Maltego is a powerful OSINT information gathering tool. My Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target
For effective and successful penetration testing, information gathering is a prime aspect, and must be given utmost importance by security researchers, according to the Open Web Application Security Project (OWASP). An attacker will attempt to gather as much information about the target as possible before executing an attack. This enables the attack to be more refined and efficient than if it were carried out without much information about the target.
This tutorial covers the usage of a very powerful open source intelligence (OSINT) tool known as Maltego. This tool has been mainly designed to harvest information on DNS and whois, and also offers options for search engine querying, SMTP queries, and so on.
Maltego offers broadly two types of reconnaissance options, namely, infrastructural and personal. Infrastructural reconnaissance deals with the domain, covering DNS information such as name servers, mail exchangers, zone transfer tables, DNS to IP mapping, and related information. Personal reconnaissance on the other hand includes personal information such as email addresses, phone numbers, social networking profiles, mutual friend connections, and so on.
A personal reconnaissance demo using Maltego
In this Maltego tutorial we shall take a look at carrying out personal reconnaissance. We can enumerate various kinds of information from the name provided to us. These include email addresses, URLs, social network profiles of a person and mutual connections between two people. This information can be effectively used in a social engineering attack to either pawn the victim or to gather even more information needed for the attack.
Suppose say the attacker obtains the name of a person, mining of data related to the name would start with targeting the person’s email-ID. Maltego offers email-ID transforms using search engines. This is explained in the screenshot above.
With Maltego it is also possible to find links into and out of any particular site. Maltego uses Gary Ruby’s mirror to spider the target site and return the links that are related to it. This also returns the plugins used in a blog, links to social networking sites, Facebook pages, and so on.