Maltego WhoisXML API Transform

Prerequisites:

1. Maltego CE (Community Edition) or Maltego XL installed.
2. WhoisXML API account (sign up at https://whois.whoisxmlapi.com if you don’t have one).
3. WhoisXML API API key.

Step 1: Install Maltego Integration Hub (MIH)

To use the WhoisXML API Maltego transform, you need to install the Maltego Integration Hub:

1. Open Maltego.
2. Go to the “Apps” tab on the left sidebar.
3. In the “App Hub” section, click “Go to App Hub.”
4. Search for “Maltego Integration Hub” and install it.
5. Once installed, return to the “Apps” tab and click on the “Integration Hub.”

Step 2: Add WhoisXML API Transform

Now, we’ll add the WhoisXML API transform from the Integration Hub:

1. In the Integration Hub, search for “WhoisXML API.”
2. Click on it and then click “Install.”
3. Follow the prompts to configure the transform. You’ll need to enter your WhoisXML API key, which you can obtain by signing in to your WhoisXML API account and generating an API key.

Step 3: Use the WhoisXML API Transform

With the transform installed, you can use it to retrieve WHOIS information for domains in Maltego:

1. Open Maltego.
2. Create a new graph or open an existing one.
3. Right-click on an entity that represents a domain (e.g., example.com).
4. In the context menu, select “Run Transform.”
5. Choose the “WhoisXML API” transform from the list.
6. Click “Run.”

The transform will query the WhoisXML API using the provided API key and retrieve WHOIS information for the domain.

Step 4: View WhoisXML API Analysis Results

After running the transform, you can view the WHOIS information in your Maltego graph:

1. Click on the domain entity that you ran the transform on.
2. You’ll see attributes and data retrieved from the WhoisXML API, such as registrant information, creation date, and more.

Step 5: Include URLs

To include URLs when possible, you can explore relationships between domains and URLs in your Maltego graph. You can create custom Maltego transforms or use external data sources to associate URLs with domains based on the WHOIS information.

Step 6: Save and Export

Once you have analyzed and enriched your Maltego graph with WHOIS information and URLs, you can save your Maltego graph and export it in various formats for reporting and sharing.

That’s it! You’ve successfully set up and used the WhoisXML API Maltego transform to retrieve WHOIS information for domains and include URLs when applicable in your Maltego investigations.

Please remember to handle your WhoisXML API key securely and consider any usage limitations or billing associated with your WhoisXML API account.