Sometimes Nmap results just don’t look great, especially when you need to dump Nmap results into a presentable format for reporting. Likewise, Nmap standard outputs are not the most visually appealing for prolonged use. Especially when compared to Maltego and its graphical displays.
For example, while enumerating the environment CTF365.com provide, there are hundreds of servers running all kinds of services available for us to attack. When I first accessed the network I scanned the entire range to look for low hanging fruit but after a few days of additional enumeration and returning to Nmap results, it is very easy to get lost in the lines and lines of data.
Typically I use KeepNote which allows me to keep track of each host within a designated folder but I have found Maltego can be used to graphically map these networks in a much more appealing way and then simply attach the results to my final reports.
In this blog, i’ll show how you can achieve this in Kali using the default MaltegoCE which comes provided. I’ll assume you have already registered for a Maltego account and have some basic knowledge of using Maltego.
Configuring Maltego to run Nmap is actually very simple. All we need to do before we can import the Teeth .mtz config file is download and install the file. In the terminal simply type the following to download the Teeth .mtz config file.
apt-get install maltego-teeth
Now that Teeth is downloaded, we simply need to import the config file into Maltego. To do this, simply open Maltego and create a blank workspace. Then select the Maltego icon at the top left corner of the page, and select “Import” and then “Import Configuration” from the list. You can see this shown below.
Next, you simply need to browse to the location the .mtz file is located which is /opt/Teeth/etc/Maltego_config.mtz.
Browse to this location, select the .mtz file ad select next.
The wizard will then allow you to choose which Entities to import, in our case we want to tick the box to select them all and press next.
Once you hit Next, the Entities will be imported and Maltego will give you feedback on any issues. You should see a success message if everything worked as expected.
Congratulations, Nmap transforms are now installed and we can begin using Maltego for network enumeration.
Using NMAP in Maltego
Now you have installed Nmap entities, we can begin gathering information using Maltego.
From the Entity Palette on the left hand side, select an Item you would like to use an an Nmap target, in most cases this will be an IPv4 address. You can simply drag this over to the workspace and edit the value to be an IP you are targeting.
Once you have determined the target IP address, simply right click on the icon to view the transforms available to you. Maltego will display a long list to you. In my Maltego, TTNmapPlus is displayed at the bottom of the transform list. I can select this transform to begin a service scan of the target IP.
Once the Nmap transform is selected, Maltego will execute the Nmap scripts loaded and begin to map the results against the target IP displayed on the workspace as shown below.
In this example, Nmap has provided the open ports and the services running on those ports.
Maltego Teeth actually provides a list of transforms you are able to perform which help you to gather additional types of information. To view all newly imported Entities simply select the Entity panel on the left hand side and scroll down to view the Penetration Testing modules.
You can see in the example below a number of useful transforms such to map Banners, Ports, Services, Vulnerabilities and more.
I have not yet identified if this can be used for subnet or CIDR notation but if I find a way to do this I will update the blog. Additionally if you already know how a way to do this, please comment below so that we can all benefit.