Maltego is an awesome tools that uses the power of machines to gather information and display it in a format conducive to the human eyes pattern spotting. Maltego is based around entities (email address, domain name, person, phone number, etc) and transforms (queries) to pull information and match up the connections. Tcpdump -vttttnnelr example.pcap tcpdump2csv.pl 'sip dip dport' example.csv To integrate the pyCSV local transforms with your Maltego instance: 1. Click Tools, then Manage Transforms. Click New Local Transforms. Define the Display name as the name of the local transform. Example: GetSourceClients 4. Each transform must map to an entity.
Maltego is an open source intelligence and forensics application. It will offer timous mining and gathering of information as well as the representation of this information in a easy to understand format. Local transforms are pieces of code that run on the same machine which the client application is.Ref:How we can write our own Local Transform, here is the step-by-step guide for beginner.Run the Maltego Python Code ( Ref: codes are adapted from 'Lookingglass' so as to start up more easily.
(not all the codes will be used in the sample files)1. Download the, it contains 3 files:- MaltegoClass.py- MaltegoTransform.py- vxicon.pngputting them into the same directory.2.
MaltegoClass.py contains the EntityType, MaltegoEntity and MaltegoTransform, which are the basic classes for the Local Transform in Maltego.Here we add our own EntityType, my.Input and my.Output, which will be used for creating a new Entity later.
Maltego Windows
Maltego’s flexibility when it comes to integrating external data has resulted in many data vendors choosing to use Maltego as a data delivery platform for their users. The Transform Hub is built into each Maltego client and allows Maltego users to easily install transforms built by different data providers. The Transform Hub is divided between commercial and community (free) transforms.Below you will find details about the various transform providers that are currently available in the community and commercial Transform Hubs. The Farsight Security DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with realtime and historical DNS intelligence; also known as passive DNS data. Using the DNSDB transforms, for example, users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types including domains, IPs, NX, MX, AAAA, SOA and many more. Cryptocurrency forensics and intelligence providing detailed attribution, transaction risk scoring for Bitcoin investigations, and anti money laundering (AML) compliance. CipherTrace leverages open and closed source blockchain attribution, as well as machine learning and multi-input clustering algorithms in order to visualize actionable intelligence and help comply with cryptocurrency regulations.
You can try for free. Get quote at to remove transform limits.Please take note that Free Use has been suspended until further notice. Please register for a free trial here:you require further information, please send an email to: info@ciphertrace.com.Provider:CipherTraceWebsite:Email Address. Threat Grid performs dynamic analysis of hundreds of millions of samples per year, indexing the indicators (Domain, IP, URL, Hash, Mutex, File Path, etc) from each analysis.
These transforms leverage the Threat Grid REST APIs to enable you to quickly fetch that information and map out the relationships between samples and indicators, discover new infrastructure used in a campaign, pivot from network indicators to host indicators during an incident to help remediate faster, and more.Provider:Cisco Threat GridWebsite:Email Address:Pricing:Free to use for existing Threat Grid customers. To become a new customers please contact your Cisco sales representative or fill out the form here: https://cs.co/maltego. Pivots and data you won't find anywhere else:Historical IP hostname relationshipsHistorical soaemail, ip and domain whois email relationshipsMalware hashes DomainsSubdomain lists per DomainNameserver DomainsNameserver IP/CIDRSupports ipv6 and ipv4Free API key to test and see number of results.
Free API key upgrade tomore results, paid upgrades for maximum results.Pricing starts at $300/mo per seat, for more information please visit Address. SocialNet maps social media connections with data from 70+ socialnetworks using 700+ transforms.
Query by email address, aliases, phonenumbers, or names to visualize 1 to 1 correlations, multiplerelationships and networks into the thousands of records. Established in2011, and based in the US, SocialNet is a robust, reliable, and securetool for social media investigations.
We offer three different pricingmodels. GSA purchases now available.Provider:ShadowDragonWebsite:Email Address:Pricing:PAID. We have made several integrations with well-known sources and hope that they will be useful to many users.You can always find details about current and ongoing transformations on our website (Resources menu section), as well as full version information.We believe that the links between people, events, companies are no less important than the connections between the elements of the network infrastructure (IP-addresses, domains).Our company is always open for all forms of cooperation, both with other companies and private individuals.Provider:SocialLinksWebsite:Email Address. This seed provides the following transforms, powered by ThreatCrowd.org:- Enrich domains and IPs to historical dns resolutions and connecting malware- Enrich MD5 hashes of malware to command and control domains and IP addresses- Enrich the names of malware detections to the MD5 hashes of malware samples= About =I make no guarantees as to the availability or veracity. All access to the server is logged.= Do you offer a private API? ThreatCrowd is a non-commercial site and there is no-private API. If you would like any extensions to the current API, please e-mail me at threatcrowd@gmail.com and I will see if I can extend it for all users.
= Further Details = Please drop me a line on threatcrowd@gmail.com, @threatcrowd or @chrisdoman= Help =For help please see Address:Phone Number:Rather email. A powerful collection of transforms proving superior results on Phone Numbers, Cell Phone Numbers, Name Searches, email addresses, and more allowing quick coverage in the USA for most of the population.Use your PhoneSearch API key to gather information, uncover data not found on the Internet on free searches, real names, social media links, find related persons, addresses, and much more in a few clicks.The PhoneSearch.us website is being used by thousands of Law Enforcement in the US to look up phone numbers in time sensitive matters. Now available for your Transform-Searches.Provider:PhoneSearchWebsite:Email Address:Phone Number:1-858-367-9123Pricing:$3 per Transform. These transforms extend the rich domain name dataset and powerful pivot capabilities of DomainTools Iris to the Maltego graph.
Domains yield Whois, DNS, web crawl and SSL data, with dynamic properties to show risk and highlight useful pivots. An extensive set of transforms then operate on IPs, identities, SSL hashes, hostnames, and more to deliver matched domain names from the Iris dataset directly to the graph. Researchers can also bring an Iris search directly to Maltego, as a search hash, and then data from other transform sets to their Iris investigation.Provider:DomainToolsWebsite:Email Address:Pricing:DomainTools Iris Transforms for Maltego are available for qualified enterprise customers and are linked with an interactive Iris membership.
Contact us to obtain an API key and start using the transforms today. PeopleMon system provides the user interface layer for viewing the person profile report of persons of interest. Using the data aggregated by a government agency’s data integration platform which captures data from various sources, Transform system creates a comprehensive profile of the person of interest. Transform System is the layer that presents the aggregated data and the analytical reports, dashboards and charts into useful and understandable information to the end-users. PeopleMon system allows an organization to gather, compile and collate information from various sources to create a comprehensive profile of a “person of interest”. It works on top of, and as a user interface layer for tools that perform data capture, data aggregation, and integration.Provider:People MonWebsite:Email Address.
The Farsight Security DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with realtime and historical DNS intelligence; also known as passive DNS data. Using the DNSDB transforms, for example, users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types including domains, IPs, NX, MX, AAAA, SOA and many more. Cryptocurrency forensics and intelligence providing detailed attribution, transaction risk scoring for Bitcoin investigations, and anti money laundering (AML) compliance. CipherTrace leverages open and closed source blockchain attribution, as well as machine learning and multi-input clustering algorithms in order to visualize actionable intelligence and help comply with cryptocurrency regulations. You can try for free. Get quote at to remove transform limits.Please take note that Free Use has been suspended until further notice.
Please register for a free trial here:you require further information, please send an email to: info@ciphertrace.com.Provider:CipherTraceWebsite:Email Address. Threat Grid performs dynamic analysis of hundreds of millions of samples per year, indexing the indicators (Domain, IP, URL, Hash, Mutex, File Path, etc) from each analysis. These transforms leverage the Threat Grid REST APIs to enable you to quickly fetch that information and map out the relationships between samples and indicators, discover new infrastructure used in a campaign, pivot from network indicators to host indicators during an incident to help remediate faster, and more.Provider:Cisco Threat GridWebsite:Email Address. Pivots and data you won't find anywhere else:Historical IP hostname relationshipsHistorical soaemail, ip and domain whois email relationshipsMalware hashes DomainsSubdomain lists per DomainNameserver DomainsNameserver IP/CIDRSupports ipv6 and ipv4Free API key to test and see number of results. Free API key upgrade tomore results, paid upgrades for maximum results.Pricing starts at $300/mo per seat, for more information please visit Address. We have made several integrations with well-known sources and hope that they will be useful to many users.You can always find details about current and ongoing transformations on our website (Resources menu section), as well as full version information.We believe that the links between people, events, companies are no less important than the connections between the elements of the network infrastructure (IP-addresses, domains).Our company is always open for all forms of cooperation, both with other companies and private individuals.Provider:SocialLinksWebsite:Email Address.
PeopleMon system provides the user interface layer for viewing the person profile report of persons of interest. Using the data aggregated by a government agency’s data integration platform which captures data from various sources, Transform system creates a comprehensive profile of the person of interest. Transform System is the layer that presents the aggregated data and the analytical reports, dashboards and charts into useful and understandable information to the end-users. PeopleMon system allows an organization to gather, compile and collate information from various sources to create a comprehensive profile of a “person of interest”. It works on top of, and as a user interface layer for tools that perform data capture, data aggregation, and integration.Provider:People MonWebsite:Email Address.