Introduction to Building Transforms
Welcome to the Maltego developer portal. Quickly learn to build remote or local transforms to integrate your data or application with Maltego. The sections below will help you get started with building your first Maltego transform. Below you will find a quick description of the differences between local and remote (iTDS) transforms followed by links to pages that include further details about writing your own transforms.
Transforms should be thought of as tiny pieces of code that fetches related information for a given input. It is very important to write transforms in such a way that they are extensible (transforms can add on to others) and get the smallest pieces of information out rather than large blocks at a time. The reason we emphasize small pieces of information is that it means we can harness the power of Maltego's link analysis. Take the two images below as an example (they merely show IP addresses as well as ports):
The graph at the top has a whole layer less, whilst showing the same information. Using the second graph allows the analyst to quickly look at things like all the services running on port 80. Doing the same on the graph at the top would mean you would have to traverse up the tree to the IP addresses and then down again to the services giving you other services that are not running on port 80. Modelling your data correctly is a very important step in the process of building your own custom transforms. It is advised to give this step some thought before moving on with actually writing code for your transforms.
There are two ways to build transforms, namely iTDS transforms and local transforms. Each method of building transforms is described in the sections below:
The iTDS is the internal Transform Distribution Server and is a web application that allows for the distribution and management of transforms, seeds and settings. Essentially the iTDS means that your transforms are written as a web services (or application/pages), and the iTDS will call these scripts.
The image below shows how iTDS infrastructure sits together.
The easiest way to think of an iTDS is as a proxy for transforms. When executing an iTDS transform, the Maltego client will make a request to the iTDS server with the transform name requested, transform seed and input entity. The iTDS will then look up that transform (within that transform seed) to find the target script and essentially 'proxy' the request to the end-point which is the transform server as shown in the diagram above. The transform server will run your transform code that will request data from your data sources. The transform result will return to the Maltego client on the same route it was made.
The pros and cons of iTDS transforms vs local transforms are described in the list below:
Local transforms are pieces of code that run on the same machine that the Maltego client application is on. These are very useful for integrating in machine specific tasks (such as running an application that's locally on the machine- like NMAP OR a task that is dependent on a setup on the machine such as accessing data over a VPN). These transforms can be written in any language (yes, *any* language) and merely rely on output to be sent via STDOUT (think a command line application).
Below are the advantages and disadvantages of building local transforms.
To build your first local transform continue to the Local Transform page.
© Copyright 2017, Paterva PTY Limited