HOWTO : Metagoofil on Ubuntu Desktop 12.04 LTS

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.

Step 1 :

sudo apt-get install subversion

sudo -sH
cd /opt
svn checkout http://metagoofil.googlecode.com/svn/trunk/ metagoofil
cd metagoofil

Step 2 :

To run it.

sudo -sH
cd /opt/metagoofil
python metagoofil.py -d samiux.com -t doc,pdf -l 200 -n 50 -o samiuxfiles -f results.html

That's all! See you.

HOWTO : Fierce on Ubuntu Desktop 12.04 LTS

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

Step 1 :

sudo apt-get install libnet-dns*

sudo -sH
mkdir /opt/fierce
cd /opt/fierce

wget http://ha.ckers.org/fierce/fierce.pl
wget http://ha.ckers.org/fierce/hosts.txt

Step 2 :

sudo -sH
cd /opt/fierce
perl fierce.pl -dns samiux.com -wordlist hosts.txt -file output.txt

That's all! See you.

HOWTO : theharvester on Ubuntu Desktop 12.04 LTS

The objective of theharvester is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

Step 1 :

sudo apt-get install subversion

sudo -sH
cd /opt
svn checkout http://theharvester.googlecode.com/svn/trunk/ theharvester
cd /opt/theharvester

Step 2 :

To run it.

sudo -sH
cd /opt/theharvester
python theharvester.py -d microsoft.com -l 500 -b google

That's all! See you.