Maltego Transforms Technical Reference
DNSDB is a Passive DNS (pDNS) historical database that provides a unique, fact-based,
multifaceted view of the configuration of the global Internet infrastructure. DNSDB
leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing
platform and is engineered and operated by leading DNS experts.
Farsight (Now a part of DomainTools) collects Passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. The end result is the highest-quality and most comprehensive Passive DNS data service of its kind – with more than 100 billion DNS records since 2010.
Farsight’s DNSDB transforms threat data into actionable, relevant threat intelligence in
real time. DNSDB’s high-performance, indexed, time-series DNS intelligence data service
increases the value of an organization’s existing threat intelligence and improves
visibility for an organization’s security program and protect its infrastructure from
current and future threats.
DNSDB makes it easy to find related domain names and IP addresses, assuming you have an
initial domain name or IP address as a starting point. DNSDB can answer questions, such
as:
Where did this domain name point to in the past?
What domain names are hosted on a given IP address?
What domain names use a given name server?
What fully qualified domain names exist below a delegation point?
Farsight Security has created a package of transforms that allows Maltego to access the
DNSDB to retrieve related information for domains, hostnames, network addresses and
ranges, and e-mail addresses. DNSDB transforms expand the power of Maltego by enabling
correlation and contextualization with near realtime and historical DNS intelligence.
Using the DNSDB transforms users can expose entire networks, gain an outside-in view of
their infrastructure and pivot across DNS record types including domains, IPs, NS, MX,
AAAA, SOA and many more. Wildcard searches are also available to expose hostnames or Fully
Qualified Domain Names (FQDNs) in the left side wildcard, associated domains in the right
side wildcard, and further pivoting across IPs to expose all associated domains, FQDNs,
IPs, MX, NS, and other record types.
The DNSDB Transforms for Maltego can be used in any Maltego investigation to:
Find hostnames related to network addresses
Illuminate the DNS (and other service) hosting infrastructure of an interesting domain, and find other domains of interest
Find historical locations of a service identified by a hostname or domain
Farsight’s DNSDB transform set allows Maltego to access the DNSDB to retrieve related
information for domains, hostnames, network addresses and ranges, and e-mail addresses.
DNSDB transforms expand the power of Maltego by enabling correlation and contextualization
with near realtime and historical DNS intelligence, allowing Maltego to retrieve related
information for domains, hostnames, network addresses and ranges, and e-mail addresses.
These transforms use DNSDB to find values that were observed by one of Farsight’s DNS
sensors for these entities, as well as domains resolving to these entities.
The Farsight Security DNSDB transforms expand the power of Maltego by
enabling correlation and contextualization with near realtime and
historical DNS intelligence; also known as passive DNS data. Using the
DNSDB transforms users can expose entire networks, gain an outside-in
view of their infrastructure and pivot across DNS record types including
domains, IPs, NS, MX, AAAA, SOA and many more. Wildcard searches are
also available to expose hostnames or Fully Qualified Domain Names
(FQDNs) in the left side wildcard, associated domains in the right side
wildcard, and further pivoting across IPs to expose all associated
domains, FQDNs, IPs, MX, NS, and other record types.
With Maltego Transforms for Farsight, investigators can correlate and contextualize with
real-time and historical DNS intelligence; also known as passive DNS data.
Using these Transforms, users can expose entire networks, gain an outside-in view of their
infrastructure and pivot across DNS record types. With Wildcard searches, expose
hostnames/FQDNs, associated domains and further pivoting across IPs to expose all
associated domains, FQDNs, IPs, MX, NX, and other record types.
To read more click here: https://www.maltego.com/transform-hub/farsight-dnsdb/
To DNS Name (Reverse) [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API Key Here False True False
Information Value Display Name To DNS Name (Reverse) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrdataCIDR maltego.CIDR This transform finds DNS Names linked to this Netblock by an A record dnsdbrdataDNSName maltego.DNSName This transform finds records where this DNS Name is in the answer dnsdbrdataDomain maltego.Domain This transform finds DNS Names where the answer is this entity’s name dnsdbrdataIPv4Address maltego.IPv4Address This transform finds DNS Names linked to this IP by an A record dnsdbrdataIPv6Address1 maltego.IPv6Address This transform finds DNS Names linked to this IP by an AAAA record dnsdbrdataNetblock maltego.Netblock This transform finds DNS Names linked to this Netblock by an A record
To DNS Names [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name To DNS Names [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrdataIPv6Address maltego.Phrase This transform finds records matching this owner name dnsdbrrsetDomain maltego.Domain This transform finds records matching this owner name dnsdbrrsetEmail maltego.EmailAddress This transform finds records matching the domain of this email dnsdbrrsetURL maltego.URL This transform finds records matching this hostname of this URL
To Domains (Reverse, MX) [DNSDB]
Description
This transform finds NS records where this entity’s name is the answer
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To Domains (Reverse, NS) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrdataMXType Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds NS records where this entity’s name is the answer
To DNS Records [DNSDB]
Description
This transform finds records matching this owner name
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
|
Information Value Display Name To DNS records [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrrsetDNSName Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds records matching this owner name
To IPv6 Address [DNSDB]
Description
This transform finds AAAA records where this DNS Name matches the owner name
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To IPv6 Address [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrrsetDNSNameToAAAA Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds AAAA records where this DNS Name matches the owner name
To IP Address [DNSDB]
Description
This transform finds A records where this DNS Name matches the owner name
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To IP Address [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrrsetDNSNameToA Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds A records where this DNS Name matches the owner name
To MX Record [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To MX Record [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetDNSNameToMX maltego.DNSName This transform finds MX records for this DNS Name dnsdbrrsetDomainMX maltego.Domain This transform finds MX records for this Domain dnsdbrrsetEmailMX maltego.EmailAddress This transform finds MX records for the Domain referenced in this e-mail address
To NS Record [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name To NS Record [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetDNSNameToNS maltego.DNSName This transform finds NS records for this DNS Name dnsdbrrsetDomainNS maltego.Domain This transform finds NS records for this Domain
To SOA Record [DNSDB]
Description
This transform finds SOA records where this DNS Name matches the owner name
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To SOA Record [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrrsetDNSNameToSOA Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds SOA records where this DNS Name matches the owner name
To SRV Record [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To SRV Record [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrrsetDNSNameToSRV Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds SRV records where this DNS Name matches the owner name
To TXT Record [DNSDB]
Description
This transform finds TXT records where this DNS Name matches the owner name
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name To TXT Record [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name dnsdbrrsetDNSNameToTXT Input Entities maltego.DNSName Output Entities Phrase Short Description This transform finds TXT records where this DNS Name matches the owner name
Search child DNS Names (*., AAAA) [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name Search child DNS Names (*., AAAA) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwclDNSNameAAAA maltego.DNSName This transform searches for AAAA records below the owner name in this DNS Name dnsdbrrsetwclDomainAAAA maltego.Domain This transform searches for AAAA records below the owner name in this Domain
Search child DNS Names (*., CNAME) [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search child DNS Names (*., CNAME) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Search child DNS Names (*.) [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search child DNS Names (*.) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwclDNSName maltego.DNSName This transform searches for hostnames below the owner name in this DNS Name dnsdbrrsetwclDomain maltego.Domain This transform searches for hostnames below the owner name in this Domain dnsdbrrsetwclPhrase maltego.Phrase This transform searches for hostnames below the owner name in this Phrase
Search DNS Names (.*, AAAA) [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (.*, AAAA) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwcrDNSNameAAAA maltego.DNSName This transform searches AAAA records under a new base domains that contain this DNS Name dnsdbrrsetwcrDomainAAAA maltego.Domain This transform searches AAAA records under a new base domains that contain this Domain
Search child DNS Names (*., A) [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name Search child DNS Names (*., A) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwclDNSNameA maltego.DNSName This transform searches for A records below the owner name in this DNS Name dnsdbrrsetwclDomainA maltego.Domain This transform searches for A records below the owner name in this Domain
Search DNS Names (.*, AAAA) [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Information Value Display Name Search DNS Names (.*, AAAA) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwcrDNSNameAAAA maltego.DNSName This transform searches AAAA records under a new base domains that contain this DNS Name dnsdbrrsetwcrDomainAAAA maltego.Domain This transform searches AAAA records under a new base domains that contain this Domain
Search DNS Names (.*, A) [DNSDB]
Description
This transform searches A records under a new base domains that contain this DNS Name
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (.*, A) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase Short Description This transform searches A records under a new base domains that contain this DNS Name
Variants
Transform Name Input Entities dnsdbrrsetwcrDNSNameA maltego.DNSName dnsdbrrsetwcrDomainA maltego.Domain
Search DNS Names (.*, CNAME) [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (.*, CNAME) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwcrDNSNameCNAME maltego.DNSName This transform searches CNAME records under a new base domains that contain this DNS Name dnsdbrrsetwcrDomainCNAME maltego.Domain This transform searches CNAME records under a new base domains that contain this Domain
Search DNS Names (.*) [DNSDB]
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (.*) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Output Entities Phrase
Variants
Transform Name Input Entities Short Description dnsdbrrsetwcrDNSName maltego.DNSName This transform searches for new base domains that contain this DNS Name dnsdbrrsetwcrDomain maltego.Domain This transform searches for new base domains that contain this Domain dnsdbrrsetwcrPhrase maltego.Phrase This transform searches for new base domains that contain this Phrase
Search DNS Names (Reverse, File Glob) [DNSDB]
Description
This transform uses Flexible search to find rdata matching this file glob pattern
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (Reverse, File Glob) [DNSDB] Owner Farsight Support Author [email protected] Transform Name flexGlobRdata Data Source DNSDB Input Entities maltego.Phrase Output Entities Phrase Short Description This transform uses Flexible search to find rdata matching this file glob pattern
Search DNS Names (Glob) [DNSDB]
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (Glob) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name flexGlob Input Entities maltego.Phrase Output Entities Phrase Short Description Search DNS Names (Glob) [DNSDB]
Search DNS Names (Reverse, Keyword) [DNSDB]
Description
This transform uses Flexible search to find rdata matching this keyword
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (Reverse, Keyword) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name flexKeywordRdata Input Entities maltego.Phrase Output Entities Phrase Short Description This transform uses Flexible search to find rdata matching this keyword
Search DNS Names (Keyword) [DNSDB]
Description
This transform uses Flexible search to find hostnames matching this keyword
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (Keyword) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name flexKeyword Input Entities maltego.Phrase Output Entities Phrase Short Description This transform uses Flexible search to find hostnames matching this keyword
Search DNS Names (Reverse, Regex) [DNSDB]
Description
This transform uses Flexible search to find rdata matching this regular expression
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (Reverse, Regex) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name flexRegexRdata Input Entities maltego.Phrase Output Entities Phrase Short Description This transform uses Flexible search to find rdata matching this regular expression
Search DNS Names (Regex) [DNSDB]
Description
This transform uses Flexible search to find hostnames matching this regular expression
Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication API Key string API KEY HERE False True False
Transform Meta Info
Information Value Display Name Search DNS Names (Regex) [DNSDB] Owner Farsight Support Author [email protected] Data Source DNSDB Transform Name flexRegex Input Entities maltego.Phrase Output Entities Phrase Short Description This transform uses Flexible search to find hostnames matching this regular expression
