Footprinting a Target using Maltego

Maltego is a footprinting tool used to gather maximum information for the purpose of ethical hacking, computer forensics, and pentesting. It provides a library of transforms to discover data from open sources and visualizes that information in a graph format, suitable for link analysis and data mining. Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate, and even making it possible to see hidden connections.

Go to Kali Linux and open the Maltego GUI and click on Maltego CE (Free) option.

As the Configure Maltego window appears along with a LICENSE AGREEMENT form, check the Accept checkbox and click Next.

You will be redirected to the Login section; leave the Maltego window as it is and click Firefox icon from the top-section of the window to launch the Firefox browser.

Create account and verify your mail and come back to Maltego Login Page and login

The Install Transforms section appears, which will install items from the chosen transform server. Leave the settings to default and click Next.

The Help Improve Maltego section appears. Leave the options set to default and click Next

The Web Browser Options section appears. Leave the options set to default and click Next.

The Privacy Mode Options section appears. Leave the options set to default and click Next.

The Ready section appears, select Open a blank graph and let me play around option and click Finish.

The Maltego Community Edition GUI appears, along with Privacy Policy Change Notice, click Acknowledge button.

The Maltego Community Edition window along with the New Graph (1) window appears, as shown in the screenshot.

In the left-pane of Maltego GUI, you can find the Entity Palette box, which contains a list of default built-in transforms. In the Infrastructure node under Entity Palette, observe a list of entities such as AS, DNS Name, Domain, IPv4 Address, URL, Website, etc.

Drag the Website entity onto the New Graph (1) window.

The entity appears on the new graph, with the www.paterva.com URL selected by default.

Double-click the name www.paterva.com and change the domain name to www.airbnb.com; press Enter.

The Run Transform(s) list appears; click To Domains [DNS].

The domain corresponding to the website displays, as shown in the following screenshot.

Right-click the airbnb.com entity and select All Transforms —> To DNS Name [Using Name Schema diction…].

Observe the status in the progress bar. This transform will attempt to test various name schemas against a domain and try to identify a specific name schema for the domain, as shown in the following screenshot

After identifying the name schema, attackers attempt to simulate various exploitation techniques to gain sensitive information related to the resultant name schemas. For example, an attacker may implement a brute-force or dictionary attack to log in to ftp.airbnb.com and gain confidential information

Select only the name schemas by dragging and deleting them.

By extracting the SOA related information, attackers attempt to find vulnerabilities in their services and architectures and exploit them.

Select both the name server and the email by dragging and deleting them

Right-click the certifiedhacker.com entity and select All Transforms –> To DNS Name – MX (mail server).

This transform returns the mail server associated with the certifiedhacker.com domain, as shown in the following screenshot.

By identifying the mail exchanger server, attackers attempt to exploit the vulnerabilities in the server and, thereby, use it to perform malicious activities such as sending spam e-mails.

Select only the mail server by dragging and deleting it.

This returns the name servers associated with the domain, as shown in the following screenshot.

By identifying the primary name server, an attacker can implement various techniques to exploit the server and thereby perform malicious activities such as DNS Hijacking and URL redirection.

Select both the domain and the name server by dragging and deleting them. Right-click the entity and select All Transforms –> To IP Address [DNS].

Apart from the transforms mentioned above, other transforms can track accounts and conversations of individuals who are registered on social networking sites such as Twitter. Extract all possible information

By extracting all this information, you can simulate actions such as enumeration, web application hacking, social engineering, etc., which may allow you access to a system or network, gain credentials, etc.

This concludes the demonstration of footprinting a target using Maltego.