Using Maltego with Netlas Module

Maltego is the best-in-class software for OSINT, reconnaissance, and investigation visualization. Combining data from many sources and visualizing the data obtained, greatly simplifies the process of exploration during the penetration test or incident investigation. One of its very important advantages is the ability to integrate any tool into Maltego and use it along with many others.

In this short article, we present you with instructions for using Netlas with Maltego. The plugin, written by our team, supports many transformations and works with the API key of your Netlas account.

Before Starting

Before starting the main part of the article, it is worth mentioning a few points.

Firstly, the article is written solely to familiarize Maltego users with the capabilities of the Netlas plugin for Maltego. Maltego Community Edition was used for demonstration purposes to write this article. Due to platform restrictions, the Maltego Community Edition returns a maximum of 12 results for each transform.

Secondly, this is already the second version of the article. The first one was published in 2023, and since then there have been several small but important changes made to the plugin. Thus, bugs in individual transformations were fixed and error reporting mechanisms were improved. Now, if something goes wrong, it will be much easier for the user to understand what exactly happened. If you have been using the Netlas module in Maltego for a long time, you need to update it.

Thirdly, it’s important to note, that each transformation you make counts as one request in your Netlas account. There is no way within the Netlas plugin for Maltego to count how many search results will be returned for a transform. So be careful with “heavy” transforms if you’re using a Netlas subscription that limits search results per month.

Installation

Before using the plugin, it must be installed. We will assume that you already have Maltego installed, and now it remains to add the Netlas module to it. If not, install it from the official website first.

For your convenience, we have prepared both a video showing the installation process and a text guide. Choose what suits you best.

Video Guide

Text Guide

1. Immediately after launching Maltego on your device, open the Transform Hub in the program and go down to the very bottom, to “Internal Hub Items”:

2. Click on the “+” and fill out the form in the window that opens. The only required field here is the Seed URL, which is where the plugin will be found on the Transform Server.

Enter the following link there: https://public-tds.paterva.com/runner/showseed/vnvRYaAnv9s9hHlhi9P148KB

3. After you click OK, the plugin will be added to your hub. Now you just need to hover over it and click “Install”. This will open the installation window.

4. During installation, no input is required from you. Just wait until the end and you will be able to use Netlas inside Maltego.

5. You need an API key to use the Netlas Plugin for Maltego. Create an account on Netlas if you don’t have one. Go to your Profile page, copy the API key and insert it to your Maltego Desktop Client.

Here you can access your profile

Here is the API key

And here it must be entered

Usage

So, what is the Netlas plugin for Maltego capable of? It supports 21 transformations:

1. Domain → IP.
2. Domain → Company Name.
3. Domain → Certificates.
4. Domain → Email.
5. Domain → MX Record.
6. Domain → NS Rescord.
7. Domain → Subdomains.
8. Company → Domains.
9. Company → Netblock.
10. Email → Domains.
11. Email → Netblock.
12. IP → Company Name.
13. IP → CPE.
14. IP → CVE.
15. IP → Domains.
16. IP → Email.
17. IP → PII.
18. IP→ Ports.
19. IP → Services.
20. MX Record → Domains.
21. NS Record → Domains.

You can place the necessary objects, study the connections between them, and automatically or manually complete the constructed surface. In this guide, we will only touch on those points that directly relate to Netlas. However, the entities used in our plugin are identical to those in Maltego, so you can combine them with others as you wish.

Video Guide

Text Guide

1. You need to choose which object you will start your reconnaissance from. A domain name or an IP address is usualy used as a root node. However, you are free to choose any of the objects, the transformation of which the plugin supports. In order to place the root node, find the “Infrastructure” sub-item in the list on the left side of the workspace, and in it “Domain” or “IPv4 Address”.

2. Drag the selected object to the work area, placing it there. After you need to find Netlas transformations. To do this, simply right-click on the root object, and in the list of Transformations find the one that you added during the installation phase. In my case, it is called “Netlas.io”.

3. Finally, select the desired transformation from the drop-down list. For example, let it be “To Subdomains”.

List of Netlas transformations

Transformation result

4. Don’t forget to controll the amount of Netlas Coins (available search results) on your Netlas Profile page. Each entity fetched by Netlas.io Plugin to Maltego costs one Netlas Coin. The plugin stops returning results when you run out of Netlas Coins.

Conclusion

By following this little guide, you can easily incorporate Netlas search results into your work with Maltego. Combine them with other queries, build complex graphs, and explore.

Please, give us some feedback if you know how to make this plugin better. We wish you pleasant work!