The Unbeatable Versatility of Social Links Transforms
Which other areas do the transforms of Social Links cover?
Currently, the Maltego Transform Hub offers more than 40 transform packages. Of course, not all of these transforms are directly applicable to OSINT research and Internet investigations.
For my type of investigations, the great diversity of Social Links transforms covers my daily needs perfectly. To illustrate the versatility of these specific transforms, I have subdivided them into the appropriate categories.
The first part of this post introduced the capabilities of Social Links regarding the various social networks such as Facebook, Instagram, Twitter, and LinkedIn. This part hones in on the additional applications of Social Links, which currently includes more than 800 transforms. A good overview of their functions can be viewed here via the manufacturer’s site.
As mentioned in my previous post, it is tantamount for the user to know the databases/websites queried by the transforms so that the results can be interpreted accordingly. The transforms of Maltego enable the entities shown on the graph to be queried through the respective data sources.
Messenger
Search Engines
The transform package “Forums” enables research via the entity “Phrase” in posts and threads on (Clearnet) forums. For example, the search currently mayn known forums like reddit.com, proboards.com, freeforums.net, gbatemp.net and many more.
The CTAS transforms of Maltego access Bing’s API interface for internet searches.
As an alternative option, Social Links offers a wide variety of searches via Google, enabling the following:
“Main Social Networks Search”
“Media Hosting Communities Search”
“Google Other Social Networks Search”
“Google Resume Search”
“Google Social Media Blogs Search”
“Google Search”
“Google Search Documents”
“Google Search Documents from Domain”
“Google Search Sitemap”
People & E-Mail Search
This category features various smaller transform packages, such as queries whether an eBay, MyMail, Flickr, Tumblr, Weibo, or Yahoo user exists for a given email address.
The plot thickens when it comes to transforms on the subject matter of “Facial Recognition Search.“
Thanks to the combination of names and personal photos, profiles in networks such as Facebook, LinkedIn, Xing, VKontakte, and others can be unearthed.
Indispensable for my particular OSINT investigations, these transforms boast a surprisingly high success rate even when it comes to matching up different profile photos of the same person. The amount of time saved is unbeatable compared to manual research.
Pipl is currently one of the best solutions available for establishing an identity. Well over 3 billion profiles can be searched with these transforms. Requiring a separate Pipl API key, the Social Links transforms enable a search via an alias, email, person, and phone number.
Video – Photo
This category encompasses the transforms for YouTube together with the “Images“ package.
On YouTube, these transforms give me the ability to research channels, profiles, and videos. Furthermore, “Images” enables the search for EXIF data while searching images on Google and Yandex.
Leaks
Social Links transforms allow access to the API interface of WikiLeaks. Searches can be performed via entities such as company, email, person, and phrase.
The Social Links DB is an extensive database with more than 7 billion data sets:
“The Social Links database is a graph database into which we have already uploaded around 7 billion records. Records about people, companies, places, and their connections.”
“Most data is obtained by parsing a variety of ‘white and yellow pages,’ company registries, business directories, social networks, and other open online sources.”
The associated transforms run via the following entities, including:
Alias, company, domain, email address, IPv4 address, person, phone number.
And as such, they act as an essential source for investigations, prone to delivering some pretty intriguing results.
Darknet
Broken down into two categories, a variety of transforms are available for research within the Darknet.
On the one hand, the queries from (currently 8 different) Darknet search engines such as Ahmia, NotEvil, and OnionLand are made possible. The results are direct Tor/onion sites, through which further research can be carried out.
On the other hand, the content of approximately 40 Darknet marketplaces and forums is recorded and indexed by Social Links. This information can then be searched using entities such as an alias, PGP key, BitcoinWallet, or a keyword search.
As a result, users and their profiles can be identified on the Darknet, plus the content of posts can be searched.
Miscellaneous
The transforms to “Location“ help uncover the pertinent information in the entity that is needed for the complete address, GPS coordinates, and zip codes.
Rosette is a solution for Natural Language Processing Technology, also known as Named-Entity Extraction (NER).
It finds the people, organizations, locations, and other relevant units mentioned in the text for data analysis, for creating metadata, and so much more.
These transforms require an independent API key that enables you to then extract the entities from documents and URLs besides identifying languages, among other things.
Which additional API keys are needed?
The following transforms require an API key from the respective provider, on top of the Social Links API key:
- Pipl
- SecurityTrails
- Bloxy
- FullContact
- GitHub
- Rosette
- Shodan
- Sqoop (login credentials)
- ZoomEye (login credentials)
- Censys.io
Social Links in action
My Social Links workshops have shown that the participants tend to have difficulties finding the right “starter entities” for research right off the bat with Maltego.
As such, we then work out the correct and most effective approach to suit the use case.
To help jump-start things, here is a small overview of the most crucial starter entities:
Tips & Tricks
For such a high number of transforms, plenty of tips abound to lighten the workload.
To keep this post short and sweet, I’ll stick to the most important one:
Be sure to create your own sets!
For example, Social Links has grouped together several transforms under the header “Open Source Search.”
For my investigative purposes, I have divided them up in a different manner:
“OC OpenCorporates”
“Companies House”
Creating your own sets simplifies your work and makes all the difference.
Conclusion
The transforms of Social Links constitute a critical building block for the individual “OSINT Tool Belt.” In the area of Open Source Intelligence, they enable internet investigations with remarkable results. They are indispensable for the respective OSINT research.
In any case, we definitely recommend a free trial version that can be requested at https://sociallinks.io/
To place this post in the right context:
Social Links licenses form an integral part of our investigations and are regularly updated accordingly. I do not procure a commission for my recommendations. As a regular feedback provider, I work closely with the manufacturer and thus receive “my” solutions. In turn, this can benefit other users.
Online Training Courses
You will find more information about my combined Maltego & Social Links course here:
Maltego Pro & Social Links Training
No time to take this course yourself?
No problem. We can conduct professional intelligence analysis in Germany and Europe on your behalf.
