Metagoofil is an awesome Information gathering tool that can be used for extracting lots of information from Word Documents, Presentation files, PDF’s, Excel Sheets, .jpg images and lots of other formats. Metagoofil also can provide a lots of constructive information during the penetration testing just by scanning the gathered files. Lets learn how to extract information from documents, images using Metagoofil on our Kali Linux.
Metagoofil utilizes the Google search engine to get metadata from the documents available in the target domain. Currently, it supports the following document types:
- Word documents (.docx , .doc)
- Spreadsheet documents (.xlsx , .xls , .ods)
- Presentation files (.pptx , .ppt , .odp)
- PDF files (.pdf)
Metagoofil works by executing following actions:
- It searches for all of the preceding file types in the target domain using the Google search engine.
- Then it downloads all of the documents found and saving them to the local disk.
- It extracts the metadata from the downloaded documents.
The metadata that can be found includes the following:
- Usernames
- Server or machine names
- Software versions
This information may be valuable and used later during the penetration testing phase. Metagoofil comes pre-installed with the full version of Kali Linux, if not then we can easily install it from the repository by using sudo apt-get install metagoofil command.
We can see the help (options) of Metagoofil by using following command on our terminal:
Then we can see the help options as in the following screenshot:
Let's use it and know how to use Metagoofil. First of all we need a target, we took the domain example.com as our target and runs Metagoofil aginst it by using following command:
Here we specify our domain using -d flag, and uses -t flag to specify file types we are looking for, -l to limit the search for every file types (20 in our case), using -n flag we specified that we want to download only 5 files. We can changes the values used in this command as per our requirement.
Now we run the command on our terminal and after sometime (Metagoofil take some time to scan) it will show us the results, as we can see in the following screenshot:
Here our target website is a blank website, so it can't find anything on this website. But if we provide a healthy target then it can gather a lot of information.
This is how we can gather information using metadata from Google search engine using Metagoofil on our Kali Linux. We should always remember that information gathering is the most crucial part of penetration testing.Love our articles? Make sure to follow us on Twitter and GitHub, we post updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.