1. Introduction

Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it’s first prototype, it has become evident that the framework can be used for much more than that. Canari is perfect for anyone wishing to graphically represent their data in Maltego without the hassle of learning a whole bunch of unnecessary stuff. It has generated interest from digital forensics analysts to pen-testers, and even psychologists. Canari’s core features include:

  • An easily extensible and configurable framework that promotes maximum reusability;
  • A set of powerful and easy-to-use scripts for debugging, configuring, and installing transforms;
  • Finally, a great number of community provided transforms.

1.1 – Terminology

Before we get started with the documentation, it might be useful to introduce some of the terminology that will be used throughout the documentation:

  • Entity: a piece of information on a Maltego graph represented as a node.
  • Transform: a function that takes one entity as input and produces zero or more entities as output.
  • Input Entity: the entity that is being passed into the transform to use for data mining purposes.
  • Output Entity: the entity that is being returned by the transform to be drawn on a Maltego graph.
  • Transform Module: a python module local transform code.
  • Transform Package: a python package containing one or more transform modules.