Maltego Review
The gold standard for visual link analysis and OSINT pivoting
Quick Verdict
Corporate investigators, threat intelligence analysts, and investigative journalists running deep multi-session investigations where visualizing complex relationship networks is central to the work
Pros
- + Relationship graphs surface connections that tabular data hides — pivot from email to domain to IP to company in minutes
- + 500+ Transform Hub integrations: Shodan, VirusTotal, HIBP, Hunter.io, Recorded Future, and dozens more
- + Cross-platform: Windows, macOS, Linux with no feature differences
- + Community edition (free) gives an honest taste of the workflow before committing
- + Mature ecosystem: training resources, community scripts, and custom transform development are all well-developed
Cons
- − Heavy for quick lookups — the desktop client is overkill for a single entity check
- − $999/yr Standard tier is steep for independent researchers and small teams
- − Third-party transform reliability varies; broken or rate-limited transforms are a recurring annoyance
- − Community edition's 12-transform/10k-entity limits will frustrate you before long
- − Steep learning curve until you internalize the pivoting workflow
Maltego is the gold standard for graph-based link analysis, helping investigators visualize complex relationships between people, domains, IPs, companies, and crypto wallets. With over a decade of use in corporate intelligence, threat intel, and investigative journalism, its reputation is well-deserved.
What It Does
Maltego's core function is building visual graphs of relationships. You start by dropping an entity onto a canvas, then run transforms against it. These transforms query external data sources, returning connected entities like associated domains, phone numbers, and social media profiles. The canvas updates in real time, creating a mind map of connections. You can pivot from an IP to its ASN, from a company to its executives, or from a crypto address to exchanges it touched. This approach makes deep investigations explorable in minutes, not hours.
Pricing Tiers
| Tier | Price | Transforms | Entity Limit |
|---|---|---|---|
| Community | Free | ~12 | 10,000 |
| Standard | $999/yr | Full Hub access | Unlimited |
| Enterprise | Custom | Full Hub + team features | Unlimited |
The Community tier is useful for getting started, but its 12-transform limit can be restrictive. Most serious workflows require the Transform Hub, which is only available with the Standard or Enterprise tiers.
Transform Hub
The Transform Hub is where Maltego shines, offering 500+ integrations from third-party data providers like Shodan, VirusTotal, and Hunter.io. While many transforms are free, others require separate subscriptions to the underlying service. The quality of these transforms varies, with some returning rich, actionable data and others feeling stale or noisy. You'll quickly learn which providers are worth using for your specific use case.
Strengths
- Visual clarity — relationship graphs reveal connections hidden in tabular data
- Breadth of integrations — 500+ transforms cover nearly every major OSINT data source
- Cross-platform — Maltego runs on Windows, macOS, and Linux without compromise
- Community edition — a low barrier to entry for trying the workflow
- Established ecosystem — mature training resources, community scripts, and custom transform development
Weaknesses
- Slow for quick lookups — the interface is optimized for deep sessions, not fast single-entity checks
- Cost — $999/yr is steep for independent researchers, and the Community tier limits can be frustrating
- Transform reliability — third-party transforms are only as good as their upstream sources, and broken or rate-limited transforms can be annoying
- Learning curve — new users may feel lost in the canvas until they internalize the pivoting workflow
Who It's Built For
Maltego is purpose-built for corporate investigators, threat intelligence analysts, and journalists running multi-subject, multi-session investigations. It's ideal for mapping influence operations, tracking threat actor infrastructure, building corporate due diligence graphs, or following money through wallets and exchanges. However, it's not the right choice for quick, one-off lookups. If you need to check an email address or look up a domain's registrar, you may want to use something lighter.
Verdict
Maltego is irreplaceable for complex link analysis work. Its graph-based approach to OSINT pivoting changes how you think through an investigation. While the pricing and weight of the desktop client can be barriers, the Standard tier pays for itself quickly if your work justifies it. The Community edition provides an honest taste of the workflow, even if the transform ceiling will eventually become frustrating.
Best for: Corporate investigators, threat intel teams, investigative journalists, red teamers mapping infrastructure
Skip if: You need fast, lightweight lookups or can't justify the $999/yr cost
Tool Relationships
Similar Tools
SpiderFoot
Map a target's full digital footprint automatically — domains, IPs, emails, names, and ASNs across 500+ sources.
Mitaka
A browser extension that turns highlighted indicators into instant OSINT and threat intelligence lookups without breaking analyst flow.
Shodan
Search engine for internet-connected devices — find exposed servers, industrial systems, and network infrastructure worldwide.
urlscan.io
Free website scanner that captures full-page screenshots, network requests, and DOM snapshots for any URL
Community Rating
Ratings from security researchers. No third-party tracking.
Rate this tool:
This review reflects testing as of 2026-04-04. OSINT tools change frequently — check the vendor's current documentation for pricing and feature updates. Report an error →