FOCA - Fingerprinting Organisations with Collected Archives

English [Auto] Footprinting, also known as reconnaissance, is the technique used for gathering information about computer systems and the entities they belong to to get this information. A hacker might use various tools and technologies. Folke fingerprinting organizations with collected archives is a tool used mainly to find metadata and hidden information. The documents it scans these documents may be on Web pages and can be downloaded and analyzed with Folke. It's capable of analyzing a wide variety of documents with the most common being Microsoft Office, OpenOffice or PDF files. These documents are searched for three possible search engines Google, Bing and Duck Duck. Here's how you can download and install Folke. You can download Folke from the 11 Paths website that has seen on this slide, Folke is open source. You can download all the sources as well as the executable binary from GitHub dot com, slash 11 paths, slash Folke. However, this version requires SQL Server Express installed on the host machine. So I prefer to download and use the previous version of Folke, which requires dot net framework version three point five only. It's a portable version so you don't need to install it. Download the zip file, extract it. Go to the bin folder and run Folke dot exact file. That's it. To work with Folke start a new project using Project Button on the upper left corner. Give the project a name and to the website and choose the folder to save the results to when you finish filling the fields, click the create button to create a new project. After creating a new FOLKE project, we can start a network scan from the tree at the left side select network node. Now select the search types. The search types listed on the panel are web search. You can choose whether Google or Bing DNS Search Dictionary Search to perform DNS search using a dictionary IP Bing to serve the domain names hosted on the same IP address. Shodan and rob text queries and click the start button to start the scan. Now we can collect some documents published by the target domain to collect their metadata from the tree at the left side. Select metadata node. You're supposed to see a panel similar to the one which is seen on the slide. Select the document types you want to collect and click the search button to start the document search. You can see the documents found on the metadata node of the tree. You should download the documents to be able to extract the metadata. Right. Click the documents you want to download from the menu, select download. Now you can extract the metadata of the downloaded documents. You can understand if a document is downloaded from the download column of the table. Select the documents that you want to collect the metadata, right, click and select, extract metadata from the menu, you'll see the results under the metadata node of the tree. Let's see Folke in action. Find the 11 Paths Folke website. On the website, you see a download button, which brings you to the GitHub page of 11 paths. You can find the latest release version of Folke under Folker releases folder. It requires SQL Server Express installed on the host machine. Go back to the 11 Paths website. You can find a link to the previous version of Folke. Read and accept the Eulo and download the Folke product zip file. Extract the zip file. Go to Benfold and run Folke Dot exact file. On the project menu, select new project to create a new project, fill the boxes in carefully. And then click create save the project file for further usages. Now we can start a new scan, select the network node from the tree. Select the search types. On the dictionary search panel, you have to choose a valid dictionary, the default path is probably not valid. You can find a valid dictionary inside the DNS dictionary folder, which is under the Benfold where you found the Fogdog exact file. Click the start button to start the scan and let the scan continue for a couple of minutes. Let's collect the documents from the target Web site and extract their metadata, select the metadata node from the tree, select the document types you're interested in. And click search all button to find the documents, let the search continue for a couple of minutes. Select the documents that you want to collect the metadata. Right, click and select download. Select the downloaded documents, right, click and select extract metadata at this time, look at the nodes under the metadata node of the tree and you will see the metadata extracted from other downloaded documents. You can examine the metadata of each document one by one. Or you can find valuable data summarized under the metadata summary, note usernames of the owners of the documents operating system where the document is created, email addresses collected from the metadata of the documents and more.