Identifying internal username, systems, applications in Office documents

Tools such as MetaGooFil, FOCA were published many years ago.   Yet we can still identify many juicy information about targets in many of web sites through their hosted documents.  We believe those information is best utilised by attackers in their crafting of APT-based, phishing exploits.

MetaGooFil - http://tools.kali.org/information-gathering/metagoofil


[email protected]:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************
['pdf']

[-] Starting online search...

[-] Searching for pdf files, with a limit of 100
        Searching 100 results...
Results: 21 files found
Starting to download 25 of them:


FOCA  - https://www.elevenpaths.com/labstools/foca/index.html



Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

HttpOnly Session ID in URL and Page Body | Cross Site Scripting

KingRoot: failure to root ASUS ZenFone 4 Max