Lecture Notes: Footprinting and Foca Tool
Overview
- Footprinting/Reconaissance: Technique to gather information about computer systems and their entities.
- Objective: Hackers collect information using various tools and technologies.
Foca Tool
- Purpose: Tool for finding metadata and hidden information in documents.
- Document Types Supported: Microsoft Office, OpenOffice, PDF files.
- Search Engines Used: Google, Bing, DuckDuckGo.
Downloading and Installing Foca
- Website: Can be downloaded from the Eleven Paths website.
- Open Source: Available at
github.com/elevenpaths/Foca.
- Requirements:
- Latest version requires SQL Server Express.
- Preferred version requires .NET Framework 3.5 and is portable (no installation needed).
- Installation Steps:
- Download the zip file.
- Extract the zip.
- Navigate to the 'bin' folder.
- Run
foca.exe file.
Using Foca
Creating a New Project
- Click on the Project button (upper left corner).
- Name the project, enter the website, choose save folder.
- Click Create to initialize project.
Network Scan
- Select Network node from tree.
- Choose search types (Web, DNS, IP, Shodan, and Robtext)
- Click Start to begin scan.
Metadata Collection
- Select Metadata node from tree.
- Choose document types, click Search All.
- Right-click documents to download for metadata extraction.
- Extract metadata by right-clicking downloaded documents.
- View results under Metadata node in tree.
Practical Steps
- Download Foca from Eleven Paths website.
- Find previous version to avoid SQL Server requirement.
- Read and accept EULA to download.
- Create New Project and fill required fields.
- Start Network Scan with valid dictionary (found in bin folder).
- Collect and Extract Metadata from selected document types.
- Analyze Metadata to find valuable information:
- Document owners' usernames.
- Operating system details.
- Email addresses from metadata.
Note: Make sure to save project files for future reference and usage.