In Maltego, a machine is a script/macro that runs multiple transforms with different types of filters. Machines are useful for completing common tasks such as forward footprints of domains.
Figure 247: The Machines tab
Maltego has a custom scripting language that can be used to create new machines. Custom machine creation is covered in Paterva’s developer portal.
Figure : Run Machine Button
Clicking Run Machine will open the Start a Machine window which can assist in running your first machine.
Figure 249: Start a machine
The first step to start a machine is to select the machine you would like to run from the list of machines that are available in your Maltego client.
By default, Show on startup and Show on empty graph click will be checked. This means that in these two conditions the Start a Machine window will open automatically. These can be switched off by unchecking these options.
Clicking next will take you to the next page where you can input the start parameter.
Machines require a start parameter, from which subsequent transforms can be run. For example, the Footprint L2 machine requires a target domain as the input entity.
Figure 250: Start a machine - select a target
Clicking Finish will start the machine on the target that was specified. The Machines window will open which provides details on the status of the machine that is running, it is described in the next section.
The image below provides labels for each feature in the Machines window:
Figure 251: Machine window
Some of the machines that come with Maltego include User Filter that allows you to choose which entities you want to continue in the machine’s pipeline. This is important as the it allows you to specify what is relevant and what is not and prevents the machine from gathering information on entities that are irrelevant to the current investigation.
In the case of the Footprint L2 machine, a user filter will pop up to ask you if you want the machine to look for additional domains that use the same MX and NS records as the target domain:
Figure 252: User filter
Here it seems that paterva.com uses Google for their MX records and Linode for their NS records. If you were investigating paterva.com you would not want the machine to look for domains that use these records as it would return thousands of unrelated results for companies and organizations that use Google for their mail servers and Linode for their name serves. So, in this case, you should deselect these entities in you filter window, click the Next> button and the machine will continue running.
In the case of Footprint L2, after clicking Next> the machine will pause again to display the User Filter window for paterva.com’s MX records as shown in the image below:
Figure 253: User Filter Fields
After making selections for each of the user filters, the machine will continue to run all its transforms excluding the entities deselected in the user filter. When the machine is complete there will be a chime sound made by the Maltego client to indicate that the machine is complete.
Figure 254: Graph after machine is complete
In Maltego there is also such thing as a perpetual machine. A perpetual machine can be configured to run every x seconds and useful for monitoring data that changes regularly. When a perpetual machine finishes running, a countdown timer will appear in the Machines window that will count down until it is time for the machine to run again.
Figure 255: Perpetual machine counter
Figure 256: Stop All Machines Button
Clicking the Stop all Machines button will stop all the machines that are currently running in your Maltego client. This is useful when you have multiple machines running in different tabs in your client and want to stop them all at once.
Figure 257: New Machine Button
Clicking the New Machine button will open the new machine wizard that guides you through the process of creating a new machine. Creating a new machine is out of the scope of this document, more information on building custom machines can be found on our developer portal.
Figure 258: Manage Machines Button
Clicking Manage Machines will open the Machine Manager window which lists all the machines that are currently in the Maltego client. The image below provides labels for all buttons in the Machine Manager:
Figure 259: Machine manager
The list in the Machine Manager can be sorted by the following fields:
Checkbox to enable/disable the machine in the Maltego client.
Name – the name of the machine.
Status – is the machine ready to be used.
Author – the person or company that built the machine.
Description – a short description of what the machine does.
Read-only – if a machine is read-only then the machine’s script cannot be edited by the user. All machines that are installed from the transform hub are read-only and cannot be edited.
If you want to edit one of the transforms that have been installed from a transform hub item, you can clone the transform and then edit the clone as the original is read-only.
The Machines Window button will simply open the machine window in the Maltego client if it is not already open.
Figure 260: Machines Window Button
© Copyright 2017, Paterva PTY Limited