Introduction to pentesting: Reconnaissance


Another excellent information-gathering tool is “MetaGooFil”. MetaGooFil is a metadata extraction tool that is written by the same folks who brought us the Harvester. Metadata is often defined as data about data. When you create a document like Microsoft Word or a PowerPoint presentation, additional data is created and stored within your file. This data often includes various pieces of information that describe the document including the file name, the file size, the file owner or username of the person who created the file and the location or path where the file was saved. This process occurs automatically without any user input or interaction.

The ability of an attacker to read this information may present some unique insights into the target organization including names, system names, files shares and other goodies. MetaGooFil is a tool that scours the Internet looking for documents that belong to your target. After finding these documents, MetaGooFil downloads them and attempts to extract useful data.

MetaGooFil is built into BlackArch and can be executed by issuing “metagoofil” in a terminal.

It’s a good idea to create a “files” folder. The purpose of this folder is to hold all the target files that will be downloaded; this keeps the directory in which you’re executing this tool clean. You can create a new folder by entering:

mkdir files

With this directory setup, you can perform a search with MetaGooFil by issuing the following command:

metagoofil -d -f all -o results -t files

Let us examine the details of this command. “metagoofil” is used to invoke the MetaGooFil tool. The “-d” parameter is used to specify the domain to be searched. The “-f” parameter is used to specify which type or types of files you want MetaGooFil to attempt to localize. Utilizing the “all” keyword will force MetaGooFil to locate and download all the different format types that it can process including ppt, pdf, xls, odp, docx and others. You can also specify individual file types to limit the returned results. We use the “-o” switch to specify the name of the report that MetaGooFil will generate for us. Lastly, we specify the folder where we want to store each of the files that MetaGooFil locates and downloads. In an earlier step we created a “files” directory; as a result, our command “-f files” will save each of the discovered documents into this folder.

While the output from MetaGooFil against h4ck1ngb00tc4mp reveal nothing, below you’ll find a sample of the tool’s output that provides additional value and should be included in our reconnaissance data.

C:\Documents and Settings\maxine\My Documents

This example is rich with information. First, it provides a valid network username “maxine”. Second, it clearly shows that Maxine uses a Windows machine.