This is correct. It's not open source as the HN crowd would know it. OSINT as you say is the correct "Open Source" moniker. Source: I use Maltego for work daily.
>[...]the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or collective intelligence.
There are bits and pieces, but not a complete tool that gathers all the same functionality (that I'm aware of, there could alays be something new that's not well known yet).
The main selling point of Maltego is the large amount of plugins and data sources that you can integrate with it.
It is of continuous disappointment to me that there really isn't not only a good FOSS link-analysis tool, but doesn't appear to be any of any quality. I've used yED in a pinch a couple of times but it's not FOSS.
Governments and police in particular are customers for these tools and they do care about open source. If there was a good competitive FOSS tool out there, not a weekend project by any means, but a serious effort. It would be adopted.
Plenty of folks in the DEFCON crowd could be building free tools like this; off the cuff, a lot of anti-fascists probably don't have access to high quality OSINT analysis tools, and certainly aren't persuing Palantir contracts.
This, and the fact that a lot of organisations use data-sources which are so exclusive and expensive that they dwarf Maltego, so nobody is concerned with the cost of a Maltego license.
Other shops will have their own bespoke versions of a Maltego-like tool, but yeah, nothing in the Open Source. MISP probably comes closes to having some of the features.
you can download the client here (https://www.maltego.com/downloads/) and use the community edition for free. The trx-lib is only needed to write your own transforms.
What is the main value of link analysis? As far as cause and effect and the larger picture (especially WRT the time domain), a lot of it seems like reading signs in chicken gizzards. The more you put in, the less sense they make.
There's only so much useful information to be gleaned from this kind of geometry. Fingering out and tracing cause and effect is just about impossible.
I wish someone would come up with a half decent top-down timeline creation and analysis tool.
The way I've seen Maltego-like tools being used is in one of two modes: Documentation-mode and exploratory mode.
Documentation mode is "just" recording relationships between assets so they are readily understood and visually obvious. This can be used to break new analysts into cases and to publish reports. These also serve as good starting points to pick an investigation back up. This is arguably the "easier" mode to implement since it just requires a visual graph with different entity types.
Exploratory mode means populating the graph through "transforms" (in Maltego-lingo). Going from one node to more nodes and relationships by attempting to "pivot" from a node using a certain datasource. As an example from infrastructure analysis you'd say "here's an IP, now do a transform which creates vertices for all hostnames that point to that IP". This mode is harder to get right since there's always explosion of edges and also since it's just mind-numbing work to implement transforms for all the data-sources.
The bigger the map the better! When you have a ton of data points all mapped out Maltego has tools for you to analyze this data in amazing ways. You can sort of twist and turn the data to look at it in different ways to discover the meaning of it. Say you have a dataset of 1000 different hacks that have been attempted or conducted on your network. And you populated Maltego with tons of data. Source IP of the attacker, attack method used, port attacked on, country of origin of attack, time of day of attack, duration of attack etc etc. With Maltego you can identify patterns that you can't with other tools. Like you might see that 300 of the attacks all happened on port 337. So you can isolate just for that, then look for commonalities. Time of day? Tools used? Country of origin? In just seconds you can drill down to find some of these and start making a picture on who might be attacking you. I've used it and it's amazing for showing you graphs in ways you never thought to look which can help tremendously when doing research on certain things.
They aren't really meant for finding cause and effect, but for capturing relationships. They're basically user centered ontology tools and act like a memory of things that you've learned about that are complexly connected. They also act also tools for inductive analysis and thinking -- keep adding data points and connections and you might start to be able to find a pattern.
Some of the best tools also let you construct timelines of various types to try to induce cause and effect as well. Analyst Notebook (a competitor to Maltego) has an excellent piano-roll like timeline tool.
I saw a really cool demonstration at an old Kiwicon event.
The presenter had a tool that would find similar social graphs across multiple bulletin boards and other social sites.
Eg: You'd feed in the profile of your user-of-interest on one bulletin board, and it would map their social graph on that site, then it would search for similar profiles from the entire graph on other boards. Reconstruct the graphs on the new boards, attempting to match dissimilar accounts for the same underlying persons across sites.
I don't generally see it used for timeline creation purposes. The way I and others have used it is basically to investigate/research certain entities or organizations and pivot from different attributes related to them.
You might just be looking for a different sort of tool entirely. I don't think Maltego is a "cause and effect" type thing. It has no notion of time.
