Ultimate Maltego Cheat Sheet
Ultimate Maltego Cheat Sheet
A comprehensive guide to OSINT, Transforms, and Graph Analysis.
1. Core Concepts
Understanding the building blocks of a Maltego investigation.
Entity
A single node on the graph. Examples:
- Person: John Doe
- Domain: example.com
- IP Address: 192.168.1.1
Transform
A script that takes an Entity as input and finds related data.
- Example: Domain -> To IP Address (DNS)
- Source: Transforms come from the "Transform Hub" (Paterva, VirusTotal, Shodan, etc.).
Hub
The marketplace for data providers. You must "Install" providers here (e.g., Social Links, Shodan) to use their transforms.
2. Navigation & Shortcuts
Maltego is a GUI-heavy tool. Mastering shortcuts is essential for speed.
| Action | Windows/Linux | Mac |
|---|---|---|
| New Graph | Ctrl + T | Cmd + T |
| Search Graph | Ctrl + F | Cmd + F |
| Copy Selection | Ctrl + C | Cmd + C |
| Paste Selection | Ctrl + V | Cmd + V |
| Select All | Ctrl + A | Cmd + A |
| Delete Entity | Delete | Fn + Delete |
| Refresh / Layout | Ctrl + L | Cmd + L |
| Full Screen | F11 | Cmd + Shift + F |
• Right Click (Hold): Pan/Move the canvas.
• Scroll Wheel: Zoom In/Out.
• Left Click + Drag: Select multiple entities.
3. Essential Transforms
The bread and butter of OSINT. Right-click an entity to run these.
Infrastructure Recon (Standard)
- Domain -> To DNS Name [MX/NS]: Find Mail servers and Nameservers.
- Domain -> To IP Address [DNS]: Resolve domain to IP.
- IP Address -> To Netblock: Find the subnet/CIDR ownership.
- IP Address -> To Location: GeoIP lookup (City/Country).
Email & People (PATERVA CTAS)
- Domain -> To Email Addresses: Find emails associated with domain (PGP/Whois).
- Email Address -> To Person: Try to infer name from email.
- Person -> To Email Address: Guess email format based on name.
Website Recon
- URL -> To Entities [Mirror]: Scrape links, emails, and phone numbers from a page.
- Domain -> To Files (Office): Find PDF/DOCX metadata on the domain.
4. Machines (Automation)
Machines are macros that run multiple transforms in sequence automatically.
Footprint L1
Speed: Fast
Function: Basic reconnaissance. Gets DNS names, IP addresses, and MX records.
Footprint L2
Speed: Medium
Function: Deeper dive. Looks for blocks, AS numbers, and server technologies.
Footprint L3
Speed: Slow (Intensive)
Function: The "Nuke" option. Scrapes websites, looks for documents, emails, metadata. Can generate huge graphs.
5. Graph Views & Layouts
Visualizing data effectively is key to spotting patterns.
Block Layout
Good for technical infrastructure. Groups entities by type cleanly.
Hierarchical Layout
Best for showing relationships flowing top-down (e.g., Company -> Domain -> Server -> IP).
Organic Layout
Best for "Social Network" analysis. Pushes unconnected nodes to the outside and clusters connected nodes in the center.
Maltego sizes nodes based on "links" (incoming connections). Larger nodes = More important/connected.
6. Import / Export
Importing Data
Import Tab > Import Graph from Table
Allows you to map columns in a CSV/Excel file to Maltego Entities (e.g., Column A = Person, Column B = Email).
Exporting Data
- Generate Report: Creates a PDF summary of the investigation.
- Export Graph to Image: Save the visual map as high-res PNG.
- Export to Table: Save all nodes and links as a CSV/XLSX for Excel.
Post a Comment