Open source intelligence tools for pen testing

Private Eye

Accounts, Machines, and Transforms

On first starting Maltego, you need to create an account, which you will have to log in to for every use (Figure 7). In this case, I am using the Community account, which is free. Many professional pen testers purchase an upgraded account.

Figure 7: Logging in to Maltego.

Once you've logged in, you can then begin a scan using any number of Machines (Figure 8). A machine is basically a type of scan. Two that I have used are the Company Stalker and Twitter Digger X . With the Company Stalker machine, you simply select it, enter the domain of a company that has authorized you to conduct a scan, and click Run .

Figure 8: Maltego machines.

Social Media and Maltego

The vast majority of security incidents begins with social engineering. Similarly, authorized pen testers use automated tools to cull information from social media sites, including Twitter. The Twitter Digger X machine, for example, allows you to trace and investigate any Twitter account.

Figure 9 shows the result of my own Twitter conversations. Using information gathered from these conversations, attackers could craft effective social engineering campaigns, because they now know my particular interests. An attacker could begin a profile that helps engage in spear phishing and whaling campaigns, for example.

Figure 9: Profiling social media (Twitter) with Maltego.

Notice the NCSL icon at the bottom left of the figure. The castle denotes an authoritative DNS domain. Additional icons show different tweets. The yellow icons indicate key words that can be used to obtain more information about the subject being profiled.


In Maltego, a transform is a method used to map a particular network protocol (e.g., a DNS MX record) to a particular user. As with any useful program, you can use predefined transforms or create your own. Figure 10 shows a picture of Maltego's Transform Manager.

Figure 10: The Maltego Transform Manager.

If you click on the Transform Servers tab, you can then specify the Shodan API key you generated. Your subsequent scans will contain additional information about the domains and accounts you scan.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=