Maltego features over 50 data integrations from over 40 data partners. These numbers are one of the key reasons customers repeatedly turn to Maltego to empower their analysts and investigators with modern link analysis software.
Commercial Transforms, like Pipl and Orbis, and bring-your-own-key Transforms, such as TinEye and ZeroFOX can be a huge asset in your investigations. However, many investigations have be successfully carried out simply by using the powerful set of free Transforms that ship(ped) with the Paterva CTAS Hub item. These Transforms are free and available to all Maltego users to gather OSINT from common sources on the Internet, including queries on DNS servers, search engines, social networks, various APIs and other sources.
Before you worry—rest assured, all of these Transforms are still available, and still free. In fact, we’ve extended the set of free Transforms included in Maltego and given them a new home in the process!
Maltego Standard Transforms 🔗︎
As part of our Transform Hub redesign, we have introduced the Maltego Standard Transform Hub item!
Together with the Transforms from the Paterva CTAS, this Hub item now also includes a number of new Transforms that allow users to explore links between URLs and images more thoroughly, that provide more flexibility to pivot from any Entity into the various types of properties it may have, as well as an improved image EXIF metadata Transform. Additionally, the entire set of the recently announced Wayback Machine Transforms are also included.
HTTP, Property and Wayback Machine Transforms 🔗︎
In total, four Transform Servers are now bundled together and offered through the Maltego Standard Transforms Hub item. These are the Maltego HTTP, Maltego Property and Maltego Wayback Machine Transforms, together with the original Paterva CTAS Transforms.
To EXIF Info, To Images [Found on Web page], To Links [Found on Web page] are three new Transforms introduced in the HTTP Transforms. Useful for finding and analyzing images on websites, they also come in handy in conjunction with the WayBack Machine and TinEye Transforms.
Image properties returned by the To Exit Info Transform
The newly introduced Property Transforms are a unique addition, in that they can potentially be used on any Entity you may encounter in Maltego. These Transforms will analyse an Entity’s properties in search of values that resemble DNSNames, Datetimes, Domains, E-Mail Addresses, GPS, IP Addresses, Phone Numbers or URLS.
If the Transform successfully matches such a property, a new Entity with information from the respective property will be created. This is handy for pivoting into information hidden in properties for which explicit Transforms might be missing.
How Investigators Can Use The New Transforms 🔗︎
Use Images Found on A Web Page to Conduct Reverse Image Search 🔗︎
For example, starting from a Website Entity, we may use the To Images [Found on Web page] Transform to return all the images on the page and then find pages linking to similar images with TinEye.
Run the To Images [Found on Web page] Transform
Run the TinEye Transform to search for pages linking to similar images
Trace Historical Snapshots of the Images with Wayback Machine Transforms 🔗︎
The results returned by TinEye (which you can see for one Entity in the image below) all point to a cached TinEye version in their main value. However, we may be interested in investigating the original file, not the cached version!
Luckily, MST offers a way to do that: To get the original image URLs, we can use the To URLs [within Properties] Transform.
![To URLs [within Properties] Transform returns original image URLs](/images/uploads/introducing_mst_6.png)
Run the To URLs [within Properties] Transforms to return original URLs of the images.
TinEye Backlinks with original URLs
Finally, we can now use those original URLs to find historical snapshots of the image files using the To Snapshots [Wayback Machine] Transform, which is conveniently also included in the Standard Transforms.
Run the To Snapshots [Wayback Machine] Transform to find historial snapshots of the image files
Without the Property Transforms, it would have been very tedious to access the original image URL, rather than the main URL that points to TinEye’s cache. Now, we have the ability to easily access the additional original image URL, as well as any other URL-like property that may present on the entity as well. This can be applied in any scenario: if an Entity has a property that looks like a URL, Datetime, IP Address, E-Mail Address and other Entity types, it can be extracted onto the graph using these new Transforms.
Investigate Away with The New Maltego Standard Transforms 🔗︎
This is a small example of how you can use the new Standard Transforms right away. You can also find lots of additional information and use-cases in our documentation.
We hope the Maltego Standard Transforms will continue to accompany you in your investigations! We will be adding more and more useful investigative tools and OSINT sources to the Standard Transforms in the future, so stay tuned on Twitter and LinkedIn.
We’d also love to hear your feedback and ideas on these or any other Transforms! To stay up-to-date on our blog, you can also subscribe to our newsletter.
