Metagoofil
Jump to navigation
Jump to search
Description
Metagoofil is an information gathering tool designed for extracting metadata of public/indexed documents (pdf,doc,xls,ppt,odp,ods) available in the target/victim websites.
The output is a file that can reveal:
- relevant metadata information
- usernames (potential targets for brute force attacks on open services like ftp, pop3, auths in web apps, ...)
- list of disclosed paths in the metadata
These information will enable the hacker to:
- Identify usernames to brute force
- guess OS, network names, shared resources, mac addresses (from MS Office documents)
- ...
Here is how it works:
file 1 \ file 2 \ file 3 ---> extractor ---> results.html ... / /filtering file n /
All/filtered files are sent to the extractor that analyzes and extracts metedata information to produce the report.
Installation
Dependencies
$ sudo apt-get install python extract
Metagoofil
$ cd /data/src/ $ wget http://www.edge-security.com/soft/metagoofil-1.4b.tar $ mkdir -p /pentest/enumeration/google/ $ tar xf metagoofil-1.4b.tar -C /pentest/enumeration/google/
Usage
Basic syntax
$ python metagoofil.py <option>
Options
- -d <domain>
- Domain to search
- -f <type>
- Filetype to download (all,pdf,doc,xls,ppt,odp,ods, etc)
- -l <number>
- Limit of results to work with (default 100)
- -o <path>
- Output file (html format)
- -t <path>
- Target directory to download files
Example
Stdio
Here is the STDIO output of our example:
$ python metagoofil.py \ -d ******club.net \ -l 100 \ -f all \ -o output.html \ -t output-files ************************************* *MetaGooFil Ver. 1.4b * *Coded by Christian Martorella * *Edge-Security Research * *[email protected] * ************************************* [+] Command extract found, proceeding with leeching [+] Searching in ******club.net for: pdf 24 [+] Total results in google: 24 [+] Limit: 24 [+] Searching results: 0 [+] Searching results: 20 [ 1/27 ] http://www.******club.net/******/******-Saison2006-2007/******_10_18.pdf metagoofil.py:295: DeprecationWarning: os.popen4 is deprecated. Use the subprocess module. stdin,stderr = os.popen4(command) john Title(C est la Rentree ) [ 2/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S14_Telethon.pdf [ 3/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S02_Rentree_2009.pdf [ 4/27 ] http://www.******club.net/******/******-Saison2006-2007/HS/******_Cassis_Octobre2006.pdf UserStd Title(Microsoft Word - ******_Cassis_Octobre2006.doc) [ 5/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S12_Beffes.pdf [ 6/27 ] http://www.******club.net/Presse/Subaqua_Avril_2010_SPC_Telethon.pdf [ 7/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S07_Octobre_2009.pdf [ 8/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S17_Fevrier_2010.pdf [ 9/27 ] http://www.******club.net/******/******-Saison2010-2011/******_14-S01_Rentree_2010.pdf [ 10/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S15_Janvier_2010.pdf [ 11/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S05_Rentree_2009.pdf [ 12/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S20_Mai_2010.pdf [ 13/27 ] http://www.******club.net/******/******-Saison2009-2010/******_13-S09_Novembre_2009.pdf [ 14/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S21_Regate_LaRochelle.pdf [ 15/27 ] http://www.******club.net/******/******-Saison2010-2011/HS/******_14_HS2.pdf [ 16/27 ] http://www.******club.net/******/******-Saison2008-2009/HS/******%2012-S10%20Marseille.pdf [ 17/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S22_Nemo.pdf [ 18/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13_S16_PSC1.pdf [ 19/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S23_Tech.pdf [ 20/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S24_AG.pdf [ 21/27 ] http://www.******club.net/******/******-Saison2008-2009/HS/******%2012-S02%20Cannes%202009.pdf [ 22/27 ] http://www.******club.net/******/******-Saison2010-2011/HS/******_14_HS1%20-%20Assurances.pdf [ 23/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S10_Sanary.pdf [ 24/27 ] http://www.******club.net/******/******-Saison2010-2011/HS/******14_HS4_Ste%20Maxime.pdf [ 25/27 ] http://www.******club.net/******/******-Saison2010-2011/HS/******14_HS3_nouveaux%20pirates.pdf [ 26/27 ] http://www.******club.net/******/******-Saison2007-2008/HS/******_11-S04.pdf \376\377\000E\000r\000i\000c [ 27/27 ] http://www.******club.net/******/******-Saison2009-2010/HS/******_13-S25_Egypte.pdf [+] Searching in ******club.net for: doc 6 [+] Total results in google: 6 [+] Limit: 6 [+] Searching results: 0 [+] Directory output-files already exist, reusing it [ 1/8 ] http://www.******club.net/******/******-Saison2006-2007/******_10_08.doc [ 2/8 ] http://www.******club.net/Presse/Affiche-du-31-mars-2003.doc [ 3/8 ] http://www.******club.net/Presse/communique-du-23-mars2002.doc [ 4/8 ] http://www.******club.net/******/******-Saison2006-2007/RACKAM_10_11.doc [ 5/8 ] http://www.******club.net/******/******-Saison2005-2006/RACKAM_9-08.doc [ 6/8 ] http://www.******club.net/******/******-Saison2005-2006/RACKAM_9-07.doc [ 7/8 ] http://www.******club.net/******/******-Saison2005-2006/RACKAM_9-13.doc [ 8/8 ] http://www.******club.net/******/******-Saison2005-2006/HS/******_Thailande.doc [+] Searching in ******club.net for: xls 0 [+] Total results in google: 0 [+] Searching in ******club.net for: ppt 0 [+] Total results in google: 0 [+] Searching in ******club.net for: sdw 0 [+] Total results in google: 0 [+] Searching in ******club.net for: mdb 0 [+] Total results in google: 0 [+] Searching in ******club.net for: sdc 0 [+] Total results in google: 0 [+] Searching in ******club.net for: odp 0 [+] Total results in google: 0 [+] Searching in ******club.net for: ods 0 [+] Total results in google: 0 [+] Searching in ******club.net for: docx 0 [+] Total results in google: 0 [+] Searching in ******club.net for: xlsx 0 [+] Total results in google: 0 [+] Searching in ******club.net for: pptx 0 [+] Total results in google: 0 Usernames found: ================ john UserStd \376\377\000E\000r\000i\000c Paths found: ============ (Windows\))/\ \ Normal\ [+] Process finished
And extracts of the generated report:
Report in HTML format
