March 31, 2015

How do I find out a lot of information about an individual or a business? This is often the question for Penetration Testers when they perform a black box Penetration Testing where nothing but the corporate name or domain is given to start the assignment.

As described in previous articles, there are a wealth of tools and methods available for passive information gathering. However, a Pentester will soon find that a lot of methodologies are time consuming, which becomes an issue when offering a commercial service.

Luckily enough there is a tool which can automate your searches and present the output in a great graphical and text output for further processing. The tool is called Maltego and comes from the folks at Paterva. Whilst the free community version has some limitations in terms of depth, the full version should be part of the arsenal of every Penetration Tester or Online Investigator.

A lot of documentation and free training videos are available which allows for a quick start.