Maltego Radium is a penetration testing tool that collects public data about organizations, websites and identities, to know the social and technological presence on the Internet. The tool interface is very useful and interactive. It enables in-depth analysis of online interrelationships and expands the “knowledge capacity” of electronic identities.
This tool allows scanning of emails, phone numbers, websites, organizations, domain, by offering access to information that would often be “invisible” otherwise. All the information can be found if you use the Bing search engine, the one used by the application. Visual results are interactive and include half a dozen visualizations in social network (node link) format. The presentation will show how to perform “machines” and “transformations” of a goal, how to visually map the data, and how to analyze it.
Before using Maltego
People are often linked to their pseudonyms with real-world personally identifiable information (PII). They act on interests (which are expressed electronically) and their interests reveal something about who they are.
In people’s online relationships, you can identify an unknown node based on connections, power relations, intercoms, and external identities. It’s these nodes that Maltego analyzes.
All online actions can be linked to geographic locations, and those locations can be revealing. The ability to know an unknown node/entity (or group) increases when a collective and complete electronic footprint is represented.
Social Network Analysis (SNA)
What is social media analytics? The goal of social media analysis is to understand a community by mapping the relationships that connect them as a network and then trying to extract key individuals, groups within the network (‘components’) and/or associations between individuals. We can also talk about Electronic Network Analysis, in this case we distinguish:
STARTING TO USE MALTEGO
The Maltego program uses Java and runs on Windows, Mac and Linux. Create 2D or 3D objects in your GUI (graphical user interface). Enables complex and fast crawls without the need for command-line encoding.
Displays links between people; groups of people (social networks); companies; organizations; websites; Internet infrastructure (domain, DNS names, network blocks, IP addresses); phrases; affiliations; documents and files
Based on open source information (publicly available) or “open source intelligence” (OSINT). It does not involve breaking network controls to access information. The information is public.
It assumes that the information that comes in isolation may become malicious in combination and/or related to other data (as in the “big data” analysis). It is a “dual use” technology with a variety of analytical uses and “data collection” / structure extraction / data extraction.
Network Penetration (“Pen”) Testing
Maltego radium is a pentesting program. “Penetration” is defined as unauthorized access or “intrusion” to a protected network. Combination of attacks on hardware (device exploits), software (malware, password decryption, keystroke loggers and Trojan horses) and wetware (social engineering, phishing and spear phishing).
Maltego is a paid application in its full version, but it has a free version called ‘Community Edition’ with some limits, which is the one that will be used in this introductory article.
Accessing Maltego Radium
To install Maltego have us to go to this address: https://www.maltego.com/downloads/. Once installed we get to the main screen which can be seen below:
For better use of Maltego radium it is necessary to install TRANSFORMADAS. They are so to speak as plugins, plugins to improve the program. Useful transforms can be as follows:
Creating a new graph
After creating a new chart we have several tools that we can use on the left side, the options palette:
Looking for a domain
Let’s look at the information provided by the DOMAIN option, which allows us to view public information for a domain.
In this domain option we will see data such as:
- DNS name. Like ftp, mail, website, etc.
- NS record. NS stands for “name server”. The name server record indicates which DNS server is authoritative for a domain (which server contains the DNS records themselves). Basically, NS logs tell the Internet where to go to find a domain’s IP address.
- Domain. The domain of the website.
- Email addresses.
- Contact phone number.
Looking for a website
Let’s look at the information provided by the WEBSITE option, which allows us to view public information for a domain.
In this option we can find data such as:
- Website domain.
- Ipv4 page address.
- Technologies used on the website by using Builtwith.
- Subdomains of the website.
- Emails found within the website.
- MX records. An MX record is a type of record, a DNS resource that specifies how an email should be routed to the Internet.
- Whois from the website.
Maltego radium is a program that allows you to create relationship trees on the internet without having to look for all the concepts separately. Using data mining, you create maps of relationships between a web page and its surroundings.
The use of transforms allows you to add more funiconalities to the program and it is recommended to install several of them. In this case, you need to get an API before you can use that transform.
[…] few months ago I wrote an article on data mining with Maltego (you can see it here -> Maltego radium: Mapping Identities and Network Links on the Internet). Well, one of the transforms it has is precisely the use of […]
[…] already talked about this tool in the article Maltego radium: Mapping Identities and Network Links on the Internet. To install maltegotenenos you go to this address: […]