Video - Information Gathering Using Maltego

Ethical Hacking - A Hands-On Approach to Ethical Hacking Gathering Information - Open-source intelligence (OSINT)
9 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€96.05
List Price:  €134.47
You save:  €38.42
£78.28
List Price:  £109.60
You save:  £31.31
CA$143.28
List Price:  CA$200.59
You save:  CA$57.31
A$160.13
List Price:  A$224.20
You save:  A$64.06
S$135.03
List Price:  S$189.05
You save:  S$54.02
HK$777
List Price:  HK$1,087.84
You save:  HK$310.83
CHF 88.49
List Price:  CHF 123.89
You save:  CHF 35.40
NOK kr1,126.80
List Price:  NOK kr1,577.57
You save:  NOK kr450.76
DKK kr717.22
List Price:  DKK kr1,004.14
You save:  DKK kr286.92
NZ$176.87
List Price:  NZ$247.63
You save:  NZ$70.75
د.إ367.26
List Price:  د.إ514.17
You save:  د.إ146.91
৳11,929.84
List Price:  ৳16,702.26
You save:  ৳4,772.41
₹8,538.94
List Price:  ₹11,954.85
You save:  ₹3,415.91
RM448.65
List Price:  RM628.13
You save:  RM179.48
₦154,544.52
List Price:  ₦216,368.52
You save:  ₦61,823.99
₨27,792.76
List Price:  ₨38,910.97
You save:  ₨11,118.21
฿3,416.65
List Price:  ฿4,783.45
You save:  ฿1,366.80
₺3,519.17
List Price:  ₺4,926.99
You save:  ₺1,407.81
B$637.56
List Price:  B$892.61
You save:  B$255.05
R1,874.85
List Price:  R2,624.87
You save:  R750.01
Лв188
List Price:  Лв263.20
You save:  Лв75.20
₩145,711.39
List Price:  ₩204,001.77
You save:  ₩58,290.38
₪364.90
List Price:  ₪510.87
You save:  ₪145.97
₱5,865.41
List Price:  ₱8,211.81
You save:  ₱2,346.40
¥15,715.92
List Price:  ¥22,002.92
You save:  ¥6,286.99
MX$2,016.21
List Price:  MX$2,822.78
You save:  MX$806.56
QR363.08
List Price:  QR508.32
You save:  QR145.24
P1,386.50
List Price:  P1,941.15
You save:  P554.65
KSh12,902.70
List Price:  KSh18,064.30
You save:  KSh5,161.60
E£5,082.90
List Price:  E£7,116.27
You save:  E£2,033.36
ብር12,710.92
List Price:  ብር17,795.80
You save:  ብር5,084.87
Kz91,190.88
List Price:  Kz127,670.88
You save:  Kz36,480
CLP$98,919.10
List Price:  CLP$138,490.70
You save:  CLP$39,571.60
CN¥729.82
List Price:  CN¥1,021.78
You save:  CN¥291.96
RD$6,081.12
List Price:  RD$8,513.82
You save:  RD$2,432.69
DA13,508.78
List Price:  DA18,912.83
You save:  DA5,404.05
FJ$231.84
List Price:  FJ$324.58
You save:  FJ$92.74
Q768.97
List Price:  Q1,076.59
You save:  Q307.62
GY$20,886.35
List Price:  GY$29,241.72
You save:  GY$8,355.37
ISK kr13,953.60
List Price:  ISK kr19,535.60
You save:  ISK kr5,582
DH1,006.73
List Price:  DH1,409.47
You save:  DH402.73
L1,841.91
List Price:  L2,578.75
You save:  L736.83
ден5,908.74
List Price:  ден8,272.47
You save:  ден2,363.73
MOP$798.63
List Price:  MOP$1,118.11
You save:  MOP$319.48
N$1,856.28
List Price:  N$2,598.86
You save:  N$742.58
C$3,673.45
List Price:  C$5,142.98
You save:  C$1,469.52
रु13,596.38
List Price:  रु19,035.48
You save:  रु5,439.09
S/371.74
List Price:  S/520.45
You save:  S/148.71
K405.18
List Price:  K567.27
You save:  K162.09
SAR375.47
List Price:  SAR525.68
You save:  SAR150.20
ZK2,762.82
List Price:  ZK3,868.06
You save:  ZK1,105.23
L478.38
List Price:  L669.75
You save:  L191.37
Kč2,417.95
List Price:  Kč3,385.23
You save:  Kč967.27
Ft39,478.73
List Price:  Ft55,271.81
You save:  Ft15,793.07
SEK kr1,088.11
List Price:  SEK kr1,523.40
You save:  SEK kr435.29
ARS$102,698.50
List Price:  ARS$143,782.01
You save:  ARS$41,083.50
Bs689.84
List Price:  Bs965.80
You save:  Bs275.96
COP$441,236.66
List Price:  COP$617,748.98
You save:  COP$176,512.31
₡50,688.88
List Price:  ₡70,966.47
You save:  ₡20,277.58
L2,536.46
List Price:  L3,551.14
You save:  L1,014.68
₲778,577.57
List Price:  ₲1,090,039.75
You save:  ₲311,462.17
$U4,443.67
List Price:  $U6,221.32
You save:  $U1,777.64
zł409.39
List Price:  zł573.17
You save:  zł163.77
Already have an account? Log In

Transcript

Greetings and in this short video presentation we're going to see how we go about using multigo to perform a passive reconnaissance, passive reconnaissance is where we use publicly available information to gather information about our potential target. The multigo Community Edition is the community version of multigo. That is available for free after a quick online registration multigo seeeeee includes most of the same functionality as the commercial version, however, it does have some limitations. The main limitation with the community version is that the application cannot be used for commercial purposes. There's also a maximum number of entities that can be displayed at any given time in the community edition of multigo. Lastly, there is no export of the graph information as you have in the full commercial version of multigo.

With multigo, we can find the relationships which people are linked to Including your social profile, mutual friends companies that are related to the information gathered and websites. The first time you start multigo, you'll want to go to applications, you want to go to information gathering, and click on multigo. This places the multigo icon into the Quick Launch Bar. Once multigo opens up, you'll want to go ahead and select them all to see the free edition, click on Run. If this is the first time that you have brand multigo you'll have to register by clicking on the register here link. Clicking on the register here will take you out to the internet where you can register an account so that you have access to the transforms.

Scroll down the page until you come to the register and account window, create your account and then you will be able to download and install all the transforms for multigo. Once you've registered your account, you'll be brought back to the law On window for multigo you can then type in your login information, solve the captcha, and then click Next. Once you've logged in, you'll be presented with the welcome screen for the multigo Community Edition. Go ahead and click Next. This will install or update your transforms. Once your transforms have been updated, you can click Next, you can choose to automatically send error reports or not.

And then you can click Next. And you're now ready to begin your first passive reconnaissance with multigo. We're now ready to go ahead and click on Finish. And this brings up the multigo starting screen. Once you start multigo for the first time, you can go up to the top right, you can close out that first window. And then behind that window is this particular screen for multigo.

And this is the screen we're going to be using. Over here in the right window pane. We have additional transform sets that you can install. Now some of these will require that you go out and register for API key. But some of these are very useful. You can look through them and see if there's anything in here that you might be interested in as far as additional transform, we can go back to our original graph page just by going up here to the menu bar, and clicking on the plus sign.

That brings back that original graph screen that we started with. Over here in the left window pane, we have our transforms. And this is where we can go in and we can start looking for particular information about somebody such as an email address, phone numbers, aliases, documents, a person. There's all kinds of things that you can look up on an individual or an entity such as an organization, and it's all available over here inside of this left window pane. We're going to start off by looking at some domain information. So what we're going to do is over here in the left window pane, just scroll on down until you come to the domain and just drag down on over here to your MP.

Graphed just like that, once we have the domain transform over inside of our graph, we can just double click it. And now we can type in the name of the domain we wish to look up. For this demonstration, I've typed in cyber offense, COMM But it could be any domain name. It could be Microsoft, it could be Cisco, it could be IBM, it could be anybody. As you probably come to realize we could use this application for nefarious purposes. But we don't want to do that.

You don't want to use it for stalking individuals or trying to cause harm. Well, we want to use it for in this case, is to find out about our own personal presence, because we may have some things out there that we don't want people to be able to gather about us. And so I've typed in cyber offense comm now I should be able to get some information about myself, the owner of cyber, cyber offense COMM And we'll just see how much information that does pull up. Once you have your domain name in place, you can just run Click. And from the list, you can click on where it says all transforms. If you click on that plus sign, you'll see all the different transforms or scripts that can be ran against the search.

So as you go through the list, you can see that it can find information about your phone numbers, it can find out information about your email addresses, other domains, files to persons to a phone number, websites, quick lookup, it can do a lot of information gathering. Now to run all those transforms for the domain lookup. I've used this double clicker over here, and if I click on that, it will begin the passive recon against cyber offense Comm. So as the information is gathered and the nodes are brought in, as information about my domains gathered, you'll see that the graph starts to fill up rather quickly, and I run out of space. by just using my left mouse button, I can click inside of the graph and then use my scroll bar. To zoom in, or zoom out.

So there's a lot of information in here you see I got some DNS records. And if I click on that, you can go over here to the detail view, you can open up the relationship and see if there's anything incoming, you can look at that. You can also look at some other information that might be available. I'm pretty boring. As far as having anything going on with my domain name. It's real simple.

It's just registered for business purposes only. So there's not a lot of information going on in here. But you could find out some things about the relationships, which I don't have any and the generator details and some other things. So the good news is, I don't see my name being listed anywhere underneath a domain search, and that's a good thing. You can't find my phone number and I didn't show up. It also didn't find my actual given name.

That's a good thing. So I've done a pretty good job of making sure that my privacy is kept intact. And that's another good use for multigo. Let's go ahead and change direction and do some information gathering about a individual. So we're going to look up a person, and we're going to see what we can find out about that individual. Let's go ahead and start a new graph.

We're going to go up here to the plus sign, we're going to open up a new graph. Now you'll see that we have two graphs. And there's our new graph. Now we have both graphs here. So I'm going to scroll here to the second graph. I'm just going to drag person on over here.

And we can just type in anybody's name. Okay, anybody name you want to type type into there, you can type it in. And we can do a search and see what information we can find out about that individual on the internet. From the Lab file, I'm just going to type in Shane Watson, and we're going to do a search for change to what we can find out about him. So this individual could be anybody. It could be yourself.

It could be your spouse, it could be your girlfriend, it could be who whomever ever again, you make sure that you think about what you're doing before you go out and use this for a serious purposes, I'm going to go ahead and just use this fictitious individual called Wayne, Watson. I'm going to right click, and I'm going to do the all transforms again. And I'm just going to click on that and go ahead and run that. You want to open a service manager to sign in. I don't want to look up Twitter, so I don't have a Twitter account. But if you have a Twitter account, you can.

I'm gonna say no. So let's go ahead and let those transforms run for a couple of minutes and see what pops up. Again, I have clicked inside of my graph window and I'm using my scroll bar to either bring it out or push it back in so I can see all the details. Alright, so we see we got a lot of information here or we got some information of some entities that belong to Shane Watson. These are different email addresses. So if you want to know how to get ahold of somebody, and you can't figure it out, you could use multigo to go out there.

Get an email address on that individual. So you see, there's a lot of different things that we can use this for good, bad or otherwise. So that's going to conclude this short video presentation on how we go about using multigo. Again, this is the Community Edition so it is limited, but it has most of the functionalities as a full version. If you have any questions or you have concerns, please do not hesitate to reach out and contact your instructor and I'll see you in my next video.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.