What is Metagoofil?

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

How does it work?

Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.

Experiment

for this experiement, the website that I am going to use will be team3.pentest.id.

First, if you don’t have metagoofil yet, download it by typing this command to your terminal.

As you can from this image, there are a lot of extended commands that can be used in your commands,

“metagoofil -d team3.pentest.id -t pdf -n 50 -o Final_Project -f team3.html” is used to begin in finding and extracting the metadata to a predefined document.

Unfortunately, it appeared that the metadata on the target website couldn’t be found.