LLMpediaThe first transparent, open encyclopedia generated by LLMs

Maltego

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Christopher Hadnagy Hop 4
Expansion Funnel Raw 84 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted84
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()

Maltego

Maltego is a commercial link analysis and data-mining tool used for open-source intelligence, digital forensics, and investigative analytics. Developed to map relationships between entities, it integrates multiple data sources to visualize connections among people, organizations, domains, and infrastructure. Analysts from corporate, law enforcement, academic, and journalistic institutions employ it alongside other investigative suites to support attribution, threat-hunting, and due diligence.

Overview

Maltego provides a graphical canvas where investigators can create entity nodes and run transforms to discover linked person, organization, domain name, IP address, and social media relationships. Originating in the context of open-source intelligence workflows, it complements tools and frameworks used by practitioners associated with Europol, INTERPOL, FBI, and private firms such as KPMG, Deloitte, PwC, and Accenture. It is frequently taught in training programs at institutions like SANS Institute, Carbon Black workshops, and cybersecurity curricula at universities including Massachusetts Institute of Technology, Stanford University, and University of Oxford. The tool’s visualizations are used in reports alongside citations to datasets produced by agencies such as National Cyber Security Centre (UK), United States Cyber Command, and research from labs like MITRE.

Features and Functionality

Maltego offers entity types and automated transforms to resolve relationships across data points such as emails, DNS records, WHOIS details, and social profiles, similar in purpose to suites like Palantir Technologies platforms and IBM i2 Analyst's Notebook. Core functionality includes graph layout, centrality metrics, filtering, and export for integration with analysis platforms used by Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Collaboration features permit multiple analysts to work on shared graphs, akin to collaborative products from Atlassian and Slack Technologies. Users can script or extend transforms with languages and frameworks referenced by communities around Python (programming language), Java, and Node.js libraries. Visualization options and reporting connect to formats favored by legal and compliance teams at firms such as Baker McKenzie and DLA Piper.

Architecture and Data Sources

The architecture combines a client application, a transform engine, and connectors to third-party data providers including commercial vendors and free sources like DomainTools, Shodan, VirusTotal, Have I Been Pwned?, and public records aggregators used by investigative journalists at outlets such as The Guardian, The New York Times, and ProPublica. Integration points mirror patterns used by MISP threat-sharing platforms and standards from STIX and TAXII. The transform mechanism parallels APIs provided by services like Twitter, Facebook, LinkedIn, and DNS providers including Verisign and Cloudflare. Storage and collaboration options align with enterprise stacks incorporating PostgreSQL, Elasticsearch, and identity systems like LDAP or Okta.

Use Cases and Applications

Maltego is applied across a range of domains: cyber threat intelligence investigations in environments similar to those run by Cisco Talos, FireEye, and CrowdStrike; due diligence and fraud investigations for financial institutions such as JPMorgan Chase, Goldman Sachs, and Citigroup; law-enforcement inquiries by units in Metropolitan Police Service, Los Angeles Police Department, and Royal Canadian Mounted Police; academic research at centers like Harvard Kennedy School and Carnegie Mellon University; and journalistic investigations undertaken by teams at BBC Panorama and Washington Post. Case studies often describe combining Maltego outputs with incident response workflows used by SANS Institute alumni and consultants from McKinsey & Company.

Licensing and Editions

Maltego is distributed in multiple editions that vary by feature set, data access, and intended audience, comparable to commercial vendor strategies used by Microsoft Corporation and Oracle Corporation. Editions range from free community tiers for individual researchers to enterprise subscriptions for corporate and government clients, with support, training, and professional services offerings like those provided by Accenture and Capgemini. Licensing models can include per-seat subscriptions, volume licensing for agencies such as NATO, and bespoke agreements for service integrators like BAE Systems.

Reception and Criticism

Maltego has been praised in practitioner literature and conference presentations at venues such as Black Hat, DEF CON, and RSA Conference for its ability to reveal nonobvious relationships and accelerate investigations. Academic papers from groups at University College London and ETH Zurich have cited it as useful for visual analytics. Criticism centers on dependence on third-party data that can include inaccuracies (a concern also raised about datasets used by Equifax and Cambridge Analytica), potential privacy implications debated by advocacy groups like Electronic Frontier Foundation and Amnesty International, and licensing costs that limit access for small nonprofits and independent researchers. Operational limitations noted in incident reports from CERT teams include rate limits from sources such as Twitter and gaps when attempting to pivot into encrypted or closed platforms like Signal and WhatsApp.

Category:Computer security tools