Recorded Future Transforms for Maltego
By Jason Hines on September 27, 2013
Webinar: How to use Maltego for better insight into cyber threats. Watch now.
Anyone who’s serious about cyber OSINT should be familiar with Maltego, a freely available, easy to use link analysis and visualization product from Paterva. Maltego ties into Paterva’s community of transforms, or scripts to gather data from various databases and services. Transforms can be used to investigate technical info about a website, map a network’s infrastructure, or research social network graph information. Pen testers, social engineers, and threat intel researchers alike find these tools indispensable, and for good reason. They are easy to use, easy to mod, and freely available.
A while back I saw this other Maltego video which features transforms to map social media networks (using Packet Ninjas awesomeness), and it’s inspired us to write a rough set of sample transforms for Recorded Future. For those who don’t know, Recorded Future is harvesting more than 500,000 Web sources in real-time and extracting and statistically clustering entities, events, and the associated timing. Today we extract approximately 30 entities and 100 events across seven languages from news sites, blogs, public social media (like Facebook and Twitter), message boards, and more. We’ve got five-year archive and we’re adding thousands of new sources every week. And now all of this information can be pulled into the Maltego environment.
So whether you are looking to monitor corporate expansion, public travel plans, or technology and actors related to malware, Recorded Future’s structured open source data can help enrich your research.
The video above shows quick look at our sample transforms in action, and the python source code is here. (Suggestions for improvement are welcome! We’re Maltego n00bs.) If you’d like to learn more about Recorded Future or get an API token to test it out for yourself, contact us.