company news

SecurityTrails Blog · Last updated on Jan 20 2022 · by Esteban Borges

Maltego’s Standard DNS Transforms: Now Powered by SecurityTrails

Reading time: 3 minutes
Listen to this article

Today we are happy to announce that SecurityTrails is now powering Maltego DNS investigations on their popular Standard Transforms. This means that now you can use your current SecurityTrails API key to enrich your DNS-based research.

Thanks to this integration, you’ll be able to deep dive into the most current and accurate security DNS data available, and access it instantly from the Maltego interface.

“We wanted a high-quality data source behind our popular Standard Transforms and are happy that we can now give our users and customers access to SecurityTrails”

Rebecca Köhler, Head of Data Partnerships and Integrations

Which data is integrated into Maltego Transforms?

Maltego users can now access SecurityTrails data, specifically:

  • Subdomains
  • Current DNS records
  • “Interesting” DNS records
  • DNS hosts in a given IP address or subnet
  • Domains sharing the same MX and NS records

Installing and configuring the API key

  • Install the Maltego Standard Transforms Hub item within the Maltego Transform Hub
  • Due to the included data allowances, you can immediately begin running SecurityTrails Transforms
    • If you hit any of the API limits included by default, you can always upgrade to get up to 2500 queries per month by signing up for our OSINT Toolkit
    • Configure your SecurityTrails API key in Maltego
Configure your SecurityTrails API key in Maltego

How to use SecurityTrails Transforms

Running SecurityTrails Transforms is a quick and handy process. Let’s see some practical examples:

Inspect common and “interesting” DNS records for any given domain name

  • Open Maltego and add a new graph
  • Click and drag “Domain Name” from the Infrastructure block on the left side to the blank graph on the right side
  • Change the domain name to the one you wish to investigate
  • Right-click, and select any of the SecurityTrails DNS Transforms, as shown in the following video:

In the video, you may have noticed a Transform Output showing all the important logs returned from the Transform server when a Transform is run:

Transform Output showing all the important logs returned from the Transform server

Getting information from IP addresses

The next Transform example will search for DNS names for a given IP address in our SecurityTrails database:

  • Open Maltego and add a new graph
  • Click and drag “IPv4 Address” from the Infrastructure block on the left side to the blank graph on the right side
  • Change the IP address to the one you wish to investigate
  • Right-click, and select any of the SecurityTrails DNS Transforms, as shown the following video:

The same can be done for any given IP address range, by using the “Netblock” infrastructure option and the “To DNS Names in Netblock SecurityTrails” Transform.

'Netblock' infrastructure option

The SecurityTrails team is excited about our new integration with Maltego, as we’re already fans of their service, just like you. One of the key roadmaps we have for our security platform is to provide a solid and flexible API that can be integrated with any programming language, application, and every top infosec product used by the community.

Start using Maltego with the SecurityTrails data:

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

X