WEBVTT 00:00.290 --> 00:02.600 In this video we're going to take a look at Maltego. 00:02.630 --> 00:10.580 Maltego is another crawling tool and it's pre-installed into our version of CSI Linux. 00:10.790 --> 00:17.180 Maltego is generally regarded as one of the best tools out there for open source intelligence and reconnaissance, 00:17.180 --> 00:19.040 so let's take a look at it. 00:19.520 --> 00:25.250 So in my CSI Linux instance here, and we can see this little circle here with the three circles. 00:25.580 --> 00:27.650 I'm going to open that up here. 00:29.980 --> 00:32.680 And there's a couple different versions of Maltego. 00:33.040 --> 00:36.790 Now the one we're going to use is the free version, the C. 00:37.480 --> 00:44.350 Um, there's also paid versions and there's, uh, case study and a few other tools. 00:44.350 --> 00:49.420 But again, we're going to be using the free C version for this. 00:49.930 --> 00:54.580 And if you're doing heavier scans you'll probably want to pay for a license. 00:54.580 --> 00:59.680 However the the community edition works pretty well for most scans. 01:00.360 --> 01:05.940 And also you can end up paying for some of the modules, which we'll take a look at momentarily. 01:06.300 --> 01:08.880 Now for Maltego, you will need to sign up for an account. 01:08.880 --> 01:12.480 I already signed up and signed in to save a little bit of time. 01:12.480 --> 01:18.120 I'm going to accept the agreement here and it looks like it signed me out. 01:18.120 --> 01:19.530 Somebody signed in real quick. 01:37.270 --> 01:40.000 Okay, let's see if that works. 01:40.660 --> 01:41.860 Incorrect capture. 01:53.010 --> 01:55.170 Okay, now let's try that again. 01:56.370 --> 01:58.380 Capture was incorrect. 02:24.380 --> 02:30.770 Okay, so never a big fan of captchas, but they are what they are. 02:30.770 --> 02:32.570 So we're signed into Maltego. 02:32.600 --> 02:35.360 I'm going to click next and finish. 02:35.360 --> 02:36.710 I'm going to leave that default. 02:37.470 --> 02:43.950 Now, once you finally log in to your version maltego you, it'll ask you do you want to? 02:44.850 --> 02:46.440 Uh, start a new version. 02:46.440 --> 02:47.010 Do you want to. 02:47.040 --> 02:48.690 Do you want to go through tutorial? 02:48.690 --> 02:51.780 Do click the bottom option where it says, I've done this before. 02:51.780 --> 02:54.600 Leave me alone because we're going to go through this now. 02:54.600 --> 02:56.790 Maltego uses what's called transforms. 02:56.790 --> 03:02.220 And if we scroll down here, we can see all these different modules here that we could use DNS twist. 03:02.220 --> 03:03.900 We could see the standard transform. 03:03.900 --> 03:05.820 Some of these are going to be installed. 03:05.820 --> 03:06.900 Some won't. 03:07.380 --> 03:10.860 If you mouse over here you can see uninstall or install. 03:12.550 --> 03:19.720 And they had some really cool stuff in here, like alien vault, case file entities, uh, census cipher, 03:19.720 --> 03:26.410 CrowdStrike, Intel and some of these are paid, some are subscription and some are free also. 03:27.070 --> 03:31.660 And some are going to require API keys for you to put in there. 03:32.110 --> 03:35.560 So we're going to leave it pretty much default for now. 03:36.720 --> 03:40.620 Uh, if you want to install more stuff later, you're more than free to. 03:41.310 --> 03:45.510 And there's a lot of cool stuff in here, like Google Maps geolocation. 03:45.510 --> 03:48.450 I'm going to click install so you can see how it installs. 03:48.450 --> 03:49.440 It's pretty simple. 03:49.440 --> 03:53.100 Once you click on it you can see information about it. 03:53.100 --> 03:55.590 So that's the details I'm going to click install. 03:55.590 --> 03:57.750 Do you want to install this I'm going to say yes. 03:57.750 --> 04:02.700 And if it needs additional information it'll ask you you know what's a API key. 04:02.730 --> 04:04.020 What's this or that. 04:04.260 --> 04:06.600 But in general it's pretty easy. 04:06.720 --> 04:09.990 So let's go ahead and create a train. 04:10.080 --> 04:11.940 Uh, set up a scan here. 04:11.940 --> 04:17.040 So on the upper corner here we can see this create new graph I'm going to click on that. 04:20.050 --> 04:20.590 Okay. 04:20.590 --> 04:23.560 And by default we can see a lot of different things in here. 04:23.560 --> 04:28.060 And Maltego did some big updates since the last time I really used it. 04:28.900 --> 04:33.700 Uh, one of which they put a lot of cryptocurrency stuff in here so we could search by Bitcoin cash 04:33.700 --> 04:42.640 address, uh, Bitcoin cash block, block height, cash transaction, Bitcoin address, cryptocurrency 04:42.640 --> 04:45.850 dog coin, Ethereum like coins. 04:46.750 --> 04:52.270 If we scroll down to here we could do conversation by emails phone dates incidents. 04:53.180 --> 04:59.210 We can look by organizations, Netblock, CVS, DNS names, domains. 04:59.210 --> 05:01.730 So a lot of really cool stuff in here. 05:01.730 --> 05:05.900 And you just need to kind of scroll through here and find what you want to do. 05:07.940 --> 05:11.990 And we see build within here and email address. 05:11.990 --> 05:15.170 So let's take the email address to use. 05:15.170 --> 05:18.170 I'm just going to click it and drag it here. 05:18.320 --> 05:20.390 And there's our transform. 05:20.390 --> 05:32.000 So if I click on here I'm going to just change this to some generic name John Doe at gmail.com I'm going 05:32.000 --> 05:33.080 to click okay. 05:33.080 --> 05:40.010 And if I right click this you can see Extract properties find Entity properties person from email address 05:40.010 --> 05:45.440 related email addresses machines and depending how many modules you have installed here, this list 05:45.440 --> 05:46.580 is going to expand. 05:46.580 --> 05:49.340 So I'm just going to click on all transforms. 05:49.610 --> 05:52.310 And it's going to ask you some of the required inputs. 05:52.310 --> 05:57.470 I'm just going to click remember I'm going to leave everything default and click okay. 05:57.680 --> 06:01.730 And we can see down in here it's actually outputting information here. 06:06.170 --> 06:06.770 Okay. 06:06.770 --> 06:12.080 And as we see from this email address is beginning to find different things. 06:12.080 --> 06:13.760 There's a Gmail account here. 06:13.760 --> 06:20.030 There's another Gmail account here that looks like it's linked to, and we could see different. 06:20.030 --> 06:24.440 John Doe relates back to there we see John Gotti. 06:25.830 --> 06:28.860 And you could do relationship details on here. 06:30.330 --> 06:37.980 See if there's any looks like that that person has a John Doe Gmail and so on and so forth. 06:37.980 --> 06:41.730 So we could either zoom in or use the mouse wheel, zoom out. 06:41.940 --> 06:43.560 If there's additional things. 06:43.560 --> 06:49.950 We want to look at things like this one here we could right click on this. 06:49.950 --> 06:53.940 And we could do all transforms again and again. 06:53.940 --> 06:58.980 Depending on which modules we have here, we could potentially find social media accounts. 06:58.980 --> 07:01.830 We could find uh Bitcoin addresses. 07:01.830 --> 07:05.220 Start tracking that Bitcoin word's going. 07:05.250 --> 07:08.640 We could find uh files related to websites. 07:08.640 --> 07:09.900 We put a website in there. 07:09.900 --> 07:13.140 Or if that email ties to a website, we could potentially find that. 07:13.140 --> 07:20.130 Also, if you tie in the social media account, uh, modules, we can start finding social media accounts 07:20.130 --> 07:21.540 tied to this email. 07:21.540 --> 07:30.120 But again, this is just a very basic, uh, look at, at, uh, how how, uh, maltego works. 07:31.320 --> 07:33.240 So it's a really cool program. 07:33.240 --> 07:37.980 And again, once it finds something of interest, you just need to right click on it. 07:37.980 --> 07:44.550 And then you could do all transforms or you can start picking which transforms you want to run Dateline 07:44.550 --> 07:47.880 DNS, email address within the properties, etc.. 07:48.420 --> 07:53.010 And once you have all the information that you want, you always can export this stuff out too. 07:53.340 --> 07:59.730 So if I click up here on this, on the image here, I can do export and I can export as a configuration 07:59.730 --> 08:00.690 entities. 08:00.690 --> 08:08.190 Uh, a graph table exported the image export as XML, I can generate a PDF report, etc.. 08:08.190 --> 08:10.740 So really handy program. 08:11.790 --> 08:18.330 Again it's it just makes things a lot easier using something like Maltego to define all these different 08:18.330 --> 08:18.990 relations. 08:18.990 --> 08:22.020 And you can see the arrows how it points in different relations. 08:23.370 --> 08:29.370 And, uh, I would recommend taking a look at modules that you want to start using in Maltego. 08:29.370 --> 08:34.260 Again, you probably going to have to pull some API keys, which they'll walk you through. 08:34.260 --> 08:36.030 Where to get the API keys. 08:36.030 --> 08:38.760 Certain API keys are free, like Shodan. 08:38.760 --> 08:44.490 Certain ones you will have to pay for, and some of them you will have to jump through some hoops to 08:44.490 --> 08:44.940 get it. 08:44.940 --> 08:47.580 Like the Flickr API. 08:47.730 --> 08:54.060 It asks you some questions and why you want the API key and you have to explain yourself to them. 08:54.060 --> 08:57.990 But all in all, really useful tool. 08:57.990 --> 09:02.070 You could also use some of the modules that are paid like PayPal. 09:02.460 --> 09:08.430 Um, fantastic program for uh name enumeration people enumeration. 09:08.430 --> 09:13.500 So again, depending on what your use case are, you might be able to get with the free version. 09:13.500 --> 09:19.890 You might get away with using the API keys or new API keys, or if you get really serious and this is 09:20.070 --> 09:21.690 this really works out for you. 09:21.690 --> 09:27.120 You may want to start considering purchasing some of the additional entities, uh, or modules that 09:27.120 --> 09:29.400 make going to make your life a lot easier. 09:29.400 --> 09:31.560 Again, this is Maltego Community Edition. 09:31.560 --> 09:34.980 This is built into CSI Linux right down here on the bottom. 09:34.980 --> 09:36.000 Thank you for watching. 09:36.000 --> 09:37.170 I'll see you in the next video.