
00:06:24,199 --> 00:06:28,251
my person site, which
is omar santos de rayo,

114
00:06:28,251 --> 00:06:30,367
and there you can actually
see that it provides

115
00:06:30,367 --> 00:06:33,151
a pretty comprehensive relationship map

116
00:06:33,151 --> 00:06:38,076
of associated servers, references
to other Internet content

117
00:06:38,076 --> 00:06:42,041
that may actually be related
and many other information.

118
00:06:42,041 --> 00:06:47,013
You can also create maps of
a person's Twitter activity

119
00:06:47,013 --> 00:06:49,576
as I'm demonstrating
here, so you actually have

120
00:06:49,576 --> 00:06:52,904
a transform specifically
and an integration

121
00:06:52,904 --> 00:06:56,123
with actually Twitter,
and for that to work

122
00:06:56,123 --> 00:06:59,966
you do need to have a Twitter
account, and you need to use

123
00:06:59,966 --> 00:07:02,135
actually the Twitter IPI functionality

124
00:07:02,135 --> 00:07:04,814
and a Twitter IPI token.

125
00:07:04,814 --> 00:07:07,233
Now, another cool thing about Maltego is

126
00:07:07,233 --> 00:07:10,572
that it actually has a
community transform hub.

127
00:07:10,572 --> 00:07:13,945
For example, you can download transforms

128
00:07:13,945 --> 00:07:18,112
for things like Shodan, Virus
Total, SensePost toolset,

129
00:07:19,939 --> 00:07:21,987
and even websites and repositories

130
00:07:21,987 --> 00:07:24,654
like the website haveibeenpwned.

131
00:07:25,511 --> 00:07:29,388
Now, as you can see, Maltego
is a pretty powerful tool

132
00:07:29,388 --> 00:07:32,727
that will not only automate
or allow you to automate

133
00:07:32,727 --> 00:07:34,968
a lot of the task but also allows you

134
00:07:34,968 --> 00:07:36,844
to perform reconnaissance on people,

135
00:07:36,844 --> 00:07:39,965
companies, and other organizations,

136
00:07:39,965 --> 00:07:44,329
so then you can actually perform
social engineering attacks

137
00:07:44,329 --> 00:07:48,496
with tools like SET like you
learned in the previous lesson.