It was 1999 when Roelof Temmingh had an idea to start a company that would become Sensepost. Less than ten years later, around 2007, he set up Paterva, the company that would give the world Maltego. And in 2019 he started Vortimo, a new company that would bring another new product. Initially Roelof wanted to build a new web browser, but he came up with something else. An application that works together with a browser extension, that will not just capture every web page you visited, but also has some features that make this application unique. Time to dive into this piece of software, to see what it is and what it does. And to be clear: I wasn't asked to write this article, have not been paid, or received any kind of reward in exchange for it.
The desktop application keeps a database with all the scraped pages, tags, names and other entities, all neatly organized by category. The app has options to create tags, search for them, but it also has a feature that tries to detect names of people. It's not entirely perfect, but it does a fairly good job and can help you find possible interesting names. Especially since Vortimo also keeps track of pieces of text or names that show up multiple times, notifying you of possible interesting links that might be important for your investigation.
While Vortimo runs, it sits in your browser quiet, and you hardly notice it's there, but if it's in the way, you can drag it to a different location. Unlike other tools that operate nearly invisible, Vortimo injects a little floating menu in the web pages you visit. This menu has some basic options:
The desktop application contains the brain of the application, and manages the database with all the collected evidence, and contains a small web server that opens up the dashboard in a browser tab. At first glance it may look a bit busy, but it's nicely organized in different sections.
While browsing the web, Vortimo captures everything that comes along in your browser screen. It doesn't just capture the text and images, but it also analyses it in the background, to extract specific types of information. It saves detected information in different locations, and in different ways. First there are the tags. Tags can manually be assigned to URL's, on images, or even text snippets. Tags are the main filter, and it even enables you to run multiple investigations in one go, by assigning the appropriate tag per item. But there are a few more unique feature that stand out when using Vortimo, and that can actually propel an investigation forwards.
First there's a feature that uses some clever algorithms to detect names within text. It analyses words that have the characteristics of a given name, and adds them to the list of 'name objects'. It's unclear how the algorithm works, but looking at language in a general way, given names usually start with a capital letter and consist of one to three or four 'words' within the text. If one considers that there's usually a verb or preposition directly in front or after the name, it's not that difficult to create a filter that captures most of this information.
Besides names, it also detects multiple other object types, like aliases, hashtags, phone numbers and URL's. On the right side of the desktop application there's a list of detected objects and enables the user to filter them, or search for them. This feature itself can already be an extremely powerful addition, but there's another useful feature, that combines these detected objects with another algorithm that might prove itself even more useful.
While scanning contents of a website, indexing the different objects and tags that were set, it also scans for new items that have been seen before but not tagged by themselves. Since tagging itself is the act of adding a specific object or text to a list of important pieces of information, Vortimo is also able to show text or objects that have been seen multiple times before and suggests them as interesting items, by highlighting them by underlining them with yellow. You can choose to ignore it, but with a few simple clicks it's possible to add the new items to the list of tagged information, adding them to the ever-growing database with evidence or clues.
After objects have been identified, and shown on the right side of the screen, another feature comes into play. By opening one of the objects, for instance an alias that is identified, a list of widgets and external links is offered. If a valid API key is available, it's possible to feed it directly to Spiderfoot, Pipl or Leakcheck. External websites are listed below, and range from search engines to online phone books and social media search tools.
Every captured page can also easily be exported in a range of different formats. Of course there are usual PDF, JPG and MHTML formats. But there also is the option called "evidence pack". It saves all the original source files, has an MHTML file with the rendered page, and has a PDF with all descriptions, original locations and SHA1 hashes from the moment of capture.
A new feature that was added in September 2021 is the option to plot a graph of all information found. It takes all objects and tagged items, and connects them in a graph when they appear to have some sort of connection. By hovering over a node in the graph, it opens up a list of connected nodes. A single-click will keep that list open and double-clicking a node will create a new graph, with the clicked node in the centre. By removing the filter on the top bar, the graph resets to the initial state.
When right-clicking on a node, a new menu pops up and has the options to add notes, copy the item, change its tag or even open it.
Vortimo is an awesome tool, and it has some really cool and unique features. The automatic detection of objects, the proposal of newly found like interesting names, or any other type of object, and the clean layout of the dashboard. It also has an easy-to-use timeline, that enables you to zoom in onto a specific time range, and filter out specific contents. You can search on anything, from names to specific URL's, and filter on things like tags or images. It's flexible in its filter and search features, and with a single click it's possible to reset things. And best of all is, there's a free version with all its options, where there's just the limit of a single investigation per installed instance.
Vortimo is an awesome tool to capture evidence within browser sessions. It's fast, not too complicated to use, extensive filtering options and has some unique and useful features. The feature that detects names and aliases is working quite well, and is very useful. The fact that it is also searching for possible new leads, by constantly inspecting captured data, can open up opportunities that might have slipped your eyes.
It still might have some bugs here or there, but the overall product looks polished, is fast and intuitive. Looking at the pricing, it has a free evaluation version, with a limited set of 'visits' per project, and a maximum of two projects. There's a paid version with more projects, and probably enough page captures for medium size projects, and lastly there is the still quite affordable premium package with unlimited projects and visited pages. Looking at other products that offer evidence capture in browsers, Vortimo sits in the middle of the price range, but offers quite a bit of bang for you buck.