People
Real humans and their online masks.
- > Names
- > Email Addresses
- > Phone Numbers
Maltego: Information Gathering
Visualizing relationships for intelligence gathering.
OSINTOSINTSecurityIntelligence
Learn how to perform open-source intelligence (OSINT) and visualize complex data relationships.
getbetterat.work
TOOL GUIDE
Connect
The Dots.
Think of a detective movie. The detective has a big board on the wall. They pin up pictures of suspects and tie red strings between them to show how they connect. Maltego is that board, but inside your computer.
Start the Investigation
MALTEGO
Why Use A Map?
The Hard Way
Reading a long list of 1,000 email addresses is very hard. It is boring. Your brain cannot see the patterns. You might look at the list for hours and learn nothing.
The Easy Way
Looking at a picture is easy. If you see one circle connected to 50 other circles by thick lines, you instantly know what is important. Maltego turns boring words into clear pictures.
The Puzzle Pieces
Every map needs points. In Maltego, these points are called Entities. An entity is just a piece of a clue. Here are the main types of clues you can find:
Websites
Places on the internet where data lives.
- > Web Names (Domains)
- > Links (URLs)
- > Social Media Pages
Computers
The machines that run the internet.
- > IP Addresses
- > Server Names
- > Networks
Dangers
Bad things that can cause harm.
- > Viruses
- > Fake Files
- > Scams
The Magic Button
In Maltego, you start with one single clue. You right-click it and choose a Transform. A transform is a search tool. It takes your one clue, searches the internet, and brings back new clues that are connected to the first one. Let's look at how it grows.
STEP 1: THE START
One Email Address
CLICK "TRANSFORM"
STEP 2: THE RESULT
Three New Clues Found!
A Real Story: Catching a Fake
How do people actually use this? Let us pretend we are trying to find out who made a bad website that steals passwords.
1
The Bad Website
We start with a clue. We put the fake website name (like "stealyourpassword.com") into our map.
2
Find the Computer
We click a button to ask: "What computer runs this website?" Maltego draws a line to a new box showing an IP Address.
3
Find the Buyer
We click the IP Address and ask: "Who pays for this computer?" Maltego searches records and gives us a name: "John Doe".
4
Got Them!
Now our map shows a clear path from the bad website, to the computer, right to the real person. The mystery is solved.
Where Does The Info Come From?
Maltego does not hack or break into secret files. It only looks at things that are already public. It is like an extremely fast librarian that reads the whole internet for you.
Public Records
Lists of who owns what website, company names, and public phone books.
Social Media
Public profiles, public posts, and connections people share openly.
Security Lists
Lists made by good guys that track known bad websites and viruses.
Who Needs This Tool?
The Police
Law enforcement uses it to build maps of criminal gangs, showing who talks to who.
Cyber Guards
Security teams use it to see if their company's computers are safe or if hackers are attacking them.
News Reporters
Journalists use it to uncover hidden facts and prove who is secretly paying for fake news.
Inside the Screen
When you open the program, the screen is broken into three simple parts.
1. The Palette
This is the menu on the side. It has a list of all the different puzzle pieces you can drag onto your screen.
2. The Graph
This is the big blank space in the middle. This is where you draw your map and connect the dots.
3. The Details
This is a small box that shows you the exact words and numbers behind the picture you clicked on.
Play By The Rules
Because this map-making tool is very powerful, you must use it properly. Do not spy on regular people for fun. Do not use it to bully or hurt others. Only use it to stop bad things, learn, and solve real problems safely.
Where Did It Come From?
Made in South Africa
A group named Paterva built this tool in 2007. They realized that security guards and computer experts had too much data to read. They decided to invent a visual board to make hunting bad guys easier. Today, it is used all over the world.
How To Put It On Your Computer
Maltego is not a normal website. It is a big program you have to download and install on your machine.
Windows
Works on standard Windows PCs. The most common way people use it.
Mac
Works on Apple computers. You just download the Mac file.
Linux
Used by hackers and security teams. Often comes pre-installed on special hacker computers (like Kali Linux).
IMPORTANT: It requires a helper
program called "Java" to run. It will tell you if you need it.
Free Version vs. Paid Version
Community Edition (Free)
- Costs zero dollars.
- Great for learning at home.
- Only shows a maximum of 10,000 dots on a map.
- Cannot be used to make money for a business.
Pro & Classic (Paid)
- Costs thousands of dollars.
- Made for police and big security teams.
- Can show 1,000,000 dots on a giant map.
- Access to extremely secret and fast searches.
VIP Passes (API Keys)
Maltego is like a smart detective, but it doesn't know everything itself. It has to call other big databases on the phone and ask them for clues.
The Locked Door
Many databases will say, "Who are you? I will only give you clues if you have a special password." This password is called an API Key.
You have to go to those database websites, sign up, get your long messy secret code (like:
1A2B3C4D5E), and paste it into Maltego's settings. Once you do that, the locked
door opens, and Maltego can pull clues from that specific website automatically.
Let The Robots Work
What are Machines?
Imagine you have 100 email addresses. If you have to click "Search" on every single one, your hand will hurt, and it will take all day.
Maltego has a feature called Machines. These are little robots you can turn on. You give the robot the 100 emails, press "Start", and the robot clicks the search buttons for you rapidly. You just sit back and watch the map build itself.
Cleaning Up The Mess
When you find hundreds of clues, your screen will look like a messy spider web. You won't be able to read anything. Maltego has instant "clean up" buttons called Layouts.
1. The Tree View
Makes the map look like a family tree. One clue at the top, branching down to the bottom.
2. The Circle View
Puts the most important clue directly in the middle, and rings all the other clues around it in circles.
3. The Block View
Stacks all the clues together in perfect little square boxes so they take up less space on your screen.
Saving Your Map
When your detective work is done, you cannot just leave it on the screen. You must save it so you can show your boss or your team. Maltego lets you export your work in simple ways:
- Save as a Picture: Takes a giant photograph of your map (JPG or PNG).
- Save as a PDF Report: Automatically writes a neat document showing the most important clues it found.
- Save as a List (CSV): Turns your picture map back into a boring spreadsheet list, if you need to put it into Excel.
Working Together Live
If you buy the expensive professional version, you don't have to work alone. You and a friend in another country can log into the exact same map. If you drag a box on your screen, your friend sees the box move on their screen instantly. You can fight the bad guys as a team.
The Number One Mistake
"Dot Explosion"
The biggest mistake beginners make is asking for too much data at once.
For example, if you put "google.com" on your map, and you tell Maltego: "Find every single website connected to Google."
Maltego will try to draw 100,000 dots on your screen all at the exact same time. Your computer will freeze, crash, and shut down. Always start with tiny, specific searches.
Your First Homework
Reading is not enough. You must practice. Install the free Community Edition and try these two safe tasks today:
1
Map Yourself
Put your own email address on the blank map. Click the search button. See what public websites your email is connected to. You might be surprised.
2
Find The Server
Drag a "Website" piece onto the board. Type in the name of a
big public company (like apple.com). Run the search to find the exact IP
Address number of their computers.
Quick Cheat Sheet
NODE
A single dot or clue on your map (like one
name).
LINK
The line connecting two clues together.
TRANSFORM
The search tool you click to find new connected
clues.
GRAPH
The entire big picture showing all your dots and
lines.
OSINT
"Open Source Intelligence". Finding facts from
public places.
More in this series
Master more skills with other tutorials from the OSINT series.
Web Security
- SQLmap: Database Takeover: Automatic SQL injection and database exploit.
- BeEF: Browser Exploitation Framework: Assessing the security of web browsers.
- Nikto: Comprehensive Web Scanner: Identify server vulnerabilities and misconfigurations.
- DIRB: Web Content Scanner: Analyze web server directories and files.
- Gobuster: URI and DNS Buster: Discover hidden paths and subdomains.
- Burp Suite: Web Security Testing: The standard for web application security.
Networking
- Responder: Network Poisoning: Exploiting Windows network services.
- Ettercap: MITM Attacks: Sniffing and dissecting network traffic.
- Netcat: The Swiss Army Knife: Read and write data across network connections.
- Wireshark: Protocol Analysis: Uncovering the secrets of network traffic.
OSINT
- Maltego: Information Gathering: Visualizing relationships for intelligence gathering.
Wireless
- Kismet: Wireless Discovery: Sniffing and monitoring wireless networks.
- Aircrack-ng: Wireless Security Auditing: Assessing the security of WiFi networks.
Cryptography
- Hashcat: Password Recovery: The world's fastest password cracker.
- John the Ripper: Password Cracking: The fastest way to test password strength.
Forensics
- Autopsy: Digital Forensics: Uncovering digital evidence and recovering files.
Security
- Hydra: Login Cracker: A very fast network logon cracker.
- Metasploit: The Exploitation Framework: Mastering vulnerability assessment and exploitation.
- Nmap: Network Exploration and Security Auditing: The essential guide to scanning and mapping networks.