FOCA - Fingerprinting Organisations with Collected Archives

Muharrem AYDIN
A free video tutorial from Muharrem AYDIN
Computer Engineer, Ethical Hacking, Cyber Security Expert
4.5 instructor rating • 27 courses • 116,858 students

Lecture description

FOCA (Fingerprinting Organisations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.

Learn more from the full course

Penetration Testing and Ethical Hacking Complete Hands-on

Ethical Hacking Career Guide. Ethical Hacking Penetration Testing(Pentest+) with Metasploit & Free Hacking Tools as Nmap

19:16:51 of on-demand video • Updated June 2022

  • Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system or network.
  • In addition to proficiency in basic computer skills and use of the command line, ethical hackers must also develop technical skills related to programming.
  • Ethical hacking is a good career because it is one of the best ways to test a network. An ethical hacker tries to locate vulnerabilities in the network.
  • Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS that anyone can modify it. It’s easy to access and customize .
  • Ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system. An ethical hacker operates.
  • The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems.
  • Whether you want to get your first job in IT security, become a white hat hacker, or prepare to check the security of your own home network.
  • The Certified Ethical Hacker (CEH) certification exam supports and tests the knowledge of auditors, security officers, site administrators
  • Passing the Certified Information Security Manager (CISM) exam indicates that the credentialed individual is an expert in the governance of information security
  • Penetration testing skills make you a more marketable IT tech. Understanding how to exploit servers, networks, and applications.
  • Penetration testing, or pen testing, is the process of attacking an enterprise's network to find any vulnerabilities that could be present to be patched.
  • Penetration tests have five different stages. The first stage defines the goals and scope of the test and the testing methods that will be used.
  • There are many types of penetration testing. Internal penetration testing tests an enterprise's internal network. This test can determine.
  • With Nmap, you will learn to identify the operating system and running service versions of the target system
  • Setting Up The Laboratory
  • Install Kali Linux - a penetration testing operating system
  • Install Windows & vulnerable operating systems as virtual machines for testing
  • Discover vulnerable applications
  • Vulnerability scanning, Exploit, Post Exploit, Payload
  • Gain control over computer systems using server side attacks
  • Exploit vulnerabilities to gain control over systems
  • Gathering password hashes, cracking passwords, taking screenshots, logging keystrokes etc.
  • Using backdoors to persist on the victim machine
  • Information Gathering Over the Internet Tools
  • Web App Hacking Tools
  • Social Engineering Toolkit (SET) for Phishing
  • The very latest up-to-date information and methods
  • ethical hacking
  • penetration testing
  • ethical hacking and penetration testing
English [Auto] Footprinting, also known as reconnaissance, is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. FOLKE fingerprinting organizations with collected archives is a tool used mainly to find metadata and hidden information. The documents it scans these documents may be on Web pages and can be downloaded and analyzed with Folke. It's capable of analyzing a wide variety of documents with the most common being Microsoft Office, OpenOffice or PDF files. These documents are searched for three possible search engines Google, Bing and Duck Duck. Here's how you can download and install Folke. You can download Folke from the well-worn Paths website that has seen on this slide, Folke is open source. You can download all the sources as well as the executable binary from GitHub dot com slash 11 paths Folke. To work with Folke start a new project using Project Button on the upper left corner. Give the project a name and to the website and choose the folder to save the results to when you finish filling the fields, click the create button to create a new project. After creating a new FOLKE project, we can start a network scan from the tree at the left side select network node. Now select the search types. The search types listed on the panel are web search. You can choose whether Google or Bing DNS Search Dictionary Search to perform DNS search using a dictionary IP Bing to serve the domain names hosted on the same IP address. Shodan and rob text queries and click the start button to start the scan. Now we can collect some documents published by the target domain to collect their metadata from the tree at the left side. Select metadata node. You're supposed to see a panel similar to the one which is seen on the slide. Select the document types you want to collect and click the search button to start the document search. You can see the documents found on the metadata note of the tree, you should download the documents to be able to extract the metadata, right. Click the documents you want to download from the menu, select download. Now you can extract the metadata of the downloaded documents. You can understand if a document is downloaded from the download column of the table. Select the documents that you want to collect the metadata, right, click and select, extract metadata from the menu, you'll see the results under the metadata node of the tree. Now, you got to remember before using Folke, this version does require Escarole Server Xpress installed on our computer. So does that mean. Yeah, first we need to install that. Ask you all server. Open up your browser, go to escarole server, download page and download the express version, and so we need. All right, we'll just do the basic insulation. You accept the terms. U.S. installation location and. Follow the instructions, just install, it's going to take a little while. So we're going to do we're going to use Folke in windows, so then we'll just go to the releases page on GitHub. And download zip file and extracted. So let's have a look at the Folke interface and let's just try it out. Yeah, so first, we'll need to create a project. Now, in this test, we're going to scan NHS, DOT, UK. And before we see Folke in action, we're going to need to configure the Folke options, so you'll need to just Google the custom search API key. Now, to get the search API key, there is documentation on the 11 paths GitHub wiki page so you can learn your custom key search and configure your options. Don't worry, I'll wait for you. Now we can start a new scan, select the network node from the tree. Select the search types on the dictionary search panel, you have to choose a valid dictionary, the default path is probably not valid. You can find a valid dictionary inside the DNS dictionary folder, which is under the Benfold, or where you found the Fogdog exact file. Click the start button to start the scan and let the scan continue for a couple of minutes. Let's collect the documents from the target Web site and extract their metadata, select the metadata node from the tree, select the document types you're interested in, and click search all button to find the documents. Let the search continue for a couple of minutes. Select the documents that you want to collect the metadata. Right, click and select download. Select the downloaded documents, right, click and select extract metadata at this time, look at the nodes under the metadata node of the tree and you will see the metadata extracted from other downloaded documents. You can examine the metadata of each document one by one, or you can find valuable data summarized under the metadata summary node user names of the owners of the documents operating system, where the document is created, email addresses collected from the metadata of the documents and more.