InfoSec Philippines

Information Security, Technology News and Opinions

Using Local Transforms in Maltego

Posted by stare on April 12, 2009

Maltego is an open source tool developed by Paterva for rapid information gathering and correlation of data available from the Internet. With the release of Maltego 2.0.2 last January 2009, users can now develop their own local Transforms from any programming language as long as it follows the local Transform Specification. A Transform is an instance of information gathering that processes Entities (e.g. IP addresses, ports, emails, person’s name) either as input or output. A sample Transform can take a DNS name as input and determine its IP address as output. Another Transform can take an individual’s full name as input and determine the websites where his full name can be found as output. Maltego shows the Transform results including the relationships using a graphical user interface.

Sample Maltego Results

By default, Transforms are launched from the Maltego client and executed on Paterva’s Transform Application Server (TAS) accessible from the Internet.  Local Transforms execute locally on the user’s computer and not on a TAS. A sample local Transform below takes an “IP Address” Entity as input, launch an NMAP TCP Connect Scan against that IP address and displays the results in Maltego as “Service” Entities. The script for this local Transform can be easily programmed in PERL using the NMAP-Parser module.

Sample Local Transform

The screenshot above shows that  IP address 10.10.10.3 has three open ports with active services running.

Local Transforms provide users the flexibility and power to integrate other security tools (e.g. NMAP, Nessus, Metasploit). Users may be able to centralize security tool execution and documentation in Maltego.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: