I first heard about what is now called Maltego, when I read the materials for HD Moore and Valsmith’s presentation “Tactical Exploitation”, given at Black Hat USA 2007. Back then, it was called Evolution, and while it was still in its early stages, it was very useful, and impressive for what it did. Now, with its current name, Maltego, it has reached version 2, and there’s a lot of promise in its new and upcoming features.
As someone who believes that the initial stages of a proper penetration test should include an intensive passive intelligence gathering phase, more than what most testers put into it, I believe that using Maltego is a really good starting point. This is especially the case for pentesters that aren’t as experienced in open-source information gathering as they are in the later phases of a test (due to how their training was focused). The output from Maltego gives a good base to work from, and is likely to put the tester in the right mindset to expand upon that information.
Mubix, over on his Room362.com blog, has started a series of posts on the new version of Maltego, and it should be very informative to both those new to Maltego, and those, like me, who are aware of older iterations, and would like to know how things are progressing:
The other night, Mubix did some information gathering on me, using Maltego, and I was impressed with the output. At the very least, it will find much of the same information that an experienced intelligence gatherer will find in his or her first stages, in a very short period of time (5 minutes in this particular case). I’m looking forward to seeing the rest of Mubix’s series on the new version.
Edit: Chris Gates, of the Carnal0wnage (definitely McGrew-approved for techie security geek content), has a nicely detailed writeup on Maltego over on the Ethical Hacker Network:
This looks to be a good series, too. Definitely worth editing the post to add, as it’s too good to let flounder around down in the comments section.