Metagoofil Tutorial : Extract Information from Docs,Images and more !!
Metagoofil is an excellent Information gathering tool that can be used for extracting tons of Information from Word Documents , PDF’s , Excel Sheets , .jpg Images and lots of other formats . Metagoofil therefore can provide a lots of fruitful information during the penetration testing just by scanning the files gathered. Lets learn how to extract information from documents, images using Metagoofil Tutorial.
This will become more clear with the following example : Not very far back , I was conducting a Penetration test for one of my company’s client that was a fortune 500 . Now they had certain files uploaded and also some presentations all present over the internet . Well , very common and shouldn’t be a problem. But on analyzing these documents we were able to get Email , mobile phone number and some more information of high level employees . These were further used to social engineer our way into the organisation.
Metagoofil already exists in Kali Linux and is an excellent tool to use when it comes to analyzing the files for Meta Data in them . This Meta Data is just some Data about the file and used by the programs . The Meta data is neither ment to be seen by the user nor of any use for the user . Its there to be used by the program.
Metagoofil can be used to extracting the Meta Information from a variety of formats such as word , pdf , .jpg etc including the HTML web pages.
Here is a Tutorial on the Usage of Metagoofil for Penetration Testers:
Metagoofil can be found on the menu such as picture below:
Finding Metagoofil in Kali Linux
To start using Metagoofil , Open terminal :
root@kali:~# metagoofil
This is what you should see on the terminal
****************************************************** * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | * * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | * * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | * * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| * * |___/ * * Metagoofil Ver 2.2 * * Christian Martorella * * Edge-Security.com * * cmartorella_at_edge-security.com * ****************************************************** Usage: metagoofil options -d: domain to search -t: filetype to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx) -l: limit of results to search (default 200) -h: work with documents in directory (use "yes" for local analysis) -n: limit of files to download -o: working directory (location to save downloaded files) -f: output file Examples: metagoofil.py -d apple.com -t doc,pdf -l 200 -n 50 -o applefiles -f results.html metagoofil.py -h yes -o applefiles -f results.html (local dir analysis)
Here is a screenshot of the Metagoofil .
metagoofil Usage Example 1
root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html ****************************************************** * /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | * * / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | * * / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | * * \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| * * |___/ * * Metagoofil Ver 2.2 * * Christian Martorella * * Edge-Security.com * * cmartorella_at_edge-security.com * ****************************************************** ['pdf'] [-] Starting online search... [-] Searching for pdf files, with a limit of 100 Searching 100 results... Results: 21 files found Starting to download 25 of them:
metagoofil Usage Example 2
metagoofil -d example.com -t doc,pdf -l 20 -n 10 -o ddos -f example.html
This is one other way of Information Gathering using the available documents in the Domain that we specify . Hope you all have enjoyed Metagoofil Tutorial by Hackingloops.