Thursday, October 20, 2016

Identifying internal username, systems, applications in Office documents

Tools such as MetaGooFil, FOCA were published many years ago.   Yet we can still identify many juicy information about targets in many of web sites through their hosted documents.  We believe those information is best utilised by attackers in their crafting of APT-based, phishing exploits.

MetaGooFil - http://tools.kali.org/information-gathering/metagoofil


root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************
['pdf']

[-] Starting online search...

[-] Searching for pdf files, with a limit of 100
        Searching 100 results...
Results: 21 files found
Starting to download 25 of them:


FOCA  - https://www.elevenpaths.com/labstools/foca/index.html



No comments:

Post a Comment