4 releases of Maltego. Principles of work and opportunities

When viewing user profiles of social networks, one involuntarily asks a question, but how much information is in open sources? It is clear that a lot. But how to count it? And who else, besides special services and corporations of the Google or Microsoft level, has the resources and mechanisms to systematize this? The creators of Maltego software assure - from anyone. In this article I will analyze practical examples, go over the functionality and principles of this tool.

We will consider it is a commercial release. Because the Free version is good, but it’s much more interesting to see the opportunities that you can get only for a pretty penny from third-party companies like Social Links.

I must say right away: the article will most likely not be one. As I gain access to various additional benefits of commercial releases, Maltego will try to write about what each option expands specifically, and whether it is needed at all.

“Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet »

If in Russian (well, it seems to be correctly translated), then Maltego is a program for finding information that forms a graph based on an analysis of relationships. This software is used in online investigations to automate the process and search for links between pieces of information that are located in various Internet sources.

In other words, Maltego can, according to given parameters, search for various information on the Internet from open and not very sources. All that it finds is assembled into a circuit, and after that it builds logical links between the data. There are 3 elements for this in the program itself: Entities, Transforms and Links.

An object. Something or someone. Information that has been given some kind of logical meaning. For example, a specific person, company, computer, website.

This is a method or process. This is how Maltego pulls out and interprets the information found. For example, it downloads data from a social network from a person’s page to the resulting graph.

This is a connection. They are built between Entities and reflect the logical connection of elements among themselves.

Now we will go directly to the form in which we can use it and, finally, calculate on social networks how Natasha from 11B developed there.

The creators of Maltego, PATERVA, offer the following releases to choose from.

Maltego case file

This version is without the ability to apply Transforms. This release is used by people who run OSINT manually. They just need an ecosystem where they can keep their Sherlock Holmes notes. In this context, Maltego replaces a whiteboard with threads and photographs. The release does not limit the size of the graph that you can build, it allows commercial use. But it has only one upload function - to the paid version of Maltego.

Next up is Maltego CE (Community Edition).

Maltego ce

This is the public version of Maltego, which is intended for educational use.

It is part of Kali Linux and provides access to the so-called Free Transformation Hub. This is a list of companies that provide probes for their Transforms for Maltego. There is no sense from this release, but only on foreign social networks. In the RU segment, everything is dull. Also, this release does not allow commercial use.

The maximum output size for one Transforms is limited to 12 Entities. In other words, at the request of searching or downloading any information, you will receive only the first 12 options. The maximum graph size is 10,000 Entities. Technical support is absent as a class, but export can be done in any accessible form, including in the form of an OSINT report in PDF with a graph application. And all this set with registration (you will need to create an account for work), but without SMS.

Maltego classic

Basic release of Maltego. Here we already get technical support (it is not clear what issues it solves, but let it be). The same basic Transforms package as in the CE release and access to the Commercial Transform Hub. There are almost all the same companies. For a decent fee, you are ready to provide additional sets of Transforms and Entities for OSINT for every taste.

Want to search on social networks? Here you have Social Links. If you want to unload from the Shodan search engine on the ports and vulnerabilities of the website - please! If you want data on the domain and the history of the IP address change from the DomainTools service, take it. The main thing is money in advance.

The maximum size of the graph remained at around 10,000 Entities, but the maximum upload size for one request rushed to 10,000 Entities conclusions instead of 12.

Maltego XL (eXtra Large)

For those who care about size. If you know what I mean.

Well, seriously, in this release we get all the same functions as in Maltego Classic, only the size of the graph has grown from 10,000 Entities to 1,000,000! The upload size from one Transform is now not 10,000, but 64,000 results. I don’t know who might need such a large amount of information, but since there is such a version, then, following the laws of the market, there is also demand.

Next, I will give a summary table comparing all versions, so that it is clear how they differ.

Maltego Version Difference Summary Table

Finally, a few words about the Transformation Hub. Here lies the main catch. Maltego itself is a pretty good tool. But what’s called “Standard OSINT Transforms” in the nameplate is just a small set of basic mechanisms: uploading information from Bing, searching for a telephone using the database of US telecom operators, etc.

Not much. And here the city rescues, like Batman, the Commercial Transform Hub.

Commercial Transform Hub

It consists of companies that offer additional Entities and Transforms for money, as well as access to their functions to expand the capabilities of Maltego. The inscription Free under some of them only means that they will let you download the package for free, or there is a trial period. To use Transforms from any company, you will need either an account on its website, or an API key, or a license key. All this - only after clicking on the link to the website of these companies and only for money (with rare exceptions).

Regarding pricing: if you are an Arab sheikh, you can buy everything and not understand what comes in handy. For everyone else, the mechanism is this: we look at what each member of the hub can offer, and we select a tariff based on our budget.

On this, perhaps, I will finish the first part of the analysis. In the second - let's see what Maltego can do and what it looks like. I will review the interface and basic functions of the software. Stay tuned for new posts.

To be continued...

