Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.This information could be useful because you can get valid usernames, people names, for using later in bruteforce password attacks (vpn, ftp, webapps), the tool will also extracts interesting “paths” of the documents, where we can get shared resources names, server names, etc.
Installation:
git clone https://github.com/laramies/metagoofil.git
Cloning into 'metagoofil'...
remote: Enumerating objects: 408, done.
remote: Total 408 (delta 0), reused 0 (delta 0), pack-reused 408
Receiving objects: 100% (408/408), 658.55 KiB | 11.55 MiB/s, done.
Resolving deltas: 100% (128/128), done.
The following options are available:
python2 metagoofil.py
-d: domain to search
-t: filetype to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
-l: limit of results to search (default 200)
-h: work with documents in directory (use "yes" for local analysis)
-n: limit of files to download
-o: working directory (location to save downloaded files)
-f: output file
Examples:
metagoofil.py -d target.nl -t doc,pdf -l 200 -n 50 -o applefiles -f results.html
metagoofil.py -h yes -o applefiles -f results.html (local dir analysis)
here is another example of grabbing the metadata & usernames for target.nl, with an limit of 10 documents and files, only pdf’s and redirect this output to /tmp/output_metagoo.html
The output has been generated and is fully accessible/readable by opening the file: /tmp/output_metagoo.html
python2 metagoofil.py -d target.nl -t pdf -l 10 -n 10 -o /tmp -f /tmp/output_metagoo.html
******************************************************
* /\/\ ___| |_ __ _ __ _ ___ ___ / _(_) | *
* / \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
* / /\/\ \ __/ || (_| | (_| | (_) | (_) | _| | | *
* \/ \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
* |___/ *
* Metagoofil Ver 2.2 *
* Christian Martorella *
* Edge-Security.com *
* cmartorella_at_edge-security.com *
******************************************************
['pdf']
[-] Starting online search...
[-] Searching for pdf files, with a limit of 10
Searching 100 results...
Results: 87 files found
Starting to download 10 of them:
----------------------------------------
[1/10] /?sa=X
[x] Error downloading /?sa=X
[2/10] /advanced_search
[x] Error downloading /advanced_search
[3/10] https://www.target.nl/files/onderzoeksrapportmh17.pdf
[x] Error in the parsing process
[4/10] https://www.target.nl/files/docs/Nieuwe_mobiele_abonnementen_KPN.pdf
[x] Error in the parsing process
[5/10] https://www.target.nl/files/Frauderapport.pdf
[6/10] http://www.target.nl/files/Frequentieveiling.pdf
[7/10] https://www.target.nl/files/Verweer.pdf
[8/10] https://www.target.nl/files/Lintjesregen2015.pdf
[x] Error in PDF metadata Software
[x] Error in PDF metadata Creator
[9/10] https://www.target.nl/files/Verizon.pdf
[10/10] https://www.target.nl/files/2014D47816.pdf
processing
[+] List of users found:
--------------------------
Corinne
��water
[+] List of software found:
-----------------------------
Nitro PDF PrimoPDF
PrimoPDF http://www.primopdf.com
Xerox WorkCentre 5230A
KONICA MINOLTA bizhub 363
KMBT_363_Torres
Adobe PDF Library 11.0
Adobe InDesign CC (Macintosh)
��OpenOffice 4.1.1
��Writer
[+] List of paths and servers found:
---------------------------------------
[+] List of e-mails found:
----------------------------
info@target.nl
dbir@target.nl
