Maltego OSINT Tool Intro
Maltego is a tool for OSINT and visual link analysis. It can pull data from multiple sources to explore the properties of entities and the relationships between them. It’s useful for cyber threat intel analysts, OSINT analysts, and other infosec pros.
The list of entities Maltego can work with includes company, CVE, device, DNS record, domain, email address, file, hash, image, IP address, location, organization, phone number, phrase, port, URL, website, and more.
The free transforms (data sources) include STIX 2 Utilities, Abuse.ch URLhaus, AlienVault OTX, ATT&CK — MISP, GreyNoise Community, Have I Been Pwned?, OpenCTI, VirusTotal (Public API), and more.
The paid transforms include Cisco Threat Grid, Cofense Intelligence, CrowdStrike Intel and ThreatGraph, Digital Shadows, DomainTools Enterprise and Iris, Mandiant, Flashpoint, Intel 471 Enterprise and Pro, Recorded Future, Shodan, ThreatConnect, ZeroFOX Transforms, and more.
Maltego Setup
- Download Maltego.
- Install Java if it’s not already installed.
- Run Maltego. Choose a Maltego product/edition. You can start with the free Community Edition (CE). Here’s a comparison of the products.
- Install additional transforms as needed (Transforms tab > Transform Hub). You can see details there, and on the Maltego site.
- Hit Cmd/Ctrl + T to create a new graph. Use the Entity Palette on the left to add entities to the graph.
To learn more about what you can do with Maltego, see the resources below.