Metagoofil is an excellent Information
gathering tool that can be used for extracting tons of Information from
Word Documents, PDF’s, Excel Sheets, .jpg Images and lots of other
formats . Metagoofil therefore can provide a lots of fruitful
information during the penetration testing just by scanning the files
gathered. Lets learn how to extract information from documents, images
using Metagoofil Tutorial.
This will become more clear with the
following example : Not very far back , I was conducting a Penetration
test for one of my company’s client that was a fortune 500 . Now they
had certain files uploaded and also some presentations all present over
the internet . Well , very common and shouldn’t be a problem. But on
analyzing these documents we were able to get Email , mobile phone
number and some more information of high level employees . These were further used to social engineer our way into the organisation.
Metagoofil already exists in Kali Linux
and is an excellent tool to use when it comes to analyzing the files
for Meta Data in them . This Meta Data is just some Data about the file
and used by the programs . The Meta data is neither ment to be seen by
the user nor of any use for the user . Its there to be used by the
program.
Metagoofil can be used to extracting the
Meta Information from a variety of formats such as word , pdf , .jpg
etc including the HTML web pages.
Here is a Tutorial on the Usage of Metagoofil for Penetration Testers:
Metagoofil can be found on the menu such as picture below:
Finding Metagoofil in Kali Linux
To start using Metagoofil , Open terminal :
root@kali:~# metagoofil
This is what you should see on the terminal
******************************************************
* /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
* / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
* / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
* \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
* |___/ *
* Metagoofil Ver 2.2 *
* Christian Martorella *
* Edge-Security.com *
* cmartorella_at_edge-security.com *
******************************************************
Usage: metagoofil options
-d: domain to search
-t: filetype to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
-l: limit of results to search (default 200)
-h: work with documents in directory (use "yes" for local analysis)
-n: limit of files to download
-o: working directory (location to save downloaded files)
-f: output file
Examples:
metagoofil.py -d apple.com -t doc,pdf -l 200 -n 50 -o applefiles -f results.html
metagoofil.py -h yes -o applefiles -f results.html (local dir analysis)
Here is a screenshot of the Metagoofil .
metagoofil Usage Example 1
root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html
******************************************************
* /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
* / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
* / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
* \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
* |___/ *
* Metagoofil Ver 2.2 *
* Christian Martorella *
* Edge-Security.com *
* cmartorella_at_edge-security.com *
******************************************************
['pdf']
[-] Starting online search...
[-] Searching for pdf files, with a limit of 100
Searching 100 results...
Results: 21 files found
Starting to download 25 of them:
metagoofil Usage Example 2
metagoofil -d example.com -t doc,pdf -l 20 -n 10 -o ddos -f example.html
Hope you like this post. Feel free to share to your social space
reference: hackingloop
0 comments: