A tool like Maltego just might put this Google Hacker out of business..

- Johnny Long (johnny.ihackstuff.com)

Mining the Internet is tough, slow and dirty work, but with Maltego, I find I need to hold back. It's far too easy to dig too far too fast. Some things are better left undiscovered.

- Johnny Long (johnny.ihackstuff.com)

Maltego is a one-stop resource for carrying out foot-printing and passive analysis.

- Kevin Orrey (vulnerabilityassessment.co.uk)

"Maltego is a new breakthrough in information gathering tools."

- Iain (Lifedork.com)

"(Maltego) might prove to be a lucrative offering for those with a hankering for customized and controlled intelligence gathering."

- Joe Barr (linux.com)

The ease with which you can dig deep into a Website, identity, e-mail address, IP address, and domain name is awesome."

- John Sawyer [DarkReading]

Maltego's open source intelligence software brings data mining to the massses."

- Taylor Buley [Forbes]

Mining the Internet is tough, slow and dirty work, but with Maltego, I find I need to hold back. It's far too easy to dig too far too fast. Some things are better left undiscovered."

- Johnny Long

Maltego GUI is off-the-freaking-chain."

- Dmitry Chan [Securiteam]

This is how to empower organizations to manage todays open source data gathering and processing challenges."

- Ollie Whitehouse

I wish to commend you on such a good resource as Maltego. I am making very good use of it as I find it AMAZING for my botnet/malware/malicious network research."

-Andre' M. DiMino [Shadowserver]

(Maltego is) one of the most extensible, innovative and frankly awesome tool that a tester MUST know about and be able to use effectively."

- Kevin Orrey [vulnerabilityassessment.co.uk]

Maltego has loads of features that help the enumeration process quite a lot."

- PDP

(Maltego) is worth taking for a test drive whether you're a pen tester or just someone responsible for securing your company's IT assets."

- John Sawyer [Dark Reading]

It's an example of open source intelligence gathering and analysis at its best."

- Ollie Whitehouse

PTTAS
Monday, 04 August 2008 02:00

While Maltego was never a pen testing / assessment tool there has been more than enough people asking for transforms that will do things like portscans, banner grabs and vulnerability checking.  With the guys from Offensive Security  doing a training course at Black Hat Las Vegas and having a nice Maltego section in the training we figured it would make sense to give them something more to show. Thus was born the PTTAS – a PenTesting Transform Application Server.

PT TAS

The PTTAS hosts the following transforms:

_To Website Title: Useful when you have 400 web servers and you need to know what’s running on them. We’ve done this with Python and Mechanize – so it follows redirects, meta redirect and with some encouragement – Javascript redirects. On the final page it shows the title of the web page. Input is WebsiteEntity, output is WebtitleEntity

_To Website – SSL info (where open): Again – with a densely populated network is good to know what names the servers has. Used in conjunction with portscan. Input is IPAddressEntity, output is WebsiteEntity.

_To Webdir (Directories found using SE): This transform lists all the directories found on a web site – and does so by looking at data that’s available on the Internet. In time a brute force directory checking transform will follow this up – meaning you can look for directories that should not have been there. Output is WebdirEntity.

_To Vuln (Nessus): Using Nessus 3.2 we allow for the running for a list of NASLs against the target. You populate the NASL IDs and the server will handle the depedancies. Output is a VulnEntity.

_Do Portscan: Performs a portscan with a list of ports configured in the transform. You can scan for 80 only, or for a entire list of ports. Transform uses Nmap to perform the actual scan. Can be used on a Netblock Entity or a single IPAddress Entity.

_To Service (from portscan): Once you have the ports you can figure out what’s running there. Output is ServiceEntity which contains the banner and the port – input is IPAddressEntity.

_To Ports (dump),_To Banner (dump): Dumps ServiceEntity to port and banner. Useful to see different ports and banners on a graph. By selecting parents and grandparents you get to see what IPs are open on what ports, or which IPs are running what service.

As there are a couple of new transforms we needed to also have a couple of new entities: PortEntity, BannerEntity, VulnEntity, ServiceEntity, Webdir Entity, Webtitle Entity. Screenshots (and perhaps even some video) will follow.

Due to the nature of this TAS we cannot host it on the public server. However – it this interest you feel free to contact us – we would be glad to supply you with a solution.

Regards,

RT