Mnemata
@sanoski/

Hacking Tools

publicKnowledge base

A collection of hacking tools

#hacking

Maltego

Maltego.md

Maltego

Overview

Maltego is a commercial OSINT and link-analysis platform that visualizes relationships between people, organizations, domains, IP addresses, networks, and social media. It uses “transforms” to pull data from dozens of sources and maps them into an interactive graph.

Category

#reconnaissance #osint #link-analysis #passive-recon

Phase

Reconnaissance

Developer

Paterva (now part of Maltego Technologies)

Editions

Edition Notes
Community (CE) Free; limited transforms, results capped at 12 per transform
Professional Full transforms, commercial use
Enterprise Team features, shared graphs, API access

Key Concepts

  • Entity — Any node in the graph (domain, email, person, IP, phone, etc.)
  • Transform — A query that expands an entity using an external data source
  • Graph — The visual map of all relationships discovered
  • Transform Hub — Marketplace for third-party data integrations

Common Use Cases

  • Map all subdomains and IPs for a target domain
  • Discover email addresses linked to an organization
  • Find social media accounts tied to a username or email
  • Visualize relationships between companies and individuals
  • Trace infrastructure connections between domains

Workflow Example

Start with: Target domain (e.g., example.com)
  → Run "To IP Address" transform
    → Run "To DNS Name" on each IP
      → Run "To Email Address" on discovered domains
        → Build out email/person/org graph

Useful Transforms

  • To IP Address [DNS] — Resolve domain to IP
  • To DNS Name — Reverse DNS lookup
  • To Email Address [PGP] — Find emails via PGP keyservers
  • Shodan — Enrich IPs with Shodan data
  • HaveIBeenPwned — Check email breach exposure
  • VirusTotal — Threat intelligence on domains/IPs

OPSEC Notes

Transforms query third-party APIs — your queries may be logged. Community edition also sends data through Maltego’s servers. Use Professional/local transforms for sensitive engagements.

Related Tools

  • WHOIS — Domain registration data often used as starting entity
  • Google Dorking — Manual passive recon to complement graph work
  • Nmap — Active scanning after graph reveals targets

Tags

#ethical-hacking #reconnaissance #osint #link-analysis

Linked from