Transforms Tab


The Transform tab includes options for managing and configuring the transforms that are available in the Maltego client.

Figure 211: Transform tab

Transform Hub

Clicking the Transform Hub button will navigate to the Transform Hub page that shows all the different transform providers.

Figure 212: Transform hub

Maltego’s flexibility, when it comes to integrating external data, has resulted in many data vendors choosing to use Maltego as a data delivery platform for their users. The Transform Hub is built into each Maltego client and allows Maltego users to easily install transforms built by different data providers. The commercial Maltego client is shown in the image below:

Figure 213: Transform hub page

A Transform Hub Item

Each item on the transform hub is called a Transform hub Item and consists of the following:

Figure 214: Transform hub item

When the transform hub item is hovered over with your mouse, the item will change to show the following options if the item is installed:

Figure 215: Transform hub item – Hovered Over

Installing/Uninstalling a transform hub item

Installing

To install a new transform hub item simply click the Install button found when the mouse pointer is over the item:

Figure 216: Installing a new transform hub item

Then there will be an installation confirmation dialog:

Figure 217: Installation confirmation

Clicking Yes will lead to the installing wizard which will take a few seconds to install:

Figure 218: Transform hub installation wizard

Once the transform hub item is finished installing there will be an installation summary page that lists everything that was installed:

Figure 219: Transform hub installation summary

Note: It is not just transforms that are installed from a transform hub item. Any one or more of the items in the list below can be installed to the Maltego client when installing a new transform hub item.

  1. Transform

  2. Transform sets

  3. Entities

  4. Machines

  5. Icons

Once the installation is complete, the new transform hub item will be found in the context menu when running transforms and the hub item will be shown as installed on the transform hub:

Figure 220: Installed transform hub item

Figure 221: Context menu showing the newly installed transform hub item

Settings

Some of the transform hub items will have a Settings button when the item is hovered over:

Figure 222: Transform Hub Item Settings

Clicking the Settings button will open the Transform Seed Settings window that is used to set global settings that will be used for all transforms in the hub item. These settings are often used for commercial transform hub items to manage API keys.

Figure 223: Transform Seed Settings

Uninstalling

Uninstalling transforms from the transform hub can be done simply by clicking the Uninstall button on the hub item:

Figure 224: Uninstall transform hub item

Note: Entities that are added from a transform hub item will not be deleted when the transform hub item is uninstalled. This is because often transform hub item’s use some of the same entities.

Updating/Refreshing the Transform Hub

In the top left-hand corner of the transform hub there are two buttons:

  • Refresh Transform Hub – This button will update any changes made to transform hub items that are already installed to a Maltego client. This update will also intermittently automatically update itself.

  • Update Transforms – This button refreshes the installed transforms for any changes that are made. The transform hub will also intermittently automatically refresh itself.

Manually Adding a Transform hub item

To manually add a new transform hub item to a Maltego client click the plus (+) button in the top left-hand corner of the transform hub.

Figure 225: Manually adding a new transform seed

After clinking the plus (+) button the Add Transform Seed window will open as shown below. The transform seed URL and other meta details for the transform seed can be added as shown in the image below:

After clicking OK, the transform seed will appear as a new transform hub item in the transform hub:

Figure 226: Manually added transform seed

Clicking Install will add the transforms to the Maltego client.

Manage Transforms

`

Figure 227: Manage transforms button

Transform Manager is a tool located within Maltego to help with the addition of transform application servers (TAS) as well as the configuration of transforms from those servers and sets (groupings of transforms).

Clicking the Manage Transforms button will open the Transform Manager Window which is split between three tabs. Namely, All Transforms, Transform Servers and Transform Sets.

All Transforms

Figure 228: All transforms tab in the transform manager

Transforms can be edited from the default Transform Manager window (see above). From this window, you can sort transforms by:

  • Transform – The name of the transform.

  • Status – Whether the transform is ‘ready’ or has requirements such as a disclaimer or input that needs to be set.

  • Location – The Transform Application Servers (TAS) that this transform is found on.

  • Default Set – The default set this transform can be found in.

  • Input – The input entity type (what you click on to run this transform).

  • Output – The output entity type(s) (What is returned after running this transform).

This window can also be searched via the control at the top right which will search the transform names column:

Figure 229: Search bar within the Transform Manager

With the default layout of the Transform Manager the following sections are also available:

  • Transform Information (bottom left) - This section describes the transform, gives additional transform information such as transform author and informs of any user action needed, such as accepting disclaimers or if additional settings are needed.

  • Transform Settings (bottom right) - This section allows the modification of transform specific settings such as API keys, timeouts, setting fields to popup and so on.

  • Transform Servers (top tab) - This button allows you to access the Transform Servers tab whereby you can specify which transform servers are to be used and which not by turning checkboxes on and off. You can also view which transforms are available on each server.

  • Transform Sets (top tab) - This button allows you to access the Set Manager where sets (groups of transforms) can be added, deleted and modified.

Transform servers

Figure 230: Transform server tab in the Transform manager

The Transform Servers tab displays the servers that are available to you which you can easily turn on and off to set if they are used. This is useful when you have multiple servers and would prefer not to specify every time you run a transform which server it should be run on. You can also view transforms on specific servers by expanding each server with the (+) icon, as seen below:

Figure 231: Transform Servers – Expanded

Transform Sets

Figure 232: Transform sets in the transform manager

Sets are a way of grouping transforms that are commonly run together. With the default installation of Maltego you will notice various sets have been preconfigured for you, such as the Resolve to IP set which groups the transforms that convert DNSName, MX Record, NS Record and Website Entities to IP addresses. This has been done so that instead of having to select each individual entity type you can run a set of transforms on them.

Create a New Set

To create a new set simply select the New Set... button within the Set Manager and fill in the Set Name and a Description for the set (optional).

Figure : New Transform Set

Adding/Removing Transforms from Sets

To add or remove transforms from a set, start by selecting the set you wish to modify from the list of available sets within the right-hand pane and then drag the transform from the left-hand pane over it.

To add more than one transform to the set simply select multiple transforms by using either the shift or Ctrl modifiers and then drag the selection onto the set. Alternatively, you can simply select the transforms you wish to add, right-click on them and use the Add to Set-> context menu and select the set you wish to use.

To remove specific transforms to a set, select the transforms that you wish to remove within the selected set, right-click and select Remove from set.

Deleting Sets

To permanently delete a set, select the set from the right-hand pane, right-click on it and click Delete....

Figure 234: Delete set

You will then be given a dialog to confirm that you wish to delete the set:

Figure 235: Confirmation to delete the transform set

Selecting OK on this dialog will delete the set permanently.

Local Transforms

Figure : Local Transforms

Local transforms are pieces of code that run on the same machine which the client application is. Details on writing your own local transforms can be found on Paterva’s developer portal. This section will only explain how local transforms can be added to the Maltego client.

Clicking the Local Transform button will open the Local Transform Wizard. From here you will be greeted with the first screen of the wizard, this screen describes the Meta information as well as the Input entity type and Transform set.

  • Meta Information - This is information describing the transform including the Display name, Description, Transform ID and Author

  • Input Entity Type - This is the input entity that this transform will run on to return output.

  • Transform Set - You can populate this if you want to automatically add this transform to a set.

An example of this screen populated is as follows:

Figure 237: Local Transform wizard - Configure details

The setup for Maltego is slightly more involved and you will be required to know the Command to execute, the Script name / Parameters and the Working Directory:

  • Command - This is the interpreter or compiled application, for example the command for Python might be c:\Python26\Python.exe or /usr/bin/python.

  • Script name / Parameters - If your executable takes parameters or if you are using an interpreted language such as Python you will set this field to one of these. For example, ours would be helloWorld.py if we are executing a Python script called helloWorld.py.

  • Working Directory - This is the directory where the local scripts are stored.

An example of these fields populated are as follows:

Figure 238: Local transform Wizard - command line details

Clicking finish will complete the wizard and add your local transform to the Maltego client.

From here you can simply drag in the entity you initially selected when adding the transform (in this example it is an Alias). There will now be a Local Transform item in the top level of the transform hub:

Figure 239: Local transform item in the context menu

Clicking Local Transforms in the context menu will show the local transform that was just added to the Maltego client:

Figure 240: Local transform in the context menu

Managed Services

Figure 241: Manage services

Some transforms use public APIs to get their results. These public APIs sometimes have strict rate limits to prevent abuse. Signing in to these services with your own account allows for the rate limits to be applied per user instead of having the same rate limits shared between everyone using these transforms. Some of the transform hub members also use Managed Services to control access to their transforms instead of using API keys.

By default, the Maltego client comes with a single managed service for using the Twitter transforms. To use any of the standard Twitter transform you will need to sign into a Twitter account.

Clicking the Managed Services button will open the Service Manager window:

Figure 242: Managed services window

The steps below can be taken to sign into a new managed service. In this example, Twitter will be signed into:

  1. Click on one of the Sign In.

  2. A page will open in your default browser:

Figure 243: Authorize Maltego to Use your Twitter Account

  1. Sign into the account with your details. If your default web browser is already signed in you will just need to authorize the Maltego application

  2. After successfully signing in you will be shown the following image in your web browser and you can close the browser tab and go back to the Maltego client:

Figure 244: Successfully Authorized

The managed service will now be shown as signed in:

Figure 245: Managed Services Now Singed-In

Note: In Maltego, the managed services use a standard protocol named OAUTH where Maltego doesn’t ever receive or store your user account details. The Maltego client will receive a temporary access token from the service that is used to make requests on behalf of the user.

Run View

Figure 246: Button to Open the Run View

Clicking the Run View button will simply open the Run View window if it wasn’t already open in the Maltego client.

Continue to the Machines Tab page.



© Copyright 2017, Paterva PTY Limited