
Maltego – open-source intelligence and graphical link analysis tool - lisnake
https://www.maltego.com/
======
arminiusreturns
Here is a list of osint tools I compiled after a fairly recent review for
those who don't like maltego:

    
    
      https://www.spiderfoot.net/
      https://github.com/jivoi/awesome-osint
      https://github.com/laramies/theHarvester
      https://github.com/aancw/Belati
      https://github.com/intrigueio/intrigue-core
      https://osintframework.com/
      https://github.com/s0md3v/Photon
      https://github.com/lanmaster53/recon-ng
      https://github.com/kpcyrd/sn0int

~~~
jnwatson
Shameless plug for Synapse, our Intelligence (OSINT or otherwise) Analysis
Platform:

[https://github.com/vertexproject/synapse](https://github.com/vertexproject/synapse)

------
sytse
It says it is open source but I have a hard time finding the code.
[https://github.com/paterva/maltego-trx](https://github.com/paterva/maltego-
trx) looks like something much more basic.

~~~
swdunlop
They may mean "Open Source Intelligence" as in OSINT.

[https://en.wikipedia.org/wiki/Open-
source_intelligence](https://en.wikipedia.org/wiki/Open-source_intelligence)

~~~
PenguinCoder
This is correct. It's not open source as the HN crowd would know it. OSINT as
you say is the correct "Open Source" moniker. Source: I use Maltego for work
daily.

>[...]the term "open" refers to overt, publicly available sources (as opposed
to covert or clandestine sources). It is not related to open-source software
or collective intelligence.

~~~
smokelegend
Interesting, is there a alternative that is open source for OSNIT?

~~~
dr_zoidberg
There are bits and pieces, but not a complete tool that gathers all the same
functionality (that I'm aware of, there could alays be something new that's
not well known yet).

The main selling point of Maltego is the large amount of plugins and data
sources that you can integrate with it.

~~~
bane
It is of continuous disappointment to me that there really isn't not only a
good FOSS link-analysis tool, but doesn't appear to be _any_ of any quality.
I've used yED in a pinch a couple of times but it's not FOSS.

~~~
xwdv
But why would there be? It’s a niche application and the target market doesn’t
care about open source.

~~~
bane
Governments and police in particular are customers for these tools and they
_do_ care about open source. If there was a good competitive FOSS tool out
there, not a weekend project by any means, but a serious effort. It would be
adopted.

------
_pdp_
There is an alternative if interested:

[https://secapps.com/market/recon](https://secapps.com/market/recon) \- mostly
free with subscription if you want to save the maps and work in teams

[https://github.com/pownjs/pown-recon](https://github.com/pownjs/pown-recon)
\- the open source engine that powers the above

Full-disclosure, I am the author and I am planning to split this tool into a
separate entity it greater focus on the tool itself.

------
cairo_x
What is the main value of link analysis? As far as cause and effect and the
larger picture (especially WRT the time domain), a lot of it seems like
reading signs in chicken gizzards. The more you put in, the less sense they
make.

There's only so much useful information to be gleaned from this kind of
geometry. Fingering out and tracing cause and effect is just about impossible.

I wish someone would come up with a half decent top-down timeline creation and
analysis tool.

~~~
heipei
The way I've seen Maltego-like tools being used is in one of two modes:
Documentation-mode and exploratory mode.

Documentation mode is "just" recording relationships between assets so they
are readily understood and visually obvious. This can be used to break new
analysts into cases and to publish reports. These also serve as good starting
points to pick an investigation back up. This is arguably the "easier" mode to
implement since it just requires a visual graph with different entity types.

Exploratory mode means populating the graph through "transforms" (in Maltego-
lingo). Going from one node to more nodes and relationships by attempting to
"pivot" from a node using a certain datasource. As an example from
infrastructure analysis you'd say "here's an IP, now do a transform which
creates vertices for all hostnames that point to that IP". This mode is harder
to get right since there's always explosion of edges and also since it's just
mind-numbing work to implement transforms for all the data-sources.

------
ipunchghosts
I remember using this in 2008!

