Maltego for Juicy Information

[holyvirginmary]

Maltego is based on transforms automated queries that pull related data from different sources (DNS, WHOIS, social networks, etc.)
You start with a seed entity (like a domain, email, or IP), then run transforms to discover connected entities.
Maltego itself doesn’t hack or exploit anything. It’s an information-gathering and data-visualization platform

Identify organizations with large digital footprints (banks, e‑commerce, crypto exchanges, etc.)
Discover linked domains, employee emails, or public-facing systems

For recon, common starting points:

A domain name (example.com)
An IP address
An email address
A person’s name or organization

Run Basic Transforms

Right-click your entity → choose Run Transform → select categories like:

Transform Type :Purpose
DNS from Domain :Finds IP addresses from domain
WHOIS info:Finds registrant name, email, address
Links to Domains/Subdomains :Finds related sites
Email Addresses from Domain:Finds email addresses linked to that domain
Social Networks: Finds associated social media profiles
Infrastructure :Maps IPs, NS, MX, and AS numbers

Use Transforms Hub for More Data Sources
Maltego supports integration with external data sources via the Transform Hub, including:
Shodan (for open ports, banners)
VirusTotal (for malware and domain reputation)
HaveIBeenPwned (for leaked emails)
Censys, Spyse, BuiltWith, etc.
You can activate them from:
Transform Hub → Install/Activate data sources

Type of Intel Why It’s Valuable
Subdomains & hidden infrastructure Reveal staging/test environments or forgotten assets.
Shared IPs / Hosting relationships Show other services under the same organization.
WHOIS ownership & contact info Identify legitimate registrant data, corporate email patterns.
Email address patterns Help map an organization’s internal naming convention.
Technology stack Web servers, CMS, or frameworks (for compatibility/security testing).
Social and organizational links Reveal connections between employees, vendors, and brands.

Combine and Pivot

Once you have new entities, right‑click them and run more transforms.
Example chain:

Domain → IP → Other Domains → WHOIS Email → Person → LinkedIn → Organization

It can be used for
Mapping Your External Infrastructure
Look up your domains, subdomains, and IP ranges
Map name servers, mail servers, hosting providers
Identify forgotten or old assets (test sites, legacy servers)
Why they care: old or forgotten assets often run outdated software.

Collecting Publicly Exposed Emails
Company email formats
Employee addresses
Publicly listed contacts


Maltego connectors (e.g., BuiltWith, Shodan) can reveal:
Webserver type
Frameworks
CMS versions
Hosting providers