Metagoofil: information gathering tool
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. Metadata is “data [information] that provides information about other data”. When we create a document, such as Word or PowerPoint presentations, additional data will be created and stored in the document. These data are usually descriptive information about the document, including the file name, file size, the user name of the author or creator, and the location or path where the file is saved. This process is done automatically without user input or intervention.
If an attacker can read this information, they can have a unique view of the target company’s username, system name, file sharing, and many other good things. MetaGooFil is such a tool, can search on the Internet belongs to the target document. Once found, MetaGooFil will download these documents and try to extract useful metadata.
Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.