Author Topic: Maltego transforms integrated with MDL DB  (Read 6911 times)

0 Members and 1 Guest are viewing this topic.

June 29, 2008, 11:47:34 am
Read 6911 times

RT

  • Newbie

  • Offline
  • *

  • 1
All,

We've created a transform application server for integration with the MalwareDomainList.com DB. If you want to see how it works you can download the Community Edition of Maltego (if you don't have it already) from http://www.paterva.com/maltego/.

Once you have it running you should go to Tools -> Manage transforms and click on Discover Transforms.
You can now add a new discovery server with name "MALTAS" and URL http://ctas.paterva.com/MALTAS.xml
From there - just click on Next->Next->Next..etc

When you are done you should see 15 transforms discovered. These should be ready to rock and roll.
The transforms do SQL queries to the Malwaredomainlist.com database. Most of them are built using 'like' SQL statements. So if you want to see all domains listed on the database in the co.uk domain you can just drag a domain over from the palette to the main graph, edit it to say 'co.uk', right click, find the relevant MALTAS transform and fire away. Same goes for registrant info, etc.

We will soon be releasing some graphs and videos.

Enjoy!
Roelof.

PS: #maltego on FreeNode and http://www.paterva.com/forum/ for support.
PS2: We've just created these transform, so they are still pretty fresh and havent been tested to the extreme...if you find a problem let us know.

July 01, 2008, 07:16:29 pm
Reply #1

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Hi RT,

This looks like a very interesting project with lots of potential. I'm looking forward to seeing some sample graphs and videos as I can't really say I got anywhere in the first 10 minutes of clicking around. :)

Thanks,
TJS

July 05, 2008, 06:31:04 am
Reply #2

sowhat-x

  • Guest
...You just add a node of your choice in the main dashboard,
for example,an ip address or say a domain,and then,
you simply right-click and start running queries over it,lmao...
The 'terminology' used by the program might seem a bit confusing at first,indeed,
but the basic usage is more or less like any other gui-based program out there...
drag'n'drop and then right-click,he-he...which part of it actually confused you?  :)
There are a few intro tutorials for anyone that wants a more deep insight,
haven't had the time to go through them/study in more detail yet...
http://www.paterva.com/maltego/screenshots/

For the fun of it,here are a couple of quickly made printscreens as well,
while running queries against malware domains...   8)

Lol,in the first one,you can clearly spot c99,he-he...along with an .ani-based exploit:



===================================================

Second screen should be pretty self-explanatory as well...
it's the "AntiVirus 2009" rogue malware domain,
along with the rest of crappy sites that are hosted in the same ip...


March 04, 2010, 01:18:58 pm
Reply #3

greatwritingjay

  • Newbie

  • Offline
  • *

  • 1
Maltego 3 is in beta. looks awesome.