26 October 2007 | 14,820 views

Metagoofil 1.2 – Metadata Extractor Tool

Cybertroopers storming your ship?

What is this?

Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.)

How it works?

The tool first queries Google for different filetypes that can have useful metadata (pdf, doc, xls,ppt,etc), then it downloads those documents to the disk and run the program “extract” on every file.


This program take advantages from the “extract” program, so you need to install it in order to work.

In Debian is easy as:

OS X using Darwin ports:

For Windows you can download it here:


Make sure ‘extract’ binary is on your path, if not you can modify extcommand variable inside program to suite your needs.

You can download Metagoofil here:


Or read more here.


Recent in Forensics:
- Rekall – Memory Forensic Framework
- DAMM – Differential Analysis of Malware in Memory
- Malheur – Automatic Malware Analysis Tool

Related Posts:
- The Revisionist – Metadata Retrieval Tool
- Metagoofil v1.4 Released – Metadata and Information Gathering Tool
- Just-Metadata – Gathers & Analyse IP Address Metadata

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,213 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 33,249 views
- sslsniff v0.6 Released – SSL MITM Tool - 27,159 views

Advertise on Darknet

13 Responses to “Metagoofil 1.2 – Metadata Extractor Tool”

  1. Sandeep Nain 26 October 2007 at 6:31 am Permalink

    Thanks for sharing this with us Darknet.
    its portability to OSX is kool

    It reminds me of another Metadata Extraction Tool developed by National Library of New Zealand to programmatically extract preservation metadata from a range of file formats like PDF documents, image files, sound files Microsoft office documents, and many others…
    This tool is open source…

  2. dre 28 October 2007 at 1:41 am Permalink

    @Sandeep: do you have more information about that tool? Location?

    I’m also familiar with an earlier tool called The Revisionist, which only works for Word – but it has many hooks that I’d like to see make it into another revision of Metagoofil.

    The tool was written by Michel Zalewski and he demonstrates how ot use it here on his website.

  3. dre 28 October 2007 at 2:07 am Permalink

    There is a hilarious story about a Firefox developer’s business card from this past BlackHat USA 2007. RSnake posted a picture of the card, but failed to remove the underlying EXIF metadata. Thus, any skilled person could glean the striked-out phone number on the card. I’m surprised I didn’t hear too many people talking about this blunder, but it was covered in detail on Giorgio Maone

  4. AndyN 28 October 2007 at 10:31 pm Permalink

    Hiya, here’s some more info on the Metadata Extraction Tool developed by National Library of New Zealand.

  5. Sandeep Nain 29 October 2007 at 12:15 am Permalink

    Thanks AndyN for posting the link. Otherwise I would have to google it.

    There you go dre.

    This link will giveyou each and every detail you may require about the tool. This page also has a link to the sourforge project where you can download the complete code for this project.

    FYI, This tool works for MS Word2,MS Word 6, Word Perfect, OPen office, MS Works,Excel, Powerpoint , Tiff, JPEG, WAV, MP3, HTML, PDF, GIF and BMP.

    and this tool supports Windows and *nix OS

  6. Sandeep Nain 29 October 2007 at 1:02 am Permalink

    @dre, Thnks for sharing this article. its funny that someone like RSnake can make such a mistake.. well im sure he would have done this knowingly to play a prank.

    You can find thousand’s of pictures on networking websites like orkut, where people upload their original pics with slight modification (such as hiding their faces with rectangles) and assume that nobody will be able to recognise them. Needless to say that 99.9% don’t remove the metadata from the images.

  7. fazed 30 October 2007 at 4:43 pm Permalink

    this could be useful during a security test
    during the enumeration period. It may also
    be useful for beating very simple CAPTCHA’s

    nice idea! must check this out sometime.
    you could also use this to remove blanked out
    usernames and passwords in images then?

  8. dre 31 October 2007 at 6:28 am Permalink

    when i took my picture on orkut, there will be no metadata left to find me because i used the physical properties of the camera to prevent my eyes and above from showing

  9. Sandeep Nain 31 October 2007 at 6:52 am Permalink

    @dre, you are one of the smart one’s. Usually people click pictures for their personal use and then modify them to upload while uploadin them to orkut etc.

    and you clicked a picture specifically for that purpose… it makes sense.. :)

  10. dre 31 October 2007 at 7:07 am Permalink

    well now they have that facial recognition software stuff…

  11. Sandeep Nain 31 October 2007 at 9:30 am Permalink

    Who has the facial recognition stuff? are you talking about Google? Is it integrated to orkut? Sorry I didnt get you?

    I don;t think there is any people networking website whihc comes wth facial recognition software.. and i dont think its needed at all.

    moreover it will be intruding someone’s privacy

  12. Sir Henry 14 December 2007 at 7:13 pm Permalink

    Has anyone here seen the article about un-swirling the swirl filter in PS? That is scary for anyone who has posted to Orkut or anywhere else thinking that they won’t be recognized. But, this tool sounds wicked cool. I love it when people leave the metadata in place when they otherwise wish to remain anonymous.