Kali Linux – Metagoofil : Gathering document metadata
Document metadata refers to the information that is appended to documents so that applications can manage them during the creation and storage processes. Examples of metadata typically attached to documents include the following:
• The company or person who owns the application used to create the document
• The name of the document’s author
• The time and date that the document was created
• The date when the file was last printed or modified; in some cases, it will identify who made the modifications
• The location on the computer network where the document was created
• Some files, especially those created by cameras or mobile devices, may include geographic tags that identify where the image was created
Metadata is not immediately visible to the end user, so most documents are published with the metadata intact. Unfortunately, this data leakage can reveal information that can be used by a tester or attacker to facilitate an attack. At a minimum, testers and attackers can harvest user names by comparing them to data in documents; they can identify persons associated with particular data types, such as annual financial reports or strategic planning.
As mobile devices become more common, the risks associated with geographical metadata have increased. Attackers look for locations (cottages, hotels, and restaurants that are frequently visited) as sites that may allow them to launch attacks against users who have let their guard down outside the corporate perimeter. For example, if an employee of the target organization regularly posts pictures to a social media website while waiting for a commuter train, an attacker may target that
employee for a physical attack (theft of the mobile device), wireless attack, or even peek over the victim’s shoulder to note the username and password.
On Kali Linux, the tool Metagoofil performs a Google search to identify and download a target website’s documents (doc, docx, pdf, pptx, xls, and xlsx) and extract usernames, a software version, path storage names, and a server, or workstation names, as shown in the following screenshot:
Metagoofil downloads the specified number of documents to a temporary folder, and extracts and organizes the relevant metadata. It also performs this function against files that have previously been downloaded and are now stored locally.
One of the first returns of Metagoofil is a list of the users that are found. The following is a screenshot of a truncated list:
Metagoofil also identifies servers and pathnames of the documents. If certain documents of interest are localized with a particular user (for example, drafts of financial reports found on an administrative assistant’s workstation), that system can be targeted later during testing, as shown in the following screenshot:
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
If this article helped you to solve your problem please feel free to share it with your friends … with love and prosperity K4LINUX–TEAM.
With Love and Prosperity K4LINUX-TEAM.