Hack Like a Pro: How to Use Maltego to Do Network Reconnaissance

How to Use Maltego to Do Network Reconnaissance

Welcome back, my greenhorn hackers!

Before we attempt to exploit any target, it is wise to do proper reconnaissance. Without doing reconnaissance, you will likely be wasting your time and energy as well as risking your freedom. In previous guides, I have demonstrated multiple ways to perform reconnaissance including passive recon with Netcraft, active recon with Nmap or hping3, recon by exploiting DNS or SNMP, and many others.

In this tutorial, we will be using an active tool called Maltego, developed by Paterva, that can do many of these tasks with one simple scan. There is a community edition built into our Kali Linux that allows us 12 scans without purchasing Maltego. It is capable of a significant amount of information gathering about a prospective target in a single sweep of the domain.

Using Maltego in Kali to Recon a Target Network

Maltego is capable of gathering information about either a network or an individual; here we will focus on the former and leave individual information gathering for another time. We will be looking at gathering info on all the subdomains, the IP address range, the WHOIS info, all of the email addresses, and the relationship between the target domain and others.

Step 1: Open Maltego & Register

Let's start by firing up Kali and then opening Maltego. Maltego can be found in numerous places in Kali, but the easiest way to get to it is to go to Applications -> Kali Linux -> Top 10 Security Tools. Then, among the Top 10, you will find Maltego at number 5, as shown in the screenshot below.

When you open Maltego, you will need to wait a brief moment for it to startup. After it finishes loading, you will be greeted by a screen asking you to register Maltego.

Go ahead and register and save and remember your password as you will need it again the next time you login into Maltego.

Step 2: Choose a Machine & Parameters

After successfully registering and logging into Maltego, we will have to decide what type of "machine" we want to run against our target. In Maltego's parlance, a machine is simply what type of footprinting we want to do against our target. Here, we are focusing on the network footprinting, so our choices are:

  • Company Stalker (this gathers email information)
  • Footprint L1 (basic information gathering)
  • Footprint L2 (moderate amount of information gathering)
  • Footprint L3 (intense and the most complete information gathering)

Let's choose an L3 footprint that will gather as much information as we can; this is also the most time-consuming option, so be aware of that.

Step 3: Choose a Target

Now, that we have chosen a type of machine for our footprinting, we will need to choose a target. Let's choose our friends at SANS, one of the leading IT security training and consulting firms in the world.

Now, click "Finish" and let Maltego do its work.

Step 4: Results

Maltego will now begin to gather info on our target domain, sans.org, and display it on screen. In the screenshot below, we can see that Maltego has already collected the email addresses from the site, while it collects the nameservers and mail servers.

Finally, we can click on "Bubble View" when Maltego is done and see all of the relationships between our target and its subdomains and linked sites.

Maltego is an excellent tool to do network recon on our potential target, enabling us to do numerous types of recon in a single scan with a single tool. Maltego is also capable of doing individual recon, but we will leave that for my next Maltego article, my greenhorn hackers.

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.


Thanks , sure this will be useful. I like maltego but prefer to do my own grunt work scans. That's the joy of it, sifting thru data at high speed to find that one game changer bit of data. Great work as always.

After you register, how long can you use Maltego? I think there is a time cap on the licence?

In the second paragraph, I pointed out that you can get 12 scans free.

Your right, I must have missed that part.
Thx for pointing it out.

i tried to register for maltego, but my VM is not connected to the wifi, and i dont know how to connect to my wifi. Could you please help me on how to connect to the wifi? It would be much appreciated.

Thanks, N8

If you are using a VM, you will need an external wifi adapter to use wifi, but Maltego will work without wifi. All you need is an internet connection. You VM is connected to eth0 or the wired connection.

Hi i can't get the info from Social gathering like FB not work why ?
i have update my maltego and no thing changed

I seem to get an error when trying this do you have any ideas on how to fix it? a google search didn't bring up much.

the transform paterva.v2.domaintoDNSnameZT was not found


Hi, Im here to know how to hack online games with Maltigo? Specially 8 Ball Pool?

If you're going to ask for help to do something illegal you probably shouldn't be using your real name

How many method for haking 8 ball pool

I have a problem with activating Maltego ,it demands a license key and i can't find it.. can anyone help please !

How do i gather information from a provided individual phone number

Share Your Thoughts

  • Hot
  • Latest