Welcome to my Sixth tutorial on Information Gathering
In this tutorial we ll use Foca to gather information about our target.
Foca is a windows platform based tool which can be used to gather information about a website as well as find the subdomains and not only that Foca can find out many directory listing and other vulnerabilities in a website but what FOCA is famous for is analysing the metadata of a documents and files and extract the information using that metadata which makes if different from many other pentesting tools. Foca can be used single handed to gather all the other information we gathered in other parts but many times using those ways gives you a better understanding and some more in depth information too.
Metadata is an interesting and often unrealized problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat. Its impact is often misunderstood both from the publicity and security standpoint. On one hand, metadata provides the necessary data to help organize documents in enterprise document management systems. At the same time, if left in documents sent to others, it provides an unnecessary amount of extra information that could embarrass an organization or be used by an attacker to pull off a more targeted attack.
What kind of data can be found?
[#] Metadata: Information stored to give information about the document.
[#] Open Index or Insecure Information
[#] Maps the IP Structure into a Network.
[#] Juice Files, Basic Vulnerabilities for example: Links to internal servers, data hidden by format, etc
1. FOCA is a Windows only tool. When you install FOCA, you may be asked to install .NET Framework or other dependancies.
2. We will be using FOCA 3.2 for this demo.
3. The first thing after launching FOCA is to create a New Project.
4. Once you name your project and decide where you want to store the project files, click on the Create button.
5. Save your project file.
6. Hit the Search All button and FOCA will use search engines to scan for documents.
This is all on Foca, see you in the Next tutorial of Information Gathering.