Software Review: Vortimo

Software Review: Vortimo

extension tool maltego investigation vortimo review
Review of Vortimo, an application that is designed to capture information within your browser, and help you to organize collected evidence.

It was 1999 when Roelof Temmingh had an idea to start a company that would become Sensepost. Less than ten years later, around 2007, he set up Paterva, the company that would give the world Maltego. And in 2019 he started Vortimo, a new company that would bring another new product. Initially Roelof wanted to build a new web browser, but he came up with something else. An application that works together with a browser extension, that will not just capture every web page you visited, but also has some features that make this application unique. Time to dive into this piece of software, to see what it is and what it does. And to be clear: I wasn't asked to write this article, have not been paid, or received any kind of reward in exchange for it.

The basics

Vortimo exists of two parts. First there's the extension for a Chromium based browser, and yes, that includes Edge! Next to that you need the desktop application, that comes in three flavours: Windows, Mac or Linux based systems, and for the latter both RPM and DEB packages are available. The extension sits in your browser and injects a JavaScript based menu that is visible while browsing around. The menu contains some basic functions, but it does more than that. It also highlights tagged items, names or aliases that show up, and new things that the extension marks as possibly interesting.

The desktop application keeps a database with all the scraped pages, tags, names and other entities, all neatly organized by category. The app has options to create tags, search for them, but it also has a feature that tries to detect names of people. It's not entirely perfect, but it does a fairly good job and can help you find possible interesting names. Especially since Vortimo also keeps track of pieces of text or names that show up multiple times, notifying you of possible interesting links that might be important for your investigation.

Browsing with Vortimo

While Vortimo runs, it sits in your browser quiet, and you hardly notice it's there, but if it's in the way, you can drag it to a different location. Unlike other tools that operate nearly invisible, Vortimo injects a little floating menu in the web pages you visit. This menu has some basic options:

  • Turning the extension on or off
  • Last recorded time, and force a new capture
  • Button to create a screenshot
  • Switch between favourite and suggested tags
  • Turning the recording on or off

The options to turn off the recording might look the same as turning the extension off, but there's a difference. Turning off the extension means that even though the JavaScript based menu will be injected on every page you visit, all of its features are turned off. When you stop the recording, it will stop capturing new pages, but will still give you some information like tags that are spotted on a page. And it gives you the option to manually record a page when there's a need for it.

The floating menu of Vortimo
The floating menu of Vortimo

The Desktop Application

The desktop application contains the brain of the application, and manages the database with all the collected evidence, and contains a small web server that opens up the dashboard in a browser tab. At first glance it may look a bit busy, but it's nicely organized in different sections.

An overview of Vortimo's dashboard
An overview of Vortimo's dashboard
  1. The main dashboard, containing an overview of the captured pages
  2. A search bar, where you can search on anything within the data
  3. Overview, searching and filtering of URL and titles
  4. Filtering by tag type
  5. List of object types that were captured
  6. List of objects that were automatically detected
  7. Timeline of browsing history

Vortimo's Features

While browsing the web, Vortimo captures everything that comes along in your browser screen. It doesn't just capture the text and images, but it also analyses it in the background, to extract specific types of information. It saves detected information in different locations, and in different ways. First there are the tags. Tags can manually be assigned to URL's, on images, or even text snippets. Tags are the main filter, and it even enables you to run multiple investigations in one go, by assigning the appropriate tag per item. But there are a few more unique feature that stand out when using Vortimo, and that can actually propel an investigation forwards.

First there's a feature that uses some clever algorithms to detect names within text. It analyses words that have the characteristics of a given name, and adds them to the list of 'name objects'. It's unclear how the algorithm works, but looking at language in a general way, given names usually start with a capital letter and consist of one to three or four 'words' within the text. If one considers that there's usually a verb or preposition directly in front or after the name, it's not that difficult to create a filter that captures most of this information.

Besides names, it also detects multiple other object types, like aliases, hashtags, phone numbers and URL's. On the right side of the desktop application there's a list of detected objects and enables the user to filter them, or search for them. This feature itself can already be an extremely powerful addition, but there's another useful feature, that combines these detected objects with another algorithm that might prove itself even more useful.

While scanning contents of a website, indexing the different objects and tags that were set, it also scans for new items that have been seen before but not tagged by themselves. Since tagging itself is the act of adding a specific object or text to a list of important pieces of information, Vortimo is also able to show text or objects that have been seen multiple times before and suggests them as interesting items, by highlighting them by underlining them with yellow. You can choose to ignore it, but with a few simple clicks it's possible to add the new items to the list of tagged information, adding them to the ever-growing database with evidence or clues.

Widgets and Links

After objects have been identified, and shown on the right side of the screen, another feature comes into play. By opening one of the objects, for instance an alias that is identified, a list of widgets and external links is offered. If a valid API key is available, it's possible to feed it directly to Spiderfoot, Pipl or Leakcheck. External websites are listed below, and range from search engines to online phone books and social media search tools.

Searching for more with a single click
Searching for more with a single click

Every captured page can also easily be exported in a range of different formats. Of course there are usual PDF, JPG and MHTML formats. But there also is the option called "evidence pack". It saves all the original source files, has an MHTML file with the rendered page, and has a PDF with all descriptions, original locations and SHA1 hashes from the moment of capture.

Graphs

A new feature that was added in September 2021 is the option to plot a graph of all information found. It takes all objects and tagged items, and connects them in a graph when they appear to have some sort of connection. By hovering over a node in the graph, it opens up a list of connected nodes. A single-click will keep that list open and double-clicking a node will create a new graph, with the clicked node in the centre. By removing the filter on the top bar, the graph resets to the initial state.

Plotting information captured by Vortimo
Plotting information captured by Vortimo

When right-clicking on a node, a new menu pops up and has the options to add notes, copy the item, change its tag or even open it.

Pro's and con's

Vortimo is an awesome tool, and it has some really cool and unique features. The automatic detection of objects, the proposal of newly found like interesting names, or any other type of object, and the clean layout of the dashboard. It also has an easy-to-use timeline, that enables you to zoom in onto a specific time range, and filter out specific contents. You can search on anything, from names to specific URL's, and filter on things like tags or images. It's flexible in its filter and search features, and with a single click it's possible to reset things. And best of all is, there's a free version with all its options, where there's just the limit of a single investigation per installed instance.

With all these cool features, there are two very specific things that will have to be considered. They're not really drawbacks, but they are important to remember when using the tool. First it has to be said that the tool injects JavaScript in every single page you visit. It does clearly state where the injected information starts, and where it ends, but the source of the web page itself does actually change. If this tool has to be used in court, I can imagine that within certain jurisdictions, this tool will have to be tried and tested before it might be allowed to provide evidence in court.

The second thing I noticed, also has to do with the injection of JavaScript, and is also the reason why I only run the tool within virtual machines. When writing a blog article in your favourite CMS, the injected JavaScript might actually be saved within the page source, while writing. This means that when saving the actual page, it'll have code injected that provide a small Vortimo menu, even for visitors of your blog or website. And the only way to prevent that, is to actually fully disable the extension within the browser. Simply 'turning off' Vortimo will keep the extension running, and thus injecting code everywhere.

Verdict

Vortimo is an awesome tool to capture evidence within browser sessions. It's fast, not too complicated to use, extensive filtering options and has some unique and useful features. The feature that detects names and aliases is working quite well, and is very useful. The fact that it is also searching for possible new leads, by constantly inspecting captured data, can open up opportunities that might have slipped your eyes.

It still might have some bugs here or there, but the overall product looks polished, is fast and intuitive. Looking at the pricing, it has a free evaluation version, with a limited set of 'visits' per project, and a maximum of two projects. There's a paid version with more projects, and probably enough page captures for medium size projects, and lastly there is the still quite affordable premium package with unlimited projects and visited pages. Looking at other products that offer evidence capture in browsers, Vortimo sits in the middle of the price range, but offers quite a bit of bang for you buck.

Vortimo can be found on Twitter, and for more information, downloads and manuals, visit their website: https://www.vortimo.com/

Previous Post Next Post