Metagoofil _VERIFIED_ Download Metadata Information Gathering Tool
The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.
Metagoofil Download Metadata Information Gathering Tool
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn and so on. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, shared resources etc.
The Metagoofil is an information-gathering tool. This is a free and open-source tool designed to extract all the metadata information from public documents that are available on websites. This tool uses two libraries to extract data. These are Hachoir and PdfMiner. After extracting all the data, this tool will generate a report which contains usernames, software versions, and servers or machine names that will help Penetration testers in the information-gathering phase. This tool can also extract MAC addresses from Microsoft office documents. This tool can give information about the hardware of the system by which they generated the report of the tool.
Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.
As per the official website, Metagoofil is an information-gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.
Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner?, and others. With the results, it will generate a report with usernames, software versions, and servers or machine names that will help Penetration testers in the information-gathering phase.
Results example, list of path disclosure found on all analyzed files:Now with all the information, you can prepare better your penetration tests.Known problems:The Windows and osX version of the tool libextractor (dependency) doesn't work fine. On windows you have to copy lib\libextractor\*.dll to bin\ first, and if still doesn't work, try appending "-l libextractor_ol2" in the extcommand variable on the metagoofil.py file. And on osX by default does not support Office documents.Usage: metagoofil options-d: domain to search-f: filetype to download (all,pdf,doc,xls,ppt,odp,ods, etc)-l: limit of results to work with (default 100)-o: output file, html format.-t: target directory to download files.Example:metagoofil.py -d microsoft.com -l 20 -f all -o micro.html -t micro-filesUsing Metagoofil to extract metadata from public documents found via GoogleThis video will show how to get Metagoofil up and running under Ubuntu Linux.Dim lightsEmbed Embed this video on your siteSocial BookmarksComments (0)Leave a commentPlease login to leave a comment. Optional login below.
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. It is a part of reporting tools under Kali Linux framework. It can give a lot of important information by scanning the obtained files. It can generate an HTML page with the result of the metadata extracted, plus a list of potential usernames, very useful for preparing a brute force attack on open services like ftp, web application, VPN, pop3, etc. These type of information help penetration tester during the information gathering phase of the security assessment.
As shown below, the tool is started searching for the given type of files. The tool has found total 115 files with .pdf extension. Since the number of files to download is set to 5, metagoofil will download only five files for each extension.
Although Magic Tree and Dradis are performing a similar set of tasks, they have their own pros and cons. The decision to choose the tool is based on the individual requirements. Both the tools could be combined for very good project management. On the other hand, Metagoofil is a very powerful tool to extract the metadata from publicly available documents and generate a report containing important information like username, path of the document, software version, email id, etc. which can be used in different phases of penetration testing.
This information may be valuable and used later during the penetration testing phase. Metagoofil comes pre-installed with the full version of Kali Linux, if not then we can easily install it from the repository by using sudo apt-get install metagoofil command.
As we are surrounded in this world by automation, it is necessary to take security measures so as to protect the networks, data, information, systems, enterprise infrastructure from threats and vulnerabilities. Such security tools need to be tested on regular intervals to maintain a problem-free network and infrastructure. Let us have a look at some Security Testing Tools for Cyber Security Engineers.
The Wayback Machine tool initially provided a location to keep the digital artifacts safe for historians and researchers. But it can also be viewed as a mode of entertainment where you can see what pages looked like back in 2001. Another use is to access a page from a website that no longer exists. The Wayback machine will allow you to obtain a site that has been shut down, and you might still be able to download files that previously existed on that page.
The Metagoofil tool extracts metadata of public documents like pdf, doc, Xls, ppt, ODP, ods, which are available on the target website. This tool initially performs searches in Google to identify and download documents to a local disk. After downloading, libraries like PdfMiner, Hachoir, etc. extract metadata. It then generates a report with username, versions of software, and servers or machine names, which will help them penetrate in information gathering phase.
IEWatch is a plugin for Microsoft Internet Explorer that allows capturing HTTP traffic and analyzing HTML code. It is for web developers, site administrators, and quality assurance engineers. IEWatch is an essential web development tool to get the job done fast and efficiently. IEWatch can display HTTP duration information in a timeline chart. The HTML code window features color syntax highlighting and a breakdown of the HTML elements such as images, links, forms, flash objects, and scripts.
To steal your identity, a cybercriminal doesn't have to have direct access to your bank account or other personal information. Often, he collects information about you from a variety of seemingly innocuous sources, then uses that data to map out a strategy to crack your online defenses and drain your accounts.Such methods are well-known to security professionals. But what those same professionals often overlook is this approach also can be used to crack the defenses of sensitive business files, as well. Rather than trying to gain access to your data, itself, the bad guys are analyzing the so-called harmless information about your files -- collectively known as metadata -- and using it to develop attacks that can drain your business of its most sensitive information.Metadata is a powerful feature of many document and file types, including Microsoft Office documents, PDFs, JPGs, ZIP files, and multimedia formats. Depending on the application and the file, metadata might contain information such as author names, user names, version of the software used to create the file, the user's operating system, and sometimes even the computer's MAC address. Armed with this data, an attacker can develop exploits that might work not only on a specific file, but on all similar file types in an enterprise.Armed with this data, an attacker can target users, as well as the computing environment within their enterprises. Several instances of metadata mishaps have been in the news in recent years. In one case, attackers used data they collected from the "track changes" feature in Microsoft Word. In another case, they took advantage of failed attempts to black out data in PDF files.These cases make it clear: Once your documents leave the internal network -- either through email or Web publishing -- those files and the metadata they contain are fair game for attackers.Many security professionals know about metadata, but they don't really know how it can be used against their organizations. The first stage of leveraging metadata for an attack is gathering it. Both attackers and pen testers have a bevy of tools available solely for this purpose.The simplest way to gather the data is by using the native tool that created the document. For example, Word Document metadata can be viewed within the Properties menu option in Microsoft Word, or by enabling the viewing of previous edits with the "Track Changes" option. Similarly, Adobe Acrobat can display PDF metadata.While manual extraction of metadata using native tools is definitely effective, it is possible to miss some of the hidden metadata. Plus, the process is slow and monotonous. Two readily-available hacking tools -- MetaGooFil and CeWL -- were created to expedite the collection process by automating the search, download, and extraction of metadata from documents available on the Internet.MetaGooFil was the first tool on the scene, and it uses Google to search for files of specific type. Once it finds and downloads files, the metadata is extracted and displayed in a HTML report that shows the information found in each file. The end of the report includes a summary of authors and file paths -- information that can be important later on, during other attack phases.CeWL takes a different approach, spidering a Website to create a word list that can be used for password brute-forcing. It can also collect email addresses, authors, and user names from metadata found in Microsoft Office documents. Included with CeWL is a "Files Already Bagged" (FAB) tool that processes files already acquired.Once collected, metadata can be used in many different attack techniques. Password brute-forcing is one of the most commmon. An attacker takes the word list created by CeWL and uses it against account names found in metadata. The actual account names can be found from the author field, email addresses, and file paths (e.g., C:\Documents and Settings\User007).Metadata is also helpful in social engineering attacks. Knowing the five different authors of a document, an attacker can "drop names" via the phone to make his scheme seem more credible. Similarly, location information contained in photos could be mentioned, making the calls seem more legit.Spear-phishing email could target all of the authors who worked on one particular document. Knowing which version of software was used to create the file, an attacker could also email client-side exploits to individuals who use particularly vulnerable versions of Microsoft Word or PowerPoint.Metadata can also help with physical theft. For example, users may post images to Flickr or Twitter from a phone that enables geotagging. This information can give attackers the location about a target's home or business, and where he might be on a daily basis. Similarly, the MAC address of the system can indicate the type of hardware used, making it easier to identify mobile workers who are likely to have laptops that are kept in places where they might be easy to steal.Metadata is commonly overlooked in corporate security defenses, but it can lead to disastrous results if used by a knowledgeable attacker. If you want to know more, read Larry Pesce's excellent GCIH certification paper, "Document Metadata, The Silent Killer." It's a great read for anyone who wants to learn more about the dangers of metadata.In our next Tech Insight, we'll look at how you can build defenses that limit an attacker's ability to collect and use metadata.Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message