Maltega is a tool for OSINT with robust automation capabilities and even more robust ones - for self-accumulation of nanetalker information in a schematic form. For example, drawing up social graphs or entering links between content fragments found on specific addresses / accounts. In this post, let's see what it allows you to do with pens.
Opening ...
We start by creating a New Graph (ctrl + t or select from the menu).
The nodes of the graphs will be Entities, ie "entities". This is a general name for people, servers, ports, images ... all the resources we might want to contribute. Each can be given a description, and the form for it differs depending on the type of entity. The concept of "essence" is found in almost any osint-software, where there is a possibility of information accumulation.
To the left and to the right of the working field (sheet with the future graph) there are tabs with tools. They open on hover, which is inconvenient, but you can "Dock" them by clicking on the dot.
Selecting entities in the left pane: the Entity Palette tab. They are there divided into groups by topic for greater convenience. By dragging the desired one onto the graph, we can add information: the Property View tab.
Workspace with the desired panels attached
More detailed editing (Entity Details) - double click on the node.
On each node, on hover, a checkbox-bookmark appears, the possibility of a note (double-click on a piece of paper), a pin (needed when ordering the graph).
But these are only nodes, but what about connections? It is enough to drag the mouse from one node to another, and the settings window will open. Here we can create them with different formatting, and different line type / color will indicate a different type of connection: resource ownership, social connection between people, etc. If this is not enough, you can sign links:
This fragment of a large graph is taken from the article "They are not news for you", if anyone has not seen it yet - I advise. A good example of a large-scale reconnaissance sortie. The file with this graph is available for download.
There is also a small Layout panel on the left, it allows you to bring the graph into an elegant form by automatically shuffling the nodes or changing their sizes.
If there are too many nodes, you can use Collections - the Collections tab at the top. Move the slider to the required minimum, after which the nodes (only of the same type!) Will be grouped. And remove the pins from them.
The rest of the panels are related to auto-transforms, so let's not touch them yet.
For the organization
... Is it that simple? Have you mastered it?
Yeah, until the moment of real use in practice.
... And we take on the handles!
For example, I want to illustrate the upcoming post on canal walks in a cart with a graph, and at the same time save what I found. I come across two "entities": these are personal accounts and channels. And in Maltega, these, of course, are not provided. But there is an opportunity to train the Entity Palette (and many other functions, by the way) for yourself.
Find the Entities tab in the top panel and create a New Entity Type by clicking on the bottom half of the button: there is Advanced. I need a person in telegrams, I am satisfied with the properties of the "Person" entity, but I need some more: so, the new Telegram User entity will inherit the existing "Person":
I assign a name, description, label. On the next tab, I can finally set the main property that I am missing. I select the Create a custom main property option:
The sample value at the end is needed to tell the user the recording format desired for this entity. Unique property name - for internal system needs, Property display name - will be in the palette, description - for us. Attention to the Data Type. For the main property, there are only a few of them, but for the rest of the custom ones the choice is huge, you can even pictures and files.
Then you can add more properties, but I don't know what will come in handy yet.
In Advanced Settings there is a feature that will allow you to insert nodes via ctrl + V directly into the graph, and not drag them from the palette by hand. Saves time. This feature is a regular expression (regex). We can describe to maltega what text from the clipboard it recognizes as our new entity. Something like dorks.
For an address in tg via "@", which is convenient to copy from usernames:
I check the regexpal through https://www.regexpal.com, but its syntax is slightly different from Maltege.
If you want to set your own properties by saving: Manage Entities / find your own / click "..." / Additional Properties:
Even an already created entity can be edited, inherited, etc.
And a channel in a TG is addressed in the same way as a person - therefore, I will inherit this entity from my own Telegram User. It will have the same properties, but a different label on the graph.
And here is a piece of the graph with custom nodes while it is at work:
Have you seen the "Palette item" checkbox in Advanced Settings? Some entities do not appear in the palette, but you can include them there by digging into Manage Entities. This happens with the File, for example. A useful element, but disabled by default for some reason.
P.S. Installation of Maltega causes difficulties for many. Yes, it is on Windows. Yes, it's free - choose the Community Edition.
Opening ...
We start by creating a New Graph (ctrl + t or select from the menu).
The nodes of the graphs will be Entities, ie "entities". This is a general name for people, servers, ports, images ... all the resources we might want to contribute. Each can be given a description, and the form for it differs depending on the type of entity. The concept of "essence" is found in almost any osint-software, where there is a possibility of information accumulation.
To the left and to the right of the working field (sheet with the future graph) there are tabs with tools. They open on hover, which is inconvenient, but you can "Dock" them by clicking on the dot.
Selecting entities in the left pane: the Entity Palette tab. They are there divided into groups by topic for greater convenience. By dragging the desired one onto the graph, we can add information: the Property View tab.
Workspace with the desired panels attached
More detailed editing (Entity Details) - double click on the node.
On each node, on hover, a checkbox-bookmark appears, the possibility of a note (double-click on a piece of paper), a pin (needed when ordering the graph).
But these are only nodes, but what about connections? It is enough to drag the mouse from one node to another, and the settings window will open. Here we can create them with different formatting, and different line type / color will indicate a different type of connection: resource ownership, social connection between people, etc. If this is not enough, you can sign links:
This fragment of a large graph is taken from the article "They are not news for you", if anyone has not seen it yet - I advise. A good example of a large-scale reconnaissance sortie. The file with this graph is available for download.
There is also a small Layout panel on the left, it allows you to bring the graph into an elegant form by automatically shuffling the nodes or changing their sizes.
If there are too many nodes, you can use Collections - the Collections tab at the top. Move the slider to the required minimum, after which the nodes (only of the same type!) Will be grouped. And remove the pins from them.
The rest of the panels are related to auto-transforms, so let's not touch them yet.
For the organization
... Is it that simple? Have you mastered it?
Yeah, until the moment of real use in practice.
... And we take on the handles!
For example, I want to illustrate the upcoming post on canal walks in a cart with a graph, and at the same time save what I found. I come across two "entities": these are personal accounts and channels. And in Maltega, these, of course, are not provided. But there is an opportunity to train the Entity Palette (and many other functions, by the way) for yourself.
Find the Entities tab in the top panel and create a New Entity Type by clicking on the bottom half of the button: there is Advanced. I need a person in telegrams, I am satisfied with the properties of the "Person" entity, but I need some more: so, the new Telegram User entity will inherit the existing "Person":
I assign a name, description, label. On the next tab, I can finally set the main property that I am missing. I select the Create a custom main property option:
The sample value at the end is needed to tell the user the recording format desired for this entity. Unique property name - for internal system needs, Property display name - will be in the palette, description - for us. Attention to the Data Type. For the main property, there are only a few of them, but for the rest of the custom ones the choice is huge, you can even pictures and files.
Then you can add more properties, but I don't know what will come in handy yet.
In Advanced Settings there is a feature that will allow you to insert nodes via ctrl + V directly into the graph, and not drag them from the palette by hand. Saves time. This feature is a regular expression (regex). We can describe to maltega what text from the clipboard it recognizes as our new entity. Something like dorks.
For an address in tg via "@", which is convenient to copy from usernames:
Code:
^ @ [a-z0-9 _] {3,15}I check the regexpal through https://www.regexpal.com, but its syntax is slightly different from Maltege.
If you want to set your own properties by saving: Manage Entities / find your own / click "..." / Additional Properties:
Even an already created entity can be edited, inherited, etc.
And a channel in a TG is addressed in the same way as a person - therefore, I will inherit this entity from my own Telegram User. It will have the same properties, but a different label on the graph.
And here is a piece of the graph with custom nodes while it is at work:
Have you seen the "Palette item" checkbox in Advanced Settings? Some entities do not appear in the palette, but you can include them there by digging into Manage Entities. This happens with the File, for example. A useful element, but disabled by default for some reason.
P.S. Installation of Maltega causes difficulties for many. Yes, it is on Windows. Yes, it's free - choose the Community Edition.
