information gathering – metagoofil

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites.
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc.

How does it work? MetaGooFil basically: Search in google, for interesting documents in the target site. Example: filetype: pdf

backtrack 5r1




root@bt:/pentest/enumeration/google/metagoofil#./ -d (Site URL minus the www. ie -t doc,pdf -l 200 -n 50 -o /root/Desktop/metagoofil-folder/ -f /root/Desktop/results.html

create folder on your desktop called metagoofil-folder as all files found will be placed here.

metagoofil options

-d: domain to search
-t: filetype to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
-l: limit of results to search (default 200)
-h: work with documents in directory (use “yes” for local analysis)
-n: limit of files to download
-o: working directory
-f: output file

Examples: -d -t doc,pdf -l 200 -n 50 -o microsoftfiles -f results.html -h yes -o microsoftfiles -f results.html (local dir analysis)

One thought on “information gathering – metagoofil

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s