Open navigation

PhraseTo Files (Office) [using Search Engine]

Modified on: Fri, 17 Jul, 2020 at 9:22 AM

Transform Meta Info

Display NameTo Files (Office) [using Search Engine]
Transform NamePhraseToDocument_SE
Short DescriptionThis Transform will search for the given phrase and show documents (Office[tm]) containing the term.
Data Source
Bing API

General to all search engine Transforms

There are couple of Transforms that use search engines - all of them very similar. The basic recipe for these Transforms are as follows:

  1. Expand the question. The question is the input from the GUI - be that a person's name, a domain or an phone number. When looking at a person's name for instance the name 'Kosie Kramer' will be expanded to searches like '"Kosie Kramer"', '"K Kramer"', 'Kramer Kosie' etc. In the case of a telephone number the search will be expanded to include most telephone notations used.
  2. Assign confidence levels. Because a search for '"Kosie Kramer"' is more likely to return good results - rather than a search for 'KramerK', the confidence level for the first search would be higher. The confidence levels are also used to assign preference to certain file types when doing searches on documents (these are configurable in Transform). In the same way a XLS file containing the word is likely more interesting than a PDF file.
  3. Perform each search. The searches are performed and the snippets are obtained. It is important to note that only snippets are parsed. For parsing the entire page you need to dump to URL and process the URLs separately. Various search engines have various snippet lengths.
  4. Parse for output Entities. Depending on what output is required the snippets are parsed for Entities - in some cases the web site's name is all that's required.
  5. Calculate weight. The weigh is calculated from various factors - the confidence of the search, the frequency of the result, the importance of the web site where the result came from, and in some cases a correlation to the input.
  6. Normalise. The weights are now normalised using a fairly interesting algorithm that involves the mean and standard deviation of the spread of weights. It is important to understand that a search result with a equal spread of weights are mostly useless.

General notes when using search engine Transforms

Maltego will sometimes give you results that seem plain wrong. You need to keep in mind that the application will get pretty desperate when it does not get results. So - when you are searching for a person called "Vaxynutus Grabounill" and that person simply left no marks on the Internet Maltego will eventually go after a search term "VG" - with a super low confidence - but you will still get some results. These results could seem completely off the mark, but should have very low weights. Always look at the weights.

Problems with parsing results

Some Entities are hard to parse, such as telephone numbers. There is always a trade-off between missing numbers and parsing non-telephone numbers as phone numbers. With the current Transform we hope to have reach the optimal balance.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.