Enter your keyword

Footprinting using Maltego

Maltego is an open source intelligence and forensics application. It gathers information about a target and represents in an easily-understandable format.

Requirements:

  • Kali Linux virtual machine

 

Objectives:

  • Identify IP address
  • Identify Domain and Domain Name Schema
  • Identify Server Side Technology
  • Identify Service Oriented Architecture (SOA) information
  • Identify Name Server
  • Identify Mail Exchanger
  • Identify Geographical Location
  • Identify Entities
  • Discover Email addresses and Phone numbers

Currently there are three versions of the Maltego client namely Maltego CE, Maltego Classic and Maltego XL. This tutorial will focus on Maltego Community Edition (CE).

Kali Linux comes with Maltego installed. Launch your Maltego from the applications bar. In case it is your first time using Maltego, just select the Maltego CE (Free) edition and create a free account on https://www.paterva.com/community/community.php

Maltego Basics

  1. Click on (+) icon located at the top-left corner of the GUI (in the toolbar) to create a new graph window (like a blank document).
  2. Go to left panel and expand the Infrastructure node under Entity Palette. This list have a bunch of useful entities such as AS, DNS Name, Domain, MX Record, etc.

alt text

  1. Drag the Website entity to your New Graph(1) section.
  2. Rename the domain name to www.certifiedhacker.com

Identifying the server side technology

  1. Right-click the entity and select All Transforms and click To Server Technologies [BuiltWith]

alt text

Note: Maltego can be useful to show results in more dynamic way processing by visual demonstrating interconnected links between searched items.

Identifying the Domain

  1. Create a new graph or delete/save the previous results.
  2. Right-click the Domain entity and select All Transforms -> To Domains [DNS].

alt text

This transform will attempt to test name schemas against a domain and try to identify a specific name schema for the domain.

Identifying the SOA information

  1. Create a new graph or delete/save the previous results.
  2. Right-click the Domain entity and select All Transforms -> To DNS Name – SOA (Start of Authority).

alt text

Identifying the Mail Exchanger

  1. Create a new graph or delete/save the previous results.
  2. Right-click the Domain entity and select All Transforms -> To DNS Name – MX (mail server).

alt text

Identifying the Name Server

  1. Create a new graph or delete/save the previous results.
  2. Right-click the Domain entity and select All Transforms -> To DNS Name – NS (name server).

alt text

Identifying the IP Address, Location and Whois

  1. Create a new graph or delete/save the previous results.
  2. Right-click the Website entity and select All Transforms -> To IP address [DNS].
  3. Right-click the IP entity and select All Transforms -> To Location [city, country].
  4. Right-click the Website entity and select All Transforms -> To entities from whois [IBM Watson].

alt text

In conclusion:

Maltego is a powerful tool, you can extract a broad type of information through the network, technologies and personnel(email, phone number, twitter).

By extracting all this information, an attacker can perform different type of malicious activity.

  • The built-in technologies of the server: attackers might search for vulnerabilities related to any of them and simulate exploitation techniques.

  • SOA information: also can be useful for attackers, they can abuse this information to find vulnerabilities in their services and architectures and exploit them.

  • Name Server: attackers can exploit NS using malicious techniques like DNS hijacking and URL redirection.

  • IP addresses: attackers can abuse the IP address by scanning and searching for open ports and vulnerabilities, and thereby attempt to intrude in the network and exploit them.

  • Geographical location: attackers can perform social engineering attacks to leverage sensitive information.