1 1 00:00:00,350 --> 00:00:01,660 Now in this lecture, I'd like 2 2 00:00:01,660 --> 00:00:03,600 to give you an overview of a tool 3 3 00:00:03,600 --> 00:00:06,580 that we're gonna be using often in this course. 4 4 00:00:06,580 --> 00:00:09,290 This tool is great for information gathering 5 5 00:00:09,290 --> 00:00:11,500 and it allows you to gather information, 6 6 00:00:11,500 --> 00:00:12,670 just about anything. 7 7 00:00:12,670 --> 00:00:14,550 You can gather information about people, 8 8 00:00:14,550 --> 00:00:17,020 you can gather information about websites, 9 9 00:00:17,020 --> 00:00:20,530 computers, companies, phone numbers, 10 10 00:00:20,530 --> 00:00:23,130 everything really everything you can think of, 11 11 00:00:23,130 --> 00:00:25,230 you can add to this tool and try 12 12 00:00:25,230 --> 00:00:28,883 to extract information related to that entity. 13 13 00:00:30,180 --> 00:00:32,040 The tool is called Maltego, 14 14 00:00:32,040 --> 00:00:33,780 and it's gonna become your best friend 15 15 00:00:33,780 --> 00:00:36,450 when it comes to information gathering. 16 16 00:00:36,450 --> 00:00:38,080 Now, like I said, the tool can be used 17 17 00:00:38,080 --> 00:00:40,320 to gather information about anything, 18 18 00:00:40,320 --> 00:00:42,260 but using the tool is the same. 19 19 00:00:42,260 --> 00:00:45,340 So it doesn't matter, if your target is a website, 20 20 00:00:45,340 --> 00:00:48,700 if it's a person, if it's a phone number, if it's a company, 21 21 00:00:48,700 --> 00:00:52,410 it doesn't really matter using the tool is exactly the same, 22 22 00:00:52,410 --> 00:00:54,000 but only the information 23 23 00:00:54,000 --> 00:00:56,420 that you'll be getting is gonna be different. 24 24 00:00:56,420 --> 00:00:57,253 So in this lecture, 25 25 00:00:57,253 --> 00:00:59,550 we're gonna have a quick overview over this tool, 26 26 00:00:59,550 --> 00:01:03,360 and then we're gonna be using it more in the next lectures. 27 27 00:01:03,360 --> 00:01:05,420 So first of all, to run the tool, 28 28 00:01:05,420 --> 00:01:08,780 just go to the more applications right here, 29 29 00:01:08,780 --> 00:01:10,483 and then just type in Maltego. 30 30 00:01:12,740 --> 00:01:15,120 And you can see that the tool comes up in here, 31 31 00:01:15,120 --> 00:01:16,973 and it's called Maltego CE. 32 32 00:01:18,480 --> 00:01:20,490 The first time you're on the tool, you'll be asked 33 33 00:01:20,490 --> 00:01:23,360 to log in with a username and a password. 34 34 00:01:23,360 --> 00:01:25,800 If you don't have one, you'll have to register 35 35 00:01:25,800 --> 00:01:27,460 through the wizard that you'll see. 36 36 00:01:27,460 --> 00:01:30,620 So just create a new username and a new password, 37 37 00:01:30,620 --> 00:01:33,860 and then they'll send you an activation link to your email, 38 38 00:01:33,860 --> 00:01:35,900 activate your account, and then you'll be able 39 39 00:01:35,900 --> 00:01:37,553 to log in and use the tool. 40 40 00:01:38,470 --> 00:01:40,530 Now as you can see, I've already logged in 41 41 00:01:40,530 --> 00:01:41,990 and it's offering me to use one 42 42 00:01:41,990 --> 00:01:46,380 of the already made templates for gathering information. 43 43 00:01:46,380 --> 00:01:47,810 I'm not gonna use any of that, 44 44 00:01:47,810 --> 00:01:50,900 so I'm just gonna click on the cancel right here. 45 45 00:01:50,900 --> 00:01:55,000 In here, you can see that we have the homepage for the tool. 46 46 00:01:55,000 --> 00:01:58,740 And from here you can add more transformers to the tool. 47 47 00:01:58,740 --> 00:02:02,120 Basically transformers are plugins that allow you 48 48 00:02:02,120 --> 00:02:05,560 to gather information about specific things. 49 49 00:02:05,560 --> 00:02:09,460 So you can literally just click on install on any of these. 50 50 00:02:09,460 --> 00:02:13,250 And it will it'll add basically more transformers 51 51 00:02:13,250 --> 00:02:16,820 or more things that you can do with Maltego. 52 52 00:02:16,820 --> 00:02:19,730 A lot of these extra transformers will ask you 53 53 00:02:19,730 --> 00:02:21,750 to log in with a username and a password 54 54 00:02:21,750 --> 00:02:24,380 or use a certain API. 55 55 00:02:24,380 --> 00:02:27,200 For now we're just gonna use the built-in transformers. 56 56 00:02:27,200 --> 00:02:30,793 And I'm just gonna go on right here, 57 57 00:02:31,720 --> 00:02:33,263 to create a new graph. 58 58 00:02:35,920 --> 00:02:38,973 And this is the main workplace of Maltego. 59 59 00:02:39,810 --> 00:02:42,180 So, in the middle, we have our graph, 60 60 00:02:42,180 --> 00:02:45,150 so here is where you're gonna be seeing your entities, 61 61 00:02:45,150 --> 00:02:48,550 where you're gonna be seeing the information. 62 62 00:02:48,550 --> 00:02:51,700 In here, you'll have an overview of the graph, 63 63 00:02:51,700 --> 00:02:53,470 and in here, you'll have details 64 64 00:02:53,470 --> 00:02:56,440 about each entity in the graph. 65 65 00:02:56,440 --> 00:02:58,920 And in here, at the bottom right, you'll be able 66 66 00:02:58,920 --> 00:03:02,670 to change the properties for each of these entities. 67 67 00:03:02,670 --> 00:03:03,840 All this is empty now, 68 68 00:03:03,840 --> 00:03:06,010 and all of this is vague I know for you. 69 69 00:03:06,010 --> 00:03:07,830 But once we start using the tool, 70 70 00:03:07,830 --> 00:03:09,963 it'll start making sense straight away. 71 71 00:03:11,180 --> 00:03:14,880 On the left, we have our entities. 72 72 00:03:14,880 --> 00:03:17,190 They're organized and categories right here, 73 73 00:03:17,190 --> 00:03:20,630 depending on the type of these entities. 74 74 00:03:20,630 --> 00:03:24,010 So for example, if we click on the infrastructure, 75 75 00:03:24,010 --> 00:03:27,130 it'll allow you to add a domain name, 76 76 00:03:27,130 --> 00:03:30,290 you can add MX records, you can add URLs, 77 77 00:03:30,290 --> 00:03:32,250 or you can add the website. 78 78 00:03:32,250 --> 00:03:34,680 So you can literally just drag 79 79 00:03:35,730 --> 00:03:37,603 and drop the entity that you want. 80 80 00:03:39,530 --> 00:03:42,470 And now we have a website in the graph, and from here, 81 81 00:03:42,470 --> 00:03:45,913 we can start gathering information about this website. 82 82 00:03:47,030 --> 00:03:51,123 There is a lot of different types of entities so, 83 83 00:03:52,280 --> 00:03:54,570 you can add a device from here. 84 84 00:03:54,570 --> 00:03:58,700 You can for example, if we go to personal, 85 85 00:03:58,700 --> 00:04:01,010 you'll see that you can actually just add the person. 86 86 00:04:01,010 --> 00:04:02,890 So literally, you can just add the person 87 87 00:04:02,890 --> 00:04:05,110 give their first name, their second name, 88 88 00:04:05,110 --> 00:04:06,110 and then you'll be able 89 89 00:04:06,110 --> 00:04:08,693 to gather information about this person. 90 90 00:04:09,850 --> 00:04:12,640 You can also add a phone number again, put the phone number 91 91 00:04:12,640 --> 00:04:15,570 and start gathering information about it. 92 92 00:04:15,570 --> 00:04:19,120 And one of the really cool categories right here 93 93 00:04:19,120 --> 00:04:21,940 is the social links, which will allow you 94 94 00:04:21,940 --> 00:04:25,500 to add Facebook entities, it'll allow you add GitHub, 95 95 00:04:25,500 --> 00:04:30,500 Foursquare, LinkedIn, Instagram, and other social networks. 96 96 00:04:31,040 --> 00:04:33,460 And with that, once you add them, you'll be able 97 97 00:04:33,460 --> 00:04:36,500 to gather information about these entities. 98 98 00:04:36,500 --> 00:04:39,840 And obviously this information will really help you 99 99 00:04:39,840 --> 00:04:41,910 when it comes to trying to exploit 100 100 00:04:41,910 --> 00:04:44,843 that person and hack into their system. 101 101 00:04:45,880 --> 00:04:47,590 Now once you add the entity in here, 102 102 00:04:47,590 --> 00:04:49,763 if we click on the website, for example, 103 103 00:04:51,150 --> 00:04:53,970 I'm just gonna go on the property view. 104 104 00:04:53,970 --> 00:04:56,790 And you'll see that in here I can modify 105 105 00:04:56,790 --> 00:04:59,920 the properties for this website. 106 106 00:04:59,920 --> 00:05:02,750 So for example, the first thing that we need 107 107 00:05:02,750 --> 00:05:06,820 to change is put the name of our target website in here. 108 108 00:05:06,820 --> 00:05:10,090 And once we do that, we can right click 109 109 00:05:10,090 --> 00:05:13,773 and select what type of information we want to gather. 110 110 00:05:16,550 --> 00:05:19,270 Now, I'm not gonna run any transformers in this video, 111 111 00:05:19,270 --> 00:05:20,930 we're gonna do it and next videos. 112 112 00:05:20,930 --> 00:05:23,340 For now, I'm just showing you a quick overview 113 113 00:05:23,340 --> 00:05:27,270 of the tool, how to add entities how to run transformers, 114 114 00:05:27,270 --> 00:05:29,713 and what do we mean by all of these things. 115 115 00:05:30,950 --> 00:05:33,030 I know a lot of this is still a bit vague, 116 116 00:05:33,030 --> 00:05:36,100 but we're gonna be using this tool a lot in the course 117 117 00:05:36,100 --> 00:05:38,680 and it's gonna become very easy for you. 118 118 00:05:38,680 --> 00:05:41,330 And as I said, you're gonna be able to use it 119 119 00:05:41,330 --> 00:05:43,570 to gather information about anything 120 120 00:05:43,570 --> 00:05:45,690 and it's really gonna help you 121 121 00:05:45,690 --> 00:05:48,023 enhance your social engineering skills.