Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available on the target/victim website.
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn and so on. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, shared resources etc.
This new version extracts MAC address from Microsoft Office documents. Now you can have an idea of what kind of hardware they are using.
All this information should not be available on the net, but most of the companies don’t have policies about information leaking… and most of them don’t know this information exists. So you can show them what information an attacker can obtain, with this simple technique.
You can download Metagoofil v1.4 here:
MetaGooFil 1.4 (tar) (20/04/2008)
Or read more here.
Subscribe to Darknet RSS Feed Stored in: Hacking Tools, Privacy, Web Hacking
Related Posts:
- Metagoofil 1.2 – Metadata Extractor Tool
- The Revisionist – Metadata Retrieval Tool
- FireCAT 1.3 Released – Firefox Catalog of Auditing Extensions
- DNSenum – Domain Information Gathering Tool
- dnsmap 0.22 Released – Subdomain Bruteforcing Tool
- WifiZoo v1.3 Released – Passive Info Gathering for Wifi
| 7,765 views |
WOW, I wish I was capable enough to use this tool
. But no worries some day I will be.
wow very nice tool, I am about to do some web security work could be good to have this in the toolkit.
This tool might go along well with http://www.remote-exploit.org/codes_wyd.html
Very cool!
It’s amazing to see how black hat software is developing and what white hats are doing to counter it. Keep up these security articles, really enjoy reading them!
Ooooo Random post!
Ok so I have been a windows/hackintosh user for quite some time and I now want to make a switch (or triple boot) to linux. My question is which distro would be a good match for my needs (I know there is no best).
For now it would be used for basic tasks like music editing/playing, word processing, video editing, programming (c++, java for now), and hopefully gaming (I will prob have to use wine or codeweavers for this though).
Thanks!
Ubuntu is easy to use and install and has all the advanced stuff under the bonnet if you need it. It is a stable snapshot of debian with a healthy helping of usability tweaks.
As for gaming on Linux I don’t game much as none of my PC’s have the graphics card to do so, but from the little gaming I have done, it is difficult to get everything working in wine, even on older games. Native games are the way to go and there are some really good comparable ones or free ones that are awesome, nexuiz, freecraft, quake3 and 4 come to mind.
em3rc –
If you have any *nix experience, I would suggest ArchLinux. Although it does take some time to setup and get going, it is very stable and has great docs.
If you want something out-of-the-box, Ubuntu is great. The OS has great support forums with info on almost anything you could want and it also supports and comes preloaded(or just a few clicks will install) with all of your word processing, music editing/playing, video, and programming needs. The reason I stepped away from Ubuntu was the fact that I felt limited because almost everything was done for me. I need an OS that I can customize with more ease.
http://www.zegeniestudios.net/ldc/ helped me out a lot when I was choosing a distro.
Also, http://www.distrowatch.com has good search features.
Good Luck
@Changlinn
Thanks, I’ve tried out Ubuntu out and really liking it. I’ve heard a lot about distros like Fedora and SuSe but I’ll stick with the big U for now.
@matt
I think I might try out Ubuntu and do dual boot with ArchLinux, XP, and Ubuntu. Thanks for the suggestions!
@eM3rC
No problem. Linux users area fickle bunch, I have gone from Redhat to fedora, to Feather, to DSL, to Debian, and finally to Ubuntu, which I have been on for some time. As matt says it can be limiting in that everything is done for you, I feel you can still customize what you need beyond this and I like the fact that a lot is done, so I can just use it and get on with my work, if I didn’t want this I would go Gentoo or LFS
“Linux users are a fickle bunch”
Very true Changlinn. If you do any searching for “Which distro is best for me?” you will find the best answers are those that tell you to keep trying them out for yourself until you find one you like.
@eM3rC
As many have mentioned before, to start try Suse, Ubuntu, Fedora or Mandriva. All have quite good hardware support (laptop is a slightly bigger problem though). You can buy SuSe with an excellent manual or go for one of the download variants and buy a decent book.
As you get more proficient you can switch to Debian, Gentoo,Arch or even LFS.
For a plain easy setup and usable desktop environment go for SuSe or Ubuntu.
I personally run Suse on my desktop and beat up Latitude C600, the home servers are running BSD.
im using ubuntu and its really nice
Great tool. I’ve been using it for a good while now for early recon stages of a pen test.
The addition of MAC address extraction is, IMO, a minor improvement but it’s nice to see development continues!
About that MAC address…. Didn’t Microsoft remove that ‘feature’ in a more recent release or patch?
On the Linux thread, I’m using Fedora for the supported software and Slackware because I’m a masochist.
Thanks for all the replies guys!
I think I’ll start out with Ubuntu and work on that for a while then start testing out the different linux OSs.
How am I the second highest poster when I’m not even trying?!?
Great tool! Now I have to find out how to delete meta data from my files!
I tried this tool its finding the files on site but not downloading or retrieving any meta data from it help me please