A tool like Maltego just might put this Google Hacker out of business..

- Johnny Long (johnny.ihackstuff.com)

Mining the Internet is tough, slow and dirty work, but with Maltego, I find I need to hold back. It's far too easy to dig too far too fast. Some things are better left undiscovered.

- Johnny Long (johnny.ihackstuff.com)

Maltego is a one-stop resource for carrying out foot-printing and passive analysis.

- Kevin Orrey (vulnerabilityassessment.co.uk)

"Maltego is a new breakthrough in information gathering tools."

- Iain (Lifedork.com)

"(Maltego) might prove to be a lucrative offering for those with a hankering for customized and controlled intelligence gathering."

- Joe Barr (linux.com)

The ease with which you can dig deep into a Website, identity, e-mail address, IP address, and domain name is awesome."

- John Sawyer [DarkReading]

Maltego's open source intelligence software brings data mining to the massses."

- Taylor Buley [Forbes]

Mining the Internet is tough, slow and dirty work, but with Maltego, I find I need to hold back. It's far too easy to dig too far too fast. Some things are better left undiscovered."

- Johnny Long

Maltego GUI is off-the-freaking-chain."

- Dmitry Chan [Securiteam]

This is how to empower organizations to manage todays open source data gathering and processing challenges."

- Ollie Whitehouse

I wish to commend you on such a good resource as Maltego. I am making very good use of it as I find it AMAZING for my botnet/malware/malicious network research."

-Andre' M. DiMino [Shadowserver]

(Maltego is) one of the most extensible, innovative and frankly awesome tool that a tester MUST know about and be able to use effectively."

- Kevin Orrey [vulnerabilityassessment.co.uk]

Maltego has loads of features that help the enumeration process quite a lot."

- PDP

(Maltego) is worth taking for a test drive whether you're a pen tester or just someone responsible for securing your company's IT assets."

- John Sawyer [Dark Reading]

It's an example of open source intelligence gathering and analysis at its best."

- Ollie Whitehouse

Maltego and Twitter!
Friday, 20 February 2009 02:00

Some time ago we decided it would be cool to play with the Twitter API in Maltego. As such we created a couple of transforms that uses the Twitter API. As a start we’ve created a ‘Phrase to Tweets’ transform – where the transform will search on Twitter for Tweets containing the phrase. This is really easy to use – simply drag a phrase entity from the palette, change it to whatever you are interested in, right click and run the ‘ToTweets [Search Twitter]’ transform. In our case we were looking at the word ‘Maltego’ and the graph ended up looking like this:

Notice how the ‘Detail View’ section is showing more detail on the actual entity.

Next we can choose to examine all Tweets and parse them all for links. The transform will automatically expand the ‘tiny’ URLs to their final destination. To do this we select all the Tweets and run the ‘To URL [Found in Tweets]’ transform on them all. Taking this to ‘edge weighted view’ we can easily see which URLs are more prominent:

The blue blobs are URLs, the green ones are Tweets. We could of course choose to take these URLs to websites to get a better overview:

Another interesting transform is finding out who people wrote to, and who writes to these people. Let’s start with the previous graph. We’ve accumulated a couple of Tweets found to contain the word ‘Maltego’. Let’s see who wrote these Tweets by selecting all the Tweets and running the ‘To Twitter Affiliation [Convert]’ on it:

Wow – we even get their profile pictures from the Twitter site! Now that we have the Twitter affiliation entity we can start playing with it. Let’s assume we want to see who ‘Chris Gates’ is talking to on Twitter. We copy the entity and paste it into a new graph. Next we run the ‘[this person wrote Tweets to ?]’ transform. You’ll notice a small delay as Maltego is downloading all the profile pictures:

Notice that the entities have weights above them – this is an indication of how many times Chris has spoken to them (the Twitter API holds 4 months of data, and the transform only get’s a maximum of 100 Tweets not to abuse their system).

Of course, we can now see who Jennifer speaks to:

From the graph it becomes clear that Chris and Jennifer have spoken to common people on Twitter– the list is shown on the right hand side of the graph.

Of course – we don’t need to only look at a single entity at a time, we can select all the people Chris spoke to (or in fact people that spoke to him) and build a huge graph. And we can repeat the process over and over – building a graph of ‘friends of friends of friends’. Once we have this graph it becomes interesting to view it in ‘Edge weighted View (EWV)’ – e.g. seeing which of the people are central to the group. The following graph looked at people that spoke to Johnny Long, the people that spoke to them, and the people that spoke to those people (in EWV):

It looks a bit hectic, so what we’ll do is go back to mining view, choose organic layout, and cut out the core. Now it looks like this:

Again – you’ll see that we’ve only highlighted the ‘core of the core’ – names appear on the right.

As an interesting experiment we took these names, and ran them through the Technorati API to see what blogs these people appeared on. So – if you want to hang out with the IT security people that are most connected on Twitter – there’s your list of blogs to visit (oh – I filter on the term ‘sec’ to do a rough filter):

Below in EWV:

Hope this was interesting…and let us know what interesting graphs you’ve made!

Regards,

RT

PS: these transforms are available on the commercial transform application server and will become available on the community edition server soon.