Running a Machine

Modified on: Sat, 16 Mar, 2024 at 4:20 AM

Clicking Run Machine will open the Start a Machine window to assist with running your first Machine.

The first step to start a Machine is to select the Machine you would like to run from the list of Machines that are available in your Maltego Client.

By default, Show on startup and Show on empty graph will be checked. This means that with the two conditions selected, the Start a Machine window will open automatically. These can be switched off by un-checking these options.

Clicking Next will take you to the next page where you can input the start parameter.

Machines require a start parameter from which subsequent Transforms can be run. For example, the Footprint L2 Machine requires a target domain as the input Entity.

Clicking Finish will start the Machine on the target that was specified. The Machines window will open which provides details on the status of the Machine that is running, as described in the next section.

User Filters

Some of the Machines that come with Maltego include a User Filter which allows you to choose which Entities you want to continue in the Machine’s pipeline. This is important as it allows you to specify what is relevant and what is not, and prevents the Machine from gathering information on Entities that are irrelevant to the current investigation.

In the case of the Footprint L2 Machine for example, a user filter will pop up asking if you want the Machine to look for additional domains that use the same MX and NS records as the target domain:

In this example, it appears that uses Google for their MX records and Linode for their NS records. If you were investigating you would not want the Machine to look for domains that use these records as it would return thousands of unrelated results for companies and organizations that use Google for their mail servers and Linode for their name serves. So, in this case, you should deselect these Entities in you filter window, click the Next> button and the Machine will continue running.

Perpetual Machines

In Maltego, perpetual Machines are also available. A perpetual Machine can be configured to run every x seconds and is useful for monitoring data that changes regularly. When a perpetual Machine finishes running, a countdown timer will appear in the Machines window that will count down until it is time for the Machine to run again.

