 Welcome back, everyone. Today I'm going to give a quick tutorial on using Multigo Community Edition to find more information about some entity, some person, some organization. And I am using Kali Linux, so Multigo Community Edition installed in Kali. Multigo for Kali is a little bit different than the normal community edition, but basically all of the features are the same. You can you install Multigo in Windows, Mac OS, and Linux. I'm just going to be using it from Kali Linux. So to get started, this kind of circle with the three dots is the Multigo icon. So click on that, and whenever you open it up, you should get a window like this. At the very beginning, you will have to register with the Multigo Community to get a product key. The product key is free for the Community Edition, and that will let you log in. Once you get that key, Multigo will update and you'll be able to use it. You could also just buy the commercial edition and they have a lot more features and a lot more basically scripts that we can run. So you can go ahead and install some other transforms. A lot of these transforms that are not installed by default require API keys. So for example, for VirusTotal, you'll have to create a VirusTotal account to get your public API key. And then whenever you install it, configure this transform to be able to use your key. So if you want to install additional transforms, they are very, very useful, but you do have to do a few more steps to register them. So for now, I'm just going to keep the default scripts installed and I'm going to create a new graph. So in this top left-hand corner, we see this file with a plus sign. Go ahead and click on it. And then you get this new graph window. And the graph window is basically the main place where you will do most of your work. So on this left-hand side, we see a lot of different entities or basically nodes that we can put into our graph. So for example, if we know an email address that we want to find more information about, we can just click and drag that to the graph window. I'm not going to start with email address. Let's say if we know the person's name, if we know a telephone number, maybe even a phrase we can search for banners, IP addresses, MX records like mail, net blocks, URLs, things like that. Let's see, GPS coordinates, hash values. So I am actually going to start with a domain because I know a domain name or an organization that I would like to learn more about. My goal right now is to find who is related or who can we find is related to this particular domain. So I'm going to double-click. I drag the domain name to the new graph. And then I double-click on it. And I type the new domain, defer.science. So this is actually my domain. So I want to know, can you actually find my name just based on the domain? And you should be able to. I think you should be able to. You can use this for a lot of different things. Obviously, you could use this for bad reasons like stalking people, please don't stalk people. But you could also use it and what I use it for is to understand what information of mine is out on the internet, what is publicly accessible, and where can you find it? So if you just start with defer.science, which is the domain, if we right-click on the node, then we can run transforms on this particular node related to the domain name. So basically doing domain name searches. And you can see, if we click the plus sign on all transforms, then these are all of the transforms or basically scripts that we can run against that domain name. So DNS looking up DNS, most of it's going to be DNS, looking up email addresses from who is information. And I can tell you right now that email addresses from PGP are probably going to result in the most hits because I know that I have my PGP key out there. And I know it's associated with my domain. Also using search engine for email addresses. Yeah, so basically two phone, two person, two website. So basically it's trying to pull out more information or nodes based on this first or starting piece of information. Okay. So to run all transforms, I'm going to click this kind of fast forward or play button. So click that and it runs all. So now it's going out and it's searching or running all of those different scripts. And as new information is found, we'll put a new node on our graph. Okay, so it's running and I think it's done. We see that we actually have more nodes than we have space. So if I scroll out, I use the scroll bar, I can zoom out and we can get kind of the whole graph, maybe on the same page or close to the same page. Okay. So some of this is interesting. First off, I noticed this have I been poned, we have the transform for have I been poned and it says not breached. That's great. I'm glad it's not breached, especially because it's a new domain. And I hope it wasn't breached yet. There's some other stuff here, like defer.com. This is actually not related to defer.science at all. So these other domains are not directly related. Okay, so if I know that what I would normally have to do if I didn't know that is actually go to each domain and investigate it further. Who is this related to? Maybe right click on these individual nodes and run another transform. So run all those transforms against that. But I can tell you right now that these other domains are not related to R so I can just select them and delete and delete the selected items, click yes, or hit yes. And I can do that for all of these domains. And that basically just gets rid of the unrelated information. So that way I don't have to worry about it. Okay, so what else do we have here? We have a DNS record for defer.science www.dfer.science which redirects to defer.science. And if we go to relationships and incoming and general generator detail, yeah, so basically, www also redirects to defer.science. So it is related. We also find NAS, which is my storage. And then we can also see bradns.cloudflare.com. And basically everything is behind cloudflare. So that also looks good. Or it looks, I don't know if good, but it looks relevant. And then we have protect who is guard, which is the domain is using who is guard. Joshua at defer.science was the email address that was found from it. And then DNS at cloudflare. So basically, this looks like it's behind cloudflare. It looks like we have Google mail set up. And we already found a node, Joshua James. So now this has been associated with my name. So we can see basically this phone number, it looks like it was probably associated with who is guard. And the company I registered with. So I can do a couple of things now if I'm interested, Panama, for some reason, I have no idea why Panama, if I can now, if I want to focus on the person related to this domain, right, I have basically two two methods that look promising. First off is Joshua defer.science, right, the email address and Joshua James. So I can right click on this node. And then there's all transforms for a person. So we can look basically for that particular person, Twitter websites, PGP again, email addresses. So I'm going to go ahead and run all transforms for the person. No, I hope it still runs it. It was asking for signing into Twitter, because I didn't sign into Twitter yet. So from Joshua James, let's scroll out a little bit. What I expected, actually, was this kind of graph that was created. So we have from Joshua James, a bunch of different email addresses, I'm not sure what that one is, but we have a bunch of different email addresses. And most of those are coming from my PGP key. So I know that they're public. So that's, that should be okay. Notice that we now have a link between Joshua James, the defer.science and Joshua at defer.science. So basically, we have a link from the website to this individual user. How did we get that link? Well, from the PGP key, because the email address Joshua defer.science was registered in PGP and and then uploaded. And we have the actual website, right? So now it looks like that we have a link between the user and we also have a couple other users here. And these are basically people that have signed my key. So their information is also public and also related to the key. Okay, so I could do another search for the individual email address. And let's see if we get anything interesting out of that, probably not, I think, basically more. So zooming in and zooming out is pretty useful here. From the email address, we get basically a lot more email addresses or email addresses that have been registered or all of these things are online. So here we have a couple double links to the main email addresses. Using this, we can figure out kind of what are the main email addresses that are used? Are these people really related? How are they related? Were they hacked kind of things like things like that. So, you know, in a very short time, just by having a domain name, even even for somebody like me, I'm not necessarily hiding my email. I mean, I want people to email me at Joshua defer.science if they have questions and things. So even if you're using, you know, if you're blocking your who is information and stuff like that, there's still a lot of information available out there on emails and names and using Maltigo, we can very quickly kind of zoom in on interesting nodes that we might be able to study more. So imagine that we wanted to understand an entire network or an entire network structure. Well, we could use some other tools to be able to extract websites or email addresses or phone numbers or names or whatever, load those as nodes into Maltigo and then just search the web basically using that information. So Maltigo is really interesting way to start. It's super easy to use. Basically, once you just have some information, just look at the left hand side, figure out what information you're interested in, create one node and then just start searching from there. See if you find anything interesting. If you don't, you might have to get more information and then use all that information to do a search. If you do find something interesting, then you can always right click on the node and then look for more information from those nodes. So that's pretty much it for an introduction to Maltigo open source investigations. I use this on my own information quite often just to understand, you know, what's out there, how are things linked? Yeah, so that's pretty much it. Thank you very much. If you liked this video, please subscribe for more.