Overview
This section contains information for the Maltego Standard Transforms that ship with every Maltego Desktop Client.
These include Transforms for gathering OSINT from common sources on the Internet, including queries on DNS servers, search engines, social networks, various APIs and other sources.
With over 150 Transforms, the Maltego Standard Transforms enable investigators to perform a vast range of standard use cases on Maltego, including:
- Infrastructure footprinting
- Discovering related domains and infrastructure
- Analyzing live and historical web content
- Extracting and mapping document metadata
- Investigating social media handles and email addresses
- Analyzing documents via natural language processing and many more.
The Standard Transforms are useful for nearly all types of investigations commonly performed in Maltego, and include both specialized and generic Transforms to supplement the functionality of other Hub items.
Maltego Standard Transforms are available to all commercial Maltego users as well as CE users, with a few exceptions in the case of paid APIs.
You can read more about Maltego Standard Transforms on our website here. This includes information around integration, pricing and access, resources and featured datasets.
You will also find numerous interesting tutorials and articles in Maltego's Blog pages which will hugely benefit your investigations, such as Maltego Dorking with Search Engine Transforms Using Bing.
A list of common use-cases can be found below.
Infrastructure footprinting
The Maltego Standard Transforms can be used to quickly gather intelligence about the cyber infrastructure of a site or server. A common starting point is a Domain Entity, but IP, DNS and Website Entities may also serve as good points of entry.
Users can, for example:
- Gather information about the technical infrastructure of a target domain, e.g. subdomains, IP addresses, WHOIS information, email addresses and relationships between the target domain and other Entities.
- Analyse the infrastructure of suspicious networks, as used in the initial steps of the investigation outlined here.
- Map the relationship between different online websites, for example, through examining whether they are controlled by a common Entity by using the BuiltWith and the tracking code Transforms.
Useful Transforms for this include:
- To Relationships [BuiltWith]
- To Tracking Codes
- To Website Mentioning Domain [Bing]
- To DNS Name - MX (mail server)
- To DNS Name [Find common DNS names]
- To IP Address [DNS]
Social media investigations
The Maltego Standard Transforms can also be used to analyze social media accounts in order to track profiles, understand social networks of influence, interests, and groups.
Users can, for example:
- Discover deleted posts and profiles using the Wayback Machine Transforms.
- Find contact information (such as phone numbers and email addresses) related to certain domains, websites, or people.
Useful Transforms for this include:
- To EmailAddress [Bing]
- To Person [Parse separator]
- To Myspace Account in conjunction with To Snapshots
Tracking and profiling bad actors
The Maltego Standard Transforms can be instrumental when used to track the online footprints, interactions with other people, and the offline activities of target individuals under investigation, even after these have been deleted.
In particular, users can:
- Find the social accounts and email addresses of the target suspects, as shown in this blog post
- Reveal the target’s deleted online footprint with the Wayback Transforms, introduced here.
- Analyze the digital trail the target may have unknowingly left behind, such as metadata in images they posted, using the To EXIF Info Transform. Similarly, document metadata can be extracted using the Parse meta information Transform.
Useful Transforms for this include:
- Wayback Machine Transforms
- To Entities from WHOIS [IBM Watson]
- To Email addresses [using Search Engines]
- To EmailAddress [Bing]
- To EXIF Info
- Parse meta information
Threat intelligence
These Transforms allow users to collect and analyze information related to cyberthreats to help protect your organization from the risks they pose.
Some examples of possible use-cases include:
- Brand protection, finding websites masquerading as official websites from an organization.
- Enrich threat intel, map malicious networks, identify attackers.
Useful Transforms for this include:
Analyzing live and historical web content
Not only live web content, but also historic content can be analyzed with Maltego’s Standard Transforms. For example, users can monitor changes to websites, find online or deleted files, uncover erased social media posts, and locate or trace bad actors attempting to conceal their online footprints.
For instance, it is possible to:
- Study the historical content and the changes that have taken place upon web documents, web files, web images, domains, websites, and URL’s historical using the Wayback Machine Transforms.
- Find all documents, files and images that have historically been hosted in archived domains.
- Review which actors have edited certain Wikipedia pages.
- Search for specific information using dorking with our Bing search engine Transforms.
- Find files containing a certain phrase or related to certain domains.
![To Files (Office) [using Search Engine] and To Website [using Search Engine] Transform](https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/data/helpdesk/attachments/production/2015038370230/original/gHD_u1vtTEerR6buMyoGCnj3_ip2nDbCuQ.png?1598820045)
Useful Transforms for this include:
Document analysis
Files are frequently uploaded with no regard to the hidden information and metadata they harbor. Using the Maltego Standard Transforms this information can be uncovered.
These Transforms can allow users to, for example:
- Extract and map document metadata.
- Analyze documents via natural language processing with IBM Watson. One example of this could be to extract Entities from documents. An example of this can be found here, in a blog post where these Transforms are used to collect evidence for a legal case.
- Find all files hosted on a certain domain.
- Extract EXIF data from an image.
Useful Transforms for this include:
- To Entities [IBM Watson] (Document Variant)
- To EXIF Info
- Domain To Files (Office) [using Search Engine]
Automation using Maltego Machines
The Maltego Standard Transforms Hub Item is packed with Machines that will help further speed up your investigations. Machines are a built-in feature in Maltego providing automation of standard or repetitive investigative steps, allowing users to speed through the process of data collection and allocate more time to analyzing an automatically populated graph.
More information can be found about the Machines included in the Maltego Standard Transforms Hub Item here.