Description
Maltego is an interactive data mining tool that renders directed graphs for link analysis. It maps relationships between people, groups, domains, IPs, infrastructure, and social networks to provide a clear intelligence picture.
Installation
BASH
# Download from maltego.com (CE version is free)
# Kali: pre-installed
maltego
# Community Edition: Free with registration
# Pro/Enterprise: Paid license requiredBasic Usage
BASH
# Launch Maltego
maltego
# 1. Create new graph
# 2. Drag entity (domain, email, IP) to canvas
# 3. Right-click → Run Transforms
# 4. Analyze relationships
# Common starting entities:
# - Domain → subdomains, IPs, DNS records, whois
# - Email → social profiles, breaches, domains
# - Person → social media, phone, email
# - IP → reverse DNS, ASN, geolocationAdvanced Usage
BASH
# Transform Hub (community transforms)
# Shodan, VirusTotal, Have I Been Pwned, etc.
# Custom transforms (Python)
# Create transforms that query custom APIs/databases
# Footprinting methodology:
# Domain → DNS → IPs → Ports → Technologies → Vulns
# Person → Emails → Domains → Infrastructure
# Machine (automated transform chains)
# Machines run sequences of transforms automatically
# Built-in: Company Stalker, Footprint L1/L2/L3Common Workflows
BASH
# Organization footprint
# 1. Add company domain as entity
# 2. Run "To DNS Name" transform
# 3. Run "To IP Address" on each subdomain
# 4. Run "To Netblock" on IPs
# 5. Map: subdomains ↔ IPs ↔ netblocks ↔ technologies