FOCA - Fingerprinting Organisations with Collected Archives

A free video tutorial from Muharrem AYDIN
Computer Engineer, Ethical Hacking, Cyber Security Expert
44 courses
150,013 students
Lecture description
FOCA (Fingerprinting Organisations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.
Learn more from the full course
Penetration Testing and Ethical Hacking Complete Hands-on
Ethical Hacking, Penetration Testing (Pentest+), Bug Bounty, Metasploit , Free Hacking Tools as Nmap for ethical hacker
19:16:44 of on-demand video • Updated June 2025
Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system or network.
In addition to proficiency in basic computer skills and use of the command line, ethical hackers must also develop technical skills related to programming.
Ethical hacking is a good career because it is one of the best ways to test a network. An ethical hacker tries to locate vulnerabilities in the network.
Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS that anyone can modify it. It’s easy to access and customize .
Ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system. An ethical hacker operates.
The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems.
Whether you want to get your first job in IT security, become a white hat hacker, or prepare to check the security of your own home network.
The Certified Ethical Hacker (CEH) certification exam supports and tests the knowledge of auditors, security officers, site administrators
Passing the Certified Information Security Manager (CISM) exam indicates that the credentialed individual is an expert in the governance of information security
Penetration testing skills make you a more marketable IT tech. Understanding how to exploit servers, networks, and applications.
Penetration testing, or pen testing, is the process of attacking an enterprise's network to find any vulnerabilities that could be present to be patched.
Penetration tests have five different stages. The first stage defines the goals and scope of the test and the testing methods that will be used.
There are many types of penetration testing. Internal penetration testing tests an enterprise's internal network. This test can determine.
With Nmap, you will learn to identify the operating system and running service versions of the target system
Setting Up The Laboratory
Install Kali Linux - a penetration testing operating system
Install Windows & vulnerable operating systems as virtual machines for testing
Discover vulnerable applications
Vulnerability scanning, Exploit, Post Exploit, Payload
Gain control over computer systems using server side attacks
Exploit vulnerabilities to gain control over systems
Gathering password hashes, cracking passwords, taking screenshots, logging keystrokes etc.
Using backdoors to persist on the victim machine
Information Gathering Over the Internet Tools
Web App Hacking Tools
Social Engineering Toolkit (SET) for Phishing
The very latest up-to-date information and methods
ethical hacking
penetration testing
ethical hacking and penetration testing
English [Auto]
Footprinting, also known as reconnaissance, is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. Phoca fingerprinting organizations with collected archives is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages and can be downloaded and analyzed with phoca. It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, OpenOffice, or PDF files. These documents are searched for three possible search engines Google, Bing, and DuckDuckGo. Here's how you can download and install Phoca. You can download Phoca from the 11 paths website that is seen on this slide. Phoca is open source. You can download all the sources as well as the executable binary from github.com. Slash 11 paths. Slash Phoca to work with Phoca. Start a new project using project button on the upper left corner. Give the project a name and to the website and choose the folder to save the results to. When you finish filling the fields, click the create button to create a new project. After creating a new Phoca project, we can start a network scan from the tree at the left side, select network node. Now select the search types. The search types listed on the panel are. Web search. You can choose whether Google or Bing NN search dictionary search to perform DNS search using a dictionary. IP Bing to serve the domain names hosted on the same IP address, Shodan and Robtex queries, and click the start button to start the scan. Now we can collect some documents published by the target domain to collect their metadata from the tree. At the left side, select metadata node. You're supposed to see a panel similar to the one which is seen on the slide. Select the document types you want to collect, and click the Search All button to start the document search You can see the documents found under metadata node of the tree. You should download the documents to be able to extract the metadata. Right click the documents you want to download from the menu, select download. Now you can extract the metadata of the downloaded documents. You can understand if a document is downloaded from the download column of the table. Select the documents that you want to collect the metadata Rlhs. Right click and select Extract Metadata from the menu. You'll see the results under the metadata node of the tree. Now you got to remember before using Foca, this version does require SQL Server Express installed on our computer. So does that mean. Yeah. First we need to install the SQL server. Open up your browser. Go to SQL server download page and download the express version. That's all we need. All right. We'll just do the basic insulation, which. Yeah. Accept the terms. Choose the insulation location and follow the instructions. Just install it. It's going to take a little while. So what we're going to do we're going to use Foca in windows. So then we'll just go to the releases page on GitHub. And download the zip file and extract it. So let's have a look at the Foca interface. And let's just try it out. Yeah. So first we'll need to create a project. Now in this test we're going to scan Sasuke. And before we see Foca in action, we're going to need to configure the Foca options. So you'll need to just google the custom search API key. Now to get the search API key, there is documentation on the 11 paths GitHub wiki page, so you can learn your custom key search and configure your options. Don't worry, I'll wait for you. Now we can start a new scan. Select the network node from the tree. Select the search types on the dictionary search panel. You have to choose a valid dictionary. The default path is probably not valid. You can find a valid dictionary inside the DNS dictionary folder, which is under the bin folder where you found the Foca exec file. Click the start button to start the scan and let the scan continue for a couple of minutes. Let's collect the documents from the target website and extract their metadata. Select the metadata node from the tree. Select the document types you're interested in and click Search All button to find the documents. Let the search continue for a couple of minutes. Select the documents that you want to collect the metadata. Right click and select download. Select the downloaded documents. Right click and select Extract Metadata at this time. Look at the nodes under the metadata node of the tree, and you will see the metadata extracted from other downloaded documents. You can examine the metadata of each document one by one, or you can find valuable data summarized under the Metadata summary node. Usernames of the owners of the documents. Operating system where the document is created. Email addresses collected from the metadata of the documents, and more.