Skip to content
Shodan Book

Maltego

Introduction

This guide explains how to use the Shodan Transform Hub item in Maltego to discover and explore internet-connected devices and their relationships.

Prerequisites: Setup and Configuration

  1. Maltego Client: You need to have the Maltego Desktop Client installed.

  2. Shodan API Key: You'll need a Shodan API key. You can get one by signing up on the Shodan website. A free tier is available, but paid plans offer more credits and capabilities.

Install the Shodan Transform Hub Item:

  1. In the Maltego client, click the Transform Hub tab.

  2. Search for Shodan and click Install on the item named Shodan.

  3. Confirm the installation by clicking Yes.

Install Shodan Hub

You need to provide your API key. Find the Settings for the Shodan transform item.

Paste your "Shodan API Key" into the API Key setting field.

Running Shodan Transforms

From a Domain

This Transform uses Shodan's data to find subdomains associated with a parent domain.

  1. Start a New Graph:

    Open the Maltego client and create a new, blank graph.

  2. Add a Domain Entity:

    From the Entity Palette on the left, find the DNS Name Entity.

    Drag and drop it onto your graph.

    Double-click the Entity and change its value to the domain you want to investigate (e.g., google.com).

  3. Run the Transform:

    Right-click on the Domain Entity you just created.

    From the context menu, select Shodan.

    In the next menu, choose the Transform named To Subdomains [Shodan].

Shodan Domain

The graph will be populated with new Domain Entities representing the subdomains found by Shodan. These new entities are automatically linked to your original domain, visually showing the relationship.

From an IP Address

Once you have an IP address, you can use Shodan Transforms to gather a wealth of information about the device at that address, including open ports, running services, and potential vulnerabilities.

  1. Start a New Graph:

    Open the Maltego client and create a new, blank graph.

  2. Add an IP Address Entity:

    From the Entity Palette on the left, find the IPv4 Address Entity.

    Drag and drop it onto your graph.

    Double-click the Entity and change its value to the IP address you want to investigate (e.g., 1.1.1.1).

  3. Run the Transform:

    Right-click on the IP Address Entity you just created.

    From the context menu, select Shodan.

    In the next menu, choose the Transform named To All Details [Shodan].

Shodan IP

This action adds a detailed Entity to the graph, linked to the IP Address. This allows you to inspect all the information Shodan has for that host, including its hostname, a list of open ports with associated banners.