Data at your fingertips

W e offer different models of data access, namely click-and-run, free data requiring an API key, Maltego data subscriptions
(or data bundles) and paid API keys, that need to be purchased separately. You can find details on them below.

Out-of-the-box access to integrations with an included allowance for free trial

Click-and-Run – limited Free (CE) Maltego Pro Maltego Enterprise

Standard Transforms ∙ Bing News: 120 Tra. / Month

∙ Bing News: 1,000 Tra. / Month
∙ Bing News: 4,000 Tra. / Month

The Maltego Standard Transforms are the default ∙ Bing Web Search: 100
∙ Bing Web Search: 500
∙ Bing Web Search: 2,500

OSINT Transforms that ship with every Maltego ∙ BuiltWith: 100

∙ BuiltWith: 1,000
∙ BuiltWith: 10,000

Desktop Client. These include Transforms from ∙ IBM Watson: 100

∙ IBM Watson: 1,000
∙ IBM Watson: 10,000

common sources such as queries on DNS servers, ∙ IPQS: 50

∙ IPQS: 500
∙ IPQS: 2500

search engines, social networks, various APIs, and ∙ Namechck: 50
 ∙ Namechck: 500
∙ Namechck: 5,000

more. ∙ OpenCNAM: 25
∙ OpenCNAM: 100
∙ OpenCNAM: 500

∙ Security Trails: 100
 ∙ Security Trails: 5,000

∙ Security Trails: 10,000

∙ SpyOnWeb: 100
∙ SpyOnWeb: 1,000
∙ SpyOnWeb: 10,000

∙ WhoisAPI DRS: 500
 ∙ WhoisAPI DRS: 5,000

∙ WhoisAPI DRS: 10,000

∙ WhoisAPI IP Netblocks: 500 ∙ WhoisAPI IP Netblocks: 10,000 ∙ WhoisAPI IP Netblocks: 50,000

Censys
Discover, monitor, and analyze attack surfaces and 25 Transforms Runs / Month 100 Transforms Runs / Month 500 Transforms Runs / Month
unknown internet assets.

F arsight DNSDB
Correlate and contextualize real-time and historical ,
8 64 0 Transforms Runs / Month ,
8 64 0 Transforms Runs / Month ,
8 64 0 Transforms Runs / Month
DNS data to expose networks and infrastructure.

Google Maps Geocoding

Normalize and enrich location data in your 20 Transforms Runs / Month 200 Transforms Runs / Month 500 Transforms Runs / Month
investigations.

Google Programmable Search Engine

Search for people and aliases in major social media 20 Transforms Runs / Month 200 Transforms Runs / Month 500 Transforms Runs / Month
networks.

GreyNoise Community
Query basic IP information such as the owners and its 1,500 Transforms Runs / Month 3,000 Transforms Runs / Month 15,000 Transfor. Runs / Month
internet scanning activity in the last 90 days.

I ntezer Analyze
Automate end-to-end malware investigations with 15 Transforms Runs / Month 15 Transforms Runs / Month 15 Transforms Runs / Month
genetic malware analysis.

Scamadviser ∙ Passive Checks: 50 Tra. / Month
 ∙ Passive Checks: 100 Tra. / Month
∙ Passive Checks: 200 Tra. / Month

Quickly identify untrustworthy domains and entire ∙ Active Scans: 10 ∙ Active Scans: 25 ∙ Active Scans: 50
scam networks.

T atum Blockchain Explorer

Explore and trace transactions on various blockchains 2,000 Transfor. Runs / Month 20,000 Transfor. Runs / Month 4 0,000 Transfor. Runs / Month
such as BTC, ETH, LTC, BCH, and DGE.

T inEye
Conduct reverse image search for image verification, 15 Transforms Runs / Month 200 Transforms Runs / Month 750 Transforms Runs / Month
UGC moderation, copyright, and fraud detection.

W hoisXML API ∙ DRS: 10 Tra. / Month
 ∙ DRS: 250 Tra. / Month
 ∙ DRS: 500 Tra. / Month

Leverage advanced IP and domain data to facilitate ∙ WHOIS API: 25 ∙ WHOIS API: 250 ∙ WHOIS API: 500
cybercrime detection, response, and prevention.

SSL Certificate Transforms

Identify suspicious certificate issuance or violation .
Not available 3,000 Transforms Runs / Month 3,000 Transforms Runs / Month

urlscan.io ∙ Search Requests: 5 Tra. / day

∙ Search Requests: 50 Tra. / day

Get information and analyze content of an URL .

∙ Results Requsts: 20
∙ Results Requsts: 200

∙ Public Scans: 10 ∙ Public Scans: 100

Cybersixgill
Catch exclusive underground threats and IOCs with Not available 50 Transforms Runs / Month
collection from the deep, dark, and surface web.
 Echosec
Draw connections between post authors and Not available Not available 50 Transforms Runs / Month
usernames across multiple social networks.

Op enCorporates
Access companies information to investigate beneficial 100 Transforms Runs / Month
ownership, money laundering, and financial crimes.

Free out-of-the-box integrations

Click-and-Run – unlimited F ree (CE) Maltego Pro Maltego Enterprise

buse.ch URLhaus
∞ Transforms Runs Month ∞ Transforms Runs Month ∞ Transforms Runs Month
A

dentify malicious URLs and explore underlying

I
/ / /

malware activity.

Blockchain.info
Trace recent Bitcoin transactions, mined blocks, and
other blockchain activities.
∞ ∞ ∞
Discogs
Visualize music artists, labels, releases, and the
relationships between them.
∞ ∞ ∞
ave I Been Pwned?
∞ ∞ ∞
H

Check for password/domain breeches or to check if an

alias or e-mail have been listed in a post to Pastebin.

LittleSis
Explore influence and connections of politicians,
CEOs, world leaders, and other high-profile figures.
∞ ∞ ∞
LoginsoftOSINT
Detect disposable phone numbers and obtain
relevant meta-data.
∞ ∞ ∞
IST NVD
∞ ∞ ∞
N

Discover context and insights of CVEs, CPEs, and CWEs

for vulnerability and threat exposure assessment.

CCRP Aleph
∞ ∞ ∞
O

Query into Aleph for terabytes of data that come

from international journalistic investigations.

PeeringDB
Discover related infrastructure and connections into
internet backbone systems around the world.
∞ ∞ ∞
Social Links CE
Retrieve data from ZoomEye, Shodan, SecurityTrails,
Skype, and Social Links database.
∞ ∞ ∞
STIX2 Utilities
Leverage the 40 object types adapted from STIX into
the standard Maltego ontology in your investigations.

∞ ∞ ∞
The Movie Database
Search and pivot on movies, talent and directors
names.
∞ ∞ ∞
ThreatCrowd
Query ThreatCrowd for Malware, Passive DNS and
historical Whois data.
∞ ∞ ∞
ThreatMiner
Query and pivot on data from ThreatMiner.org.
∞ ∞ ∞
Wayback Machine
Browse archived content of billions of websites to
uncover deleted pages, hidden files, and more.
∞ ∞ ∞
Integrations requiring an API key that can be obtained for free from the data provider

Free Data (API key required) Free (CE) Maltego Pro Maltego Enterprise

AbuseIP DB
Combat the spread of hackers, spammers, and ∞ Transforms Runs / Month ∞ Transforms Runs / Month ∞ Transforms Runs / Month
abusive activity on the internet.

AlienVault OTX
Access threats, software targeted, and related ∞ ∞ ∞
indicators of compromise used for threat detection.

ATT &CK MISP

Query MISP threat sharing instances and other MISP ∞ ∞ ∞
j
events, attributes, ob ects, tags, and galaxies.

Host.io
Enrich Domains with outbound links and backlinks, ∞ ∞ ∞
DNS information, location, and more.

Hybrid Analysis
Search thousands of existing malware reports or ∞ ∞ ∞
download samples and IOCs.

z
Inte er Anal yze
- -
Automate end to end malware investigations with ∞ ∞ ∞
genetic malware analysis.

IPInfo
Enrich IP Addresses with domain and ASN information, ∞ ∞ ∞
precise locations, ISPs, VPNs, Tor users, and more.

RiskIQ PassiveTotal
Search across OSINT datasets like WHOIS records, IP ∞ ∞ ∞
resolutions, DNS and SSL certificate data, and more.

Shodan
Gain access to intelligence about the global IoT and ∞ ∞ ∞
infrastructure data.

VirusTotal (Public API)

Leverage 15 years of malicious sightings to enrich ∞ ∞ ∞
your organization’s malware observations and logs.

WhoisXML API
Leverage advanced IP and domain data to facilitate ∞ ∞ ∞
cybercrime detection, response, and prevention.

OpenCTI
Query and explore threat intelligence data from Not available
∞ ∞
OpenCTI instances using STIX2 Entities.

Flexible data subscriptions available through our web-shop (for Pro) or through our sales team (for Enterprise)

Maltego Data Subscriptions Free (CE) Maltego Pro Maltego Enterprise

CipherTrace
Access cryptocurrency tracing information for Bitcoin, Not available According to subscription According to subscription

Ethereum, Bitcoin Cash, and Litecoin.

y
C bersi xgill
Catch exclusive underground threats and IOCs with

collection from the deep, dark, and surface web.

Echosec
Draw connections between post authors and

usernames across multiple social networks.

Intel 471
Get Adversary, Malware, and Vulnerability Intelligence

to support security operation teams.

People Data Labs

Search and retrieve personal identity information :
email and physical addresses, social media profiles.
 Pipl
Access over 3 billion online identities that have been Not available According to subscription According to subscription
cross-referenced and indexed for accuracy and speed.

Scamadviser
Quickly identify untrustworthy domains and entire
scam networks.

Data access that must be purchased directly from the data provider

Bring your existing key

or purchase separately Free (CE) Maltego Pro Maltego Enterprise

AbuseIPDB
Combat the spread of hackers, spammers, and According to plan According to plan According to plan
abusive activity on the internet.

Clearbit
Understand your customers, identify future prospects,
and personalize marketing and sales interaction.

Farsight DNSDB
Correlate and contextualize real-time and historical
DNS data to expose networks and infrastructure.

FullContact
Search names, postal addresses, raw and hashed
email addresses, phone numbers, and Mobile Ad IDs.

Google Maps Geocoding

Normalize and enrich location data in your
investigations.

Google Programmable Search Engine

Search for people and aliases in major social media
networks.

Host.io
Enrich Domains with outbound links and backlinks,
DNS information, location, and more.

Intezer Analyze
Automate end-to-end malware investigations with
genetic malware analysis.

IPInfo
Enrich IP Addresses with domain and ASN information,
precise locations, ISPs, VPNs, Tor users, and more.

Kaspersky Lab
Query feeds on malware, phishing, malicious hash,
mobile malicious hash, IP reputation, and more.

PeopleMon
Search billions of profiles including addresses, photos,
contacts, emails, social media, breaches, and more.

RiskIQ PassiveTotal
Search across OSINT datasets like WHOIS records, IP
resolutions, DNS and SSL certificate data, and more.

Shodan
Gain access to intelligence about the global IoT and
infrastructure data.

Tatum Blockchain Explorer

Explore and trace transactions on various blockchains
such as BTC, ETH, LTC, BCH, and DGE.

TinEye
Conduct reverse image search for image verification,
UGC moderation, copyright, and fraud detection.
WhoisXML API
Leverage advanced IP and domain data to facilitate According to plan According to plan According to plan
cybercrime detection, response, and prevention.

ZETAlytics Massive Passive

Map and visualise relationships between different
threat actors and known associates.

AlphaMountain
Inform your investigations with reputation scores of Not available
the target's hosts, domains, and IP addresses.

ATII - Hades
Combat child exploitation, missing persons, and more
with Darkweb intelligence.

Censys
Discover, monitor, and analyze attack surfaces and
unknown internet assets.

CipherTrace
Access cryptocurrency tracing information for Bitcoin,
Ethereum, Bitcoin Cash, and Litecoin.

Cisco Threat Grid

Map relationships between malware samples and
indicators, campaign infrastructure, and more.

Cofense Intelligence
Pinpoint how attackers are delivering their malicious
payloads.

CrowdStrike Intel
Obtain attribution for indicators and correlation of
adversaries, malware families, and campaigns.

CrowdStrike ThreatGraph
Interact with CrowdStrike Falcon data and investigate
relationships between events.

Cybersixgill
Catch exclusive underground threats and IOCs with
collection from the deep, dark, and surface web.

DomainTools Enterprise
Gather Whois information, uncover prior identities,
find related domains by owner, and more.

DomainTools IRIS
Map connected infrastructure, correlations, attribution,
domains, and more to surface meaningful insights.

Digital Shadows
Query darkweb and IRC text search to analyze data
from Tor, I2P, criminal sites, and IRC conversations.

Echosec
Draw connections between post authors and
usernames across multiple social networks.

Flashpoint
Search illicit online communities for fraudulent
activities, malicious actors, and other threat intel.

GreyNoise Enterprise
Query IP address data and CVEs, Tags, or activities
that an IP address has been observed scanning for.

HYAS Insight
Fingerprint events, actors, and infrastructure with

in-depth IOCs data.

Intel471
Get Adversary, Malware, and Vulnerability Intelligence
to support security operation teams.
Malnet with Proofpoint
Correlate IOCs, campaign dates, malware hash Not available According to plan According to plan
relations, C2 infrastructure, and more.

MaxMind
Retrieve location and ownership data about IP
addresses.

OpenCorporates
Access companies information to investigate beneficial
ownership, money laundering, and financial crimes.

Palo Alto Networks AutoFocus

Correlate threat data from immediate network,
industry, and global intelligence feeds.

PhoneSearch
Gather information (USA and Canada) on real names,
social media, related persons, addresses, and more.

Pipl
Access over 3 billion online identities that have been
cross-referenced and indexed for accuracy and speed.

Polonious
Query, create, or maintain cases, people, companies,
or other entities between Polonious and Maltego.

Recorded Future
Gain full picture of threat actors, including known
exploit kits, vulnerabilities, or other TTPs.

Silobreaker
Tap into deep & dark web for investigations, and
enrichment of malware, threat actors, TTPs, and more.

SocialLinks
Discover online presence, identity, groups, and
affiliations of a person behind digital credentials.

SocialNet
Map social media connections with data from 120+
social networks for OSINT investigations.

SSL Certificate Transforms

Identify suspicious certificate issuance or violation.

ThreatConnect
Model the relationships between malware, domains,
IPs, and other indicators, threats, and personas.

urlscan.io
Get information and analyze content of an URL.

VirusTotal Premium API

Leverage 15 years of malicious sightings to enrich
your organization’s malware observations and logs.

ZeroFox
Monitor and map malicious activity targeting brands,
executives, and customers.

IBM Qradar
Extract and map context of IOCs from event logs and Not available
offenses.

Orbis – Bureau Van Dijk

Gain a quick understanding and easily visualize
corporate structures and hierarchies.

ServiceNow
Create and search incident data, associated metadata
and relevant structured Entities, and more.
 Splunk
Cross-reference IP Addresses, domains, hashes, URLs, Not available Not available According to plan
and other IOCs with internal intelligence.

www.maltego.com/transform-hub
Want to discuss how your teams and organizations can conduct effective

investigations with Maltego? Schedule a personalized demo today!

Copyright © 2022 Maltego Technologies GmbH. All rights reserved. #madewithmaltego