Mastering Kali Linux for Advanced Penetration Testing(Second Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Maltego

Maltego is one of the most capable OSINT frameworks for personal and organizational reconnaissance. It is a GUI tool that provides the capability to gather information on any individual by extracting information that is publicly available on the internet by various methods. It is also capable of enumerating the DNS, brute forcing the normal DNS, and collecting the data from social media in an easily readable format.

How are we going to use the Maltego M4 in our goal-based penetration testing or red teaming exercise? We can utilize this tool to develop a visualization of the data that we have gathered. The community edition is shipped along with Kali Linux. The easiest way to access this application is to type maltegoce in the terminal. The tasks in Maltego are called transforms. Transforms come built into the tool and are defined as being scripts of code that execute specific tasks. There are also multiple plugins available in Maltego, such as sensepost toolset, shodan, virustotal, and threatminer.

In order to access Maltego, you will need to create an account with Paterva. This can be achieved by visiting https://www.paterva.com/web7/community/community.php and creating an account. Once the account has been created and you have successfully logged in to Maltego, you should be able to see the following screen:

Upon clicking on Next, you should be all set, as shown in the following screenshot:

Now click on Finish and you are ready to use Maltego and run the following selections while you start an instance of the Maltego engine.

Typically, when we select Maltego public servers, we will have the following machine selections:

  • Company Stalker: This is used to get all email addresses at a domain and then see which one resolves on social networks. It also downloads and extracts metadata of the published documents on the internet.
  • Find Wikipedia edits: This is where we have domain as the input and it looks for Wikipedia edits.
  • Footprints L1: This performs basic footprinting of a domain.
  • Footprint L2: This performs medium-level footprinting of a domain.
  • Footprint L3: This takes a deep dive into a domain, and is typically used with care since it eats up a lot of resources.
  • Footprint XML: This works on large targets, such as a company hosting its own data centers, and tries to obtain a footprint by looking at Sender Policy Framework (SPF) records, hoping for netblocks or reverse delegated DNSes to their name servers.
  • Person - Email Address: This is used to obtain someone's email address and see where it's used on the internet. The input is not a domain, but a full email address.
  • Prune Leaf entries: This provides a list of entities in the Prune.
  • Twitter digger X: This is the tweet analyzer for Aliases.
  • Twitter digger Y: This involves Twitter affiliations; it finds a tweet and extracts and analyzes it.
  • Twitter Monitor: This can be utilized for performing operations to monitor Twitter for hashtags and named entities mentioned around a certain phrase. The input is a phrase.
  • URL to Network and Domain Information: This is used from the URL to identify domain details.

The following screenshot provides the list of available options in Maltego public machines:

Attackers begin with Footprint L1 to have a basic understanding of the domain and its potentially available subdomains and relevant IP addresses. It is fairly good to begin with as part of information gathering; however, attackers can also utilize all the other machines as mentioned earlier to achieve the goal. Once the machine is selected, click on Next and specify a domain, for example, packtpub.com. The following screenshot provides an overview of cyberhia.com:

上一章目录下一章