The Maltego is able to gather information about a network or an individual. Here we will focus on the first and leave the individual collection of information once again.
We will look at the collection of information for all subdomains, IP address range, WHOIS information, all email addresses, and the relationship between the target domain and others.
Let's start by running Kali and then opening it Maltego.
The Maltego can be found in many places in Kali, but the easiest way to get to it is to go to Applications -> Kali Linux -> Top 10 Security Tools. Then, among the Top 10, you will find him Maltego at number 5, as shown in the screenshot below.
Go ahead, register and save your password, as you will need it again the next time you log in. Maltego.
Select attack and parameters
After successfully registering and logging in to Maltego, you have to decide what kind of "engine" you want to run against your target. You must select in Maltego, what kind of footprinting do you want to do against your target. Here, we focus on network footprinting, so our choices are:
- Company Stalker (collects email information)
- Footprint L1(basic information collection)
- Footprint L2(moderate amount of information collection)
- Footprint L3(intensive and complete collection of information)
Let's choose the L3 option that will gather as much information as possible. Although it is the most time consuming choice.
Choose a goal
Now that we have chosen a type of machine for our footprinting, we need to choose a target. Let's choose our friends at GLUTEN , one of the leading security training and consulting companies in the world.
Now, click "Finish" and release it Maltego to do his job.
The Maltego sans.org will start collecting information about our target and displaying it on the screen. In the screenshot below, we can see that Maltego has already collected email addresses from the site, while collecting name servers and mail servers.
Finally, we can click on "Bubble View" when done Maltego and see all the links between our target and its subdomains, as well as linked sites.
The Maltego is a great tool to do network authentication on our potential target, allowing us to do many types of authentication in a single tool scan.
Finally the Maltego is also capable of recognizing people, but we will leave it for our next iguru article.