1. Metadata is "data about data". It provides info about a certain item's content like for example, an image may include metadata that describes when was the picture clicked,which camera was used to click the image,the resolution etc. A text document's metadata may contain information about how long the document is, who the author is, when the document was written, and a short summary kind of document.Metadata can be useful to Penetration Testers,because it contains information about the system where the file was created, such as Name of users logged into the system,Software that created the document and OS of the system that created the document.This post will introduce to a tool know as FOCA ...that stands for “Fingerprinting Organization with Collected Archives” is an automated tool for downloading documents published in websites, extracting metadata and analyzing data.”FOCA is a security-auditing tool that will examine metadata from domains. One can have FOCA use search engines to find files on domains or use local files.Here I share the link to download and the usage screen shots that are self explanatory in nature...
Download Link : https://www.elevenpaths.com/labs/tools/index.html
Works : Only with Windows OS
The first thing to do after launching FOCA is create a new project, as shown below :
Create button, as shown below :
Search All button so FOCA will use search engines to scan for documents.
Download option, as shown below:
In many cases, attackers will be able to see much more information and gather intelligence about a target, the network, usernames, etc… by using this tool.Though the tool is available with Kali but with newer versions it is only available with Windows....