Open navigation

Introduction to Maltego Standard Transforms

Modified on: Tue, 1 Dec, 2020 at 1:37 AM

Overview

This section contains information for the Maltego Standard Transforms that ship with every Maltego Desktop Client.

These include Transforms for gathering OSINT from common sources on the Internet, including queries on DNS servers, search engines, social networks, various APIs and other sources.


The Transforms are available to all commercial Maltego users as well as, with a few exceptions in the case of paid APIs, CE users.


A list of common use-cases can be found below.


Infrastructure footprinting

The Maltego Standard Transforms can be used to quickly gather intelligence about the cyber infrastructure of a site or server. A common starting point is a Domain Entity, but IP, DNS and Website Entities may also serve as good points of entry.

Users can, for example:

  1. Gather information about the technical infrastructure of a target domain, e.g. subdomains, IP addresses, WHOIS information, email addresses and relationships between the target domain and other Entities.
  2. Analyse the infrastructure of suspicious networks, as used in the initial steps of the investigation outlined here.
  3. Map the relationship between different online websites, for example, through examining whether they are controlled by a common Entity by using the BuiltWith and the tracking code Transforms.


Useful Transforms for this include:

  1. To Relationships [BuiltWith]
  2. To Matches [show BuiltWith results]
  3. To Tracking Codes
  4. To Website Mentioning Domain [Bing]
  5. To DNS Name - MX (mail server)
  6. To DNS Name [Find common DNS names]
  7. To IP Address [DNS]


Social media investigations

The Maltego Standard Transforms can also be used to analyze social media accounts in order to track profiles, understand social networks of influence, interests, and groups.

Users can, for example:

  1. Find the social accounts of people under investigation, as in this tutorial where the NameChk Transform is used to find accounts based on a person’s alias or name.
  2. Discover deleted posts and profiles using the Wayback Machine Transforms.
  3. Find contact information (such as phone numbers and email addresses) related to certain domains, websites, or people. 

to social account transform

Useful Transforms for this include:

  1. To Social Account [Using NameChk]
  2. To EmailAddress [Bing]
  3. To Person [Parse separator]
  4. To Myspace Account in conjunction with To Snapshots


Tracking and profiling bad actors

The Maltego Standard Transforms can be instrumental when used to track the online footprints, interactions with other people, and the offline activities of target individuals under investigation, even after these have been deleted.

In particular, users can:

  1. Find the social accounts and email addresses of the target suspects, as shown in this blog post
  2. Reveal the target’s deleted online footprint with the Wayback Transforms, introduced here.
  3. Analyze the digital trail the target may have unknowingly left behind, such as metadata in images they posted, using the To EXIF Info Transform. Similarly, document metadata can be extracted using the Parse meta information Transform.


Useful Transforms for this include:

  1. Wayback Machine Transforms
  2. Domain To Entities from WHOIS [IBM Watson]
  3. Domain to Email addresses [using Search Engines]
  4. To EmailAddress [Bing] 
  5. To EXIF Info  
  6. Parse meta information


Threat intelligence

These Transforms allow users to collect and analyze information related to cyberthreats to help protect your organization from the risks they pose.


Some examples of possible use-cases include:

  1. Brand protection, finding websites masquerading as official websites from an organization.
  2. Enrich threat intel, map malicious networks, identify attackers.

Cyber Threat Coalition Vetted Domains in Maltego

Useful Transforms for this include:

  1. IPv4Address To Entities From WHOIS [IBM Watson]
  2. To IP Address [DNS] 
  3. To Domain [Find other TLDs]


Analyzing live and historical web content

Not only live web content, but also historic content can be analyzed with Maltego’s Standard Transforms. For example, users can monitor changes to websites, find online or deleted files, uncover erased social media posts, and locate or trace bad actors attempting to conceal their online footprints.

For instance, it is possible to:

  1. Study the historical content and the changes that have taken place upon web documents, web files, web images, domains, websites, and URL’s historical using the Wayback Machine Transforms.
  2. Find all documents, files and images that have historically been hosted in archived domains.
  3. Review which actors have edited certain Wikipedia pages.
  4. Find files containing a certain phrase or related to certain domains. To Files (Office) [using Search Engine] and To Website [using Search Engine] Transform

 

Useful Transforms for this include:

  1. To Snapshots (Wayback Machine)
  2. Alias To Wikipedia Edits
  3. To Wikipedia Page Edits
  4. Domain To Files (Interesting) [using Search Engine] 
  5. Phrase To Files (Interesting) [using Search Engine] 


Document analysis

Files are frequently uploaded with no regard to the hidden information and metadata they harbor. Using the Maltego Standard Transforms this information can be uncovered.

These Transforms can allow users to, for example:

  1. Extract and map document metadata.
  2. Analyze documents via natural language processing with IBM Watson. One example of this could be to extract Entities from documents. An example of this can be found here, in a blog post where these Transforms are used to collect evidence for a legal case.


A close up of a sign



Description automatically generated

 

  1. Find all files hosted on a certain domain.
  2. Extract EXIF data from an image.


Useful Transforms for this include:

  1. Transform Meta Info
  2. Document To Entities [IBM Watson] 
  3. To EXIF Info
  4. Domain To Files (Office) [using Search Engine]

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.