I have just uploaded the latest mirror of various Maltego Entities to SourceForge, including those recently released from shodan.io

I have moved this from Google Code since the download feature has been deprecated.

Tags: maltego shodan

Both the “To User Picture" and "To User Cover" have been updated to include a note of their associated SHA-1 hash and time and date of when they when the image was discovered.Featuring Dhillon Kannabhiran (HITB)

The .git Flow implementation for the Maltego Local Transforms hosted on @GitHub.

Based on @GitHub's implementation of Git Flow.

Tags: git maltego

The roadmap (without timelines) for the development of both the @Rapleaf and @Facebook Maltego Local Transforms hosted on @GitHub.

These Maltego Local Transforms returns the “Location” and “Gender” Fields from the Personalization API of Rapleaf and are available from Google Code.

Also featured a git submodule of “Analyst-CaseFile" from @ohdae

Tags: maltego github

This release marks the commencement of refactoring some of the code and closing some of the issues

RDP Vulnerability on Microsoft Small Business Server (June 2012)

Following on from March 2012, I have recreated the Maltego Graph of web servers for Microsoft Small Business Server (SBS) with RDP (possibly) enabled with the release of MS12-036 on “Patch Tuesday” i.e. 12 June 2012.

There has been an increase of 1 web server (i.e. total of 270 from 271) since March 2012.

Both Maltego Graphs with the SHODAN and BuiltWith Transforms are available on GitHub 

I have added the Maltego Local Transform that implements Selenium-RC to exploit "Information Leakage" as an authenticated end user of Facebook i.e. similar error(s) are not returned when implementing the Facebook GraphAPI.

For this initial release this Local Transform will attempting to view photos of those who you aren’t friends with and return if their photos are private or public based on the text “… only shares some information publicly”.

There are some limitations with this automated approach such as that particular Facebook Albums are configured as Public e.g. the “Cover Photos” album hence some manual verification and additional overhead is required to confirm the test results of Selenium-RC.   Hence, I have also added another Maltego Local Transform referred to as “To Bookmark”, based on the Bookmark feature of Maltego, to group common characteristics of returned Maltego Entities.

Finally, we have requested twice from @facebook confirmation if Selenium-RC would be considered a violation of their Terms of Service and have not received a response (as of 11 June 2012) via their:

  1. "Report a Violation of Facebook Terms" on 12 May 2012 and;
  2. The "Facebook Developers Group" on 8 June 2012.

As a consequence of this the web browser session might require the end user to complete the Captcha after several attempts.  It is possible to reduce the likelihood of this occurring, by reusing the web browser session created by Selenium-RC, but I have deliberately left this as an exercise for the end user out of respect to @Facebook.

A Maltego Graph leveraging the “Just T[he]IP" Local Transform of gamearena.com.au and is available from GitHub and CodePlex.
According to http://www.telstra.com.au/abouttelstra/media-centre/announcements/bigpond-games-site-security-incident.xml, 203.46.104.10 is “operated by a third party company”.  However, this is disputed since the last identified hop of the route to 203.46.104.10 is 165.228.157.30 which resolves to telstr516.lnk.telstra.net (the complete list of route hops is available from visualroute.visualware.com).

A Maltego Graph leveraging the “Just T[he]IP" Local Transform of gamearena.com.au and is available from GitHub and CodePlex.

According to http://www.telstra.com.au/abouttelstra/media-centre/announcements/bigpond-games-site-security-incident.xml, 203.46.104.10 is “operated by a third party company”.  However, this is disputed since the last identified hop of the route to 203.46.104.10 is 165.228.157.30 which resolves to telstr516.lnk.telstra.net (the complete list of route hops is available from visualroute.visualware.com).