Metagoofil – Public Documents Metadata Collector

Metagoofil is another OSINT tool that will help security tester in extracting metadata of public documents (pdf,doc,xls,ppt,etc) that can be found online for the targeted website. Documentation may include company internal information such as usernames, people names or interesting “paths” of the documents, where we can get shared resources names, server names, etc.

The tool will search on Google for the required documents next it will download the data and parse the metadata with several libraries to find the required internal information.

Metagoofil - Public Documents Metadata Harvester
Metagoofil – Public Documents Metadata Harvester

Currently user will have the following options when running the tool:

  • -d: this will allow to search targeted domain
  • -t: select the file type to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
  • -l: make a limit for the search results
  • -h: work with documents in directory (use \”yes\” for local analysis)
  • -n: limit of files to download
  • -o: working directory (location to save downloaded files)
  • -f: output file\n

Once attacker identify the online information this data can be used for the next round of attack such as bruteforce or phishing attack. Attacker may also search social network for the next target so here there will be a wide range of possible attack vectors.

You can read more and download this tool over here: https://github.com/laramies/metagoofil

Share