FOCA v3.4.7 releases: find metadata and hidden information in the documents
FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages and can be downloaded and analyzed with FOCA.
It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files, for instance.
These documents are searched for using three possible search engines: Google, Bing, and DuckDuckGo. The sum of the results from the three engines amounts to a lot of documents. It is also possible to add local files to extract the EXIF information from graphics files, and a complete analysis of the information discovered through the URL is conducted even before downloading the file.
FOCA includes a server discovery module, whose objective is to automate the process of searching for them using recursively linked techniques. The techniques used in this regard are:
- Web Search
Looks for names of hosts and domains through the search of URLs associated to the main domain, each link is analyzed to extract from it new hostnames and domain names.
- DNS Search
Each domain will be asked which hostnames are configured on the NS, MX and SPF servers to discover new hostnames and domain names.
- IP Resolution
Each hostname will be resolved against the DNS to obtain the IP address associated with that server name. For this task to be as accurate as possible, the query is made against an internal DNS of the organization.
- PTR Scanning
To find more servers in the same segment of a given IP address, FOCA will perform a PTR record scan.
- Bing IP
For each discovered IP address, a search process of new domain names associated with that IP address will be launched.
- Common names
This module is designed to perform dictionary attacks against the DNS. Use a text file where you add a list of common hostnames such as ftp, pc01, pc02, intranet, extranet, internal, test, and so on.
- DNS Prediction
Used for those environments in which a computer name has been discovered that may give rise to thinking that a pattern is being used in the naming system.
The Robtex service is one of the many services available on the Internet to analyze IP addresses and domains, FOCA uses it to try to discover new domains by looking at the information that Robtext has of it.