# Footprinting with Maltego ![](https://2575763014-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MNC3KGY9k0nvrU_5PW6%2F-MO3EDxga8EqkNAVv6CZ%2F-MO3EN__awr0GP_IouUm%2Fimage.png?alt=media\&token=e5d10627-2f33-410f-bf53-c36c09aca483) In this exercise we will use **`Maltego`** in its free version (`Community Edition`) to understand how we can, using this tool, carry out a **`footprinting`** of a target website. ## Installing Transforms In Maltego the "Modules" are called `Transforms` each of them provides functionalities and various types of `scans` that we can use. To install **`transforms`**, Maltego has a section called **`transform hub`**: ![](https://i.imgur.com/2jLKfOH.png) The `hub` is a kind of `store or market` where we can find`transforms` paid, free and some that offer free trials. We have `filters` to refine our search. In this particular case we will use all `free transforms` to do our web reconnaissance exercise. In my case I will use the following free transforms: ![](https://i.imgur.com/2WCbem9.png) The installation of the `transforms` is simple, just `click` each one and choose the `install`option. Then a window will open to begin the installation. ![](https://i.imgur.com/Zl42thC.png) Some `transforms` like the one from `Shodan`, require an `API Key` to function and will ask for it during installation: ![](https://i.imgur.com/tz71trn.png) ## Web reconnaissance with Maltego The objective of this exercise is to generate a `web reconnaissance using Maltego and the transforms` that we installed previously. ### Creating a new scan To start we generate a new `graph` from the Maltego menu: ![](https://i.imgur.com/LQyXoPm.png) Once created we see that we have a sort of `canvas` empty where we will be able to organize the elements of our scan. These elements in Maltego are called `Entities`. We can see a list of each one in the `panel on the left` of our `canvas`, differentiated by categories. ### Defining the Domain (Entities) The `Entities` allow us to place in the `canvas` the different types of `devices`, `events`, `infrastructures`, `locations`, `Personal`, etc. To begin our scan, we look in the list of entities for the entity called `Domain`: ![](https://i.imgur.com/ewAAXik.png) To add our entity to the `canvas`, just drag and drop it onto it. By default this entity points to `paterva.com`. We need to adjust that value and point it to our target. For that we have 2 ways: * **Option 1:** Double `click` on the `text` of the `entity` and change the `value` to the `target domain`: * ![](https://i.imgur.com/d6OIkRN.png) * **Option 2:** Edit the `domain` using the properties panel of the `entity` (this panel is generic to any `entity` that we have selected): * ![](https://i.imgur.com/K4Nx6PL.png) In my case I will use as `target` an online news website: * `https://semanarionuestragente.com/` ### Performing the first Manual scan In Maltego each `entity` offers us various types of scan (they are actually also called `transforms`). These are enabled by the `transforms` that we have installed. Each entity can contain different types of `scans` available according to its type. To see the `scans` available, we can `right click` on the entity: ![](https://i.imgur.com/mUCw5A4.png) We see that the contextual menu that unfolds is called `Run Transforms`. It shows us each `transform` installed, we can `click` on one in particular or we can `click` on `All Transforms` to see the complete list of available options: ![](https://i.imgur.com/s0EL8nJ.png) We will start by doing a scan of the type `whois`. We can use the search bar of the contextual menu to refine the list and for example see the `scans` of type `whois` that are available: ![](https://i.imgur.com/vSU6ymG.png) In this case we will try the `transform` (scan) called `to DNS - NS (Name Server)`. By `click` it `the selected scan/transform is executed. We see that after a moment` new entities appear in our `2` . We can also see that each `canvas`transform/scan `generates a` log `when executed that is shown in the` output `window below the` In this way we see that we obtain both `canvas`: ![](https://i.imgur.com/GMryuvF.png) Name Servers `that are linked to our target. These new entities allow us to run` additional. Let's see which are available for `scans` ns69.domaincontrol.com `Let's try running the`: ![](https://i.imgur.com/6f5w3wZ.png) called `transform` To Domains \[Sharing this NS] `and when running it we see that it updates our` with all the domains that also use that same `canvas` Name Server `We can already get an idea of Maltego's potential to do reconnaissance of our targets.`: ![](https://i.imgur.com/1cMuUgZ.png) Let's take for our next scan jamibgoode.com `and run the` To Email Address \[from whois info] `transform` To Domains \[Sharing this NS] `We see that in this way we manage to list the email that is specified in the`: ![](https://i.imgur.com/4tMGV8j.png) records for that domain. In this way we can begin to obtain information about our target, but Maltego also offers us another automated way to perform scans of `whois` using what is called `footprinting` machines `Using Machines for Automatic Footprinting`. ## Maltego provides us with different that are a kind of `Using Machines for Automatic Footprinting` pre-set `scans that we can run automatically for the target domain we have defined. Let's see how we can use` to do `Using Machines for Automatic Footprinting` , this time for the domain `footprinting`kimballoon.com `First we locate the`: ![](https://i.imgur.com/QauHK22.png) machine `that we want to run, for this exercise we will use the one called` Footprint L1 `. Just`click `click` on the desired machine to run it: {% hint style="warning" %} In the **`community`** version of **`Maltego`** the functionality and power of these **`machines is limited.`** {% endhint %} ![](https://i.imgur.com/xb1uLqi.png) After running the **`that we want to run, for this exercise we will use the one called`**, in the upper right of the Maltego screen we see the result of the `scans/transforms` executed by that `that we want to run, for this exercise we will use the one called`. And when seeing the `canvas` we see that we have multiple new `entities`, each of which continues providing us with additional information for our `footprinting`: ![](https://i.imgur.com/etwMmj1.png) We see that in this case the `footprinting` performed generates in our `canvas` a considerable number of new `entities` of varied types. Each of which allows us to continue using `transforms` additional to try to obtain information and additional details that we can then collect to have as complete a picture as possible of our target. As we can observe Maltego's power is considerable and the ease of use it offers makes it a formidable tool for our **`footprinting`**` ``and`` `**`reconnaissance.`** During this simple exercise we saw some of the functionalities that Maltego offers, certainly there are many more to discover, learn and use. I hope this text is useful and helps to begin exploring this powerful tool.