A Transform is a small piece of code that fetches related information for a given input and formats the results to be returned as Entities to Maltego. A Transform can be written in any programming language, typically written in Python within a framework that translates the XML-based query and response messages into Python-objects, to simplify the Transform-writing process.
Transforms should:
- Be extensible (so that other transforms can run of their output)
- Return the smallest piece of information possible.
The reason we emphasize small pieces of information is that it means we can harness the power of Maltego's link analysis. Take the two images below as an example (they merely show IP addresses as well as ports):
The graph at the top has a whole layer less, whilst showing the same information. Using the second graph allows the analyst to quickly look at things like all the services running on port 80. Doing the same on the graph at the top would mean you would have to traverse up the tree to the IP addresses and then down again to the services giving you other services that are not running on port 80. Modeling your data correctly is a very important step in the process of building your own custom Transforms. It is advised to give this step some thought before moving on with actually writing code for your Transforms.
The Transforms can be added to Maltego from a Transform Distribution Server or as a Local Transform. We will see the difference between them and their usage further along in this guide.