Roelof Temmingh and Chris B"ohme presented the Maltego tool for data collection and correlation at the Black Hat Europe 2008 conference in Amsterdam last week.
"In the presentation we showed how the abundance of information on the Internet can be used to create a comprehensive profile of a person or organisation. The presentation included a real world, live demo of the Maltego framework in which we demonstrated how Maltego is used to collect and visualise both open source and internal data sources and how relationships between entities such as people, social networks, companies, Web sites and IP addresses can be analysed," says Temmingh.
Maltego is the brain-child of Roelof Temmingh, founder of Paterva, and was co-developed by Paterva and Pinkmatter Solutions. The software is currently used by more than 2 000 security auditors, pentesters and forensic investigators worldwide.
Voted "Best Tool" in the information-gathering section in 2007 by Security-database.com (www.security-database.com), Maltego is now mentioned in the same breath as Nessus and Metasploit.
Maltego uses numerous methods to search for public information about a variety of entities, such as individuals, phrases, e-mail addresses, URLs, and domain names. These methods are referred to as transforms. In the original release, these transforms were coded as part of the application -- now the system has been redesigned so that the Maltego client you run on your machine utilises a server - called a transform application server. The server collects and processes the information found by the transforms, then returns the results to the client.
This design allows others to write transforms, set up their own transform application servers, or even add their own entity types to conduct searches for virtually any type of information. Users can modify or add transforms without needing to reinstall the software. The new architecture also allows users to restrict or control the use of transforms through individual API keys.
Temmingh explains: "Because the transforms does not run locally results are very fast, even when you're low on bandwidth. I've tested it with a slow GPRS connection and it's still very usable. In the past it just wouldn't go because of the amount of data it had to retrieve and process. The new architecture also allows for customised, sensitive transforms to be hosted locally."
B"ohme, co-founder of Pinkmatter Solutions, adds: "A new version of the Maltego front-end is in the making that will use commercial quality layout algorithms. Additionally to this the new version will include a lot of analysis utilities that would be valuable in pin-pointing higher order relationships."
Temmingh says Maltego version 2 will be released in May 2008.
Share