Tool Review: Maltego

Have you ever watched a movie that you thought was fall down hilarious when you wore a younger person's clothes, now? I watched Hollywood Knights last night and man when I first saw that movie I laughed so darn hard I could hardly hear the dialog. I set my wife up for how funny this movie was... but we didn't laugh as much. She hardly did at all. Although it was still funny and much better then, The Muppets Christmas, it was kinda dated humor. Sometimes I wonder if we passed the golden era of network hacking or maybe it is the golden era of network discovery. I strongly believe that network recon has no doubt changed. Which is kinda of bummer, because I could see the active discovery process happening on my Snort sensors. I used that data to determine risk factors to my network and plan accordingly. Back in the day, data mining was basically searching the Edgar database, classified ads, DNS records and newsgroups for any info on our target. Then came Google and Google Dorking ( then public data mining turned a simple web browser into a awesome recon tool. I just read about Roelof Temmingh's data mining tool; Maltego that took Microsoft's Blue Hat summit by storm last October. You may have one of ole Roelof's books on your bookshelf. He co-wrote; "Penetration Testers Open Source Toolkit" back in '05. The write up was interesting, so I went out to his website to have a look around... Maltego is available in two versions fee based (Maltego) and non fee based (community edition). I downloaded the free version to see how it works and what it really does. At 10.5 meg it is a small download. Install was simple and fast. It was packaged with open source Izpack that required little interaction from me and no real dependencies or reboot. I fired it up to blank white screen with applets on the side, kinda like Whats Up Gold used to be. I started dragging/dropping stuff, but I really was not too impressed. I thought the writer of the article must have been smokin' weed or something. I looked for a users guide and found one on the site BUT I also found a video tutorial section as well. They have four great screen shot only videos with a pleasant sounding lady with an English accent (nice touch) walking thru the product. I went back and started practicing what I learned and WHOLLY SMOKES! What an incredible tool! Not only does this do data mining but more importantly it does data correlation. It shows the connection between multiple data sources. That is an amazing feature that really open my eyes to a brave new world of security methodology. I ran a look up on my name and actually discovered a bot sensor I have deployed in Europe with my name on it. That is a major league goober mistake on my part! I fixed that then and there! This is really a great product that I will not uninstall on my machine. I would highly highly recommend Maltego for any network security professional out there today. It is highly configurable, works great and the sky is the limit here. I was in the United States Navy for almost 10 years. I took a few counter intelligence class where we took non classified information from various sources, correlated it with each other and could actually determine classified information a majority of the time. Tools like Maltego can really change the game for hackers today. They can take basic info from technotes, blogs, bug reports, newsgroups, etc and determine a vulnerability without stealing source code or reversing before it is known to the vendor. Plus, imagine what folks can found out about you by correlating data from blogs, social and professional websites... It is the dawning of a new era in network recon and that era is data correlation. Get ahead of the curve and understand this by using this amazing tool. Hey folks, thank you for reading and participating in this blog. I am very grateful and would always love to hear about ways to improve it (other then grammar which is a lost cause from years back...). Have a Merry Christmas and Happy Holiday Season Respectfully, Jimmy Ray Trivia File Transfer Protocol Galileo was the true definition of an old school hacker. In the 1600's when he heard the telescope was invented, he was too poor to buy one. So in open source fashion, he went out and purchased 3 lenses from a eyeglass shop, started grinding them down and made his own. When it was finished, it was the most powerful scope in the world.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022