1
00:00:02,140 --> 00:00:06,820
‫Footprinting, also known as reconnaissance, is the technique used for gathering information about

2
00:00:06,820 --> 00:00:09,280
‫computer systems and the entities they belong to.

3
00:00:09,820 --> 00:00:13,810
‫To get this information, a hacker might use various tools and technologies.

4
00:00:13,840 --> 00:00:20,830
‫FOCA fingerprinting organizations with collected archives is a tool used mainly to find metadata and

5
00:00:20,830 --> 00:00:23,020
‫hidden information in the documents it scans.

6
00:00:23,530 --> 00:00:27,940
‫These documents may be on web pages and can be downloaded and analyzed with VOCA.

7
00:00:28,420 --> 00:00:34,090
‫It's capable of analyzing a wide variety of documents with the most common being Microsoft Office,

8
00:00:34,390 --> 00:00:36,490
‫OpenOffice or PDF files.

9
00:00:37,000 --> 00:00:42,340
‫These documents are searched for three possible search engines Google, Bing and DuckDuckGo.

10
00:00:44,230 --> 00:00:46,600
‫Here's how you can download and install FOCA.

11
00:00:48,380 --> 00:00:55,030
‫You can download FOCA from the 11 Paths website that has seen on this slide, FOCA is open source.

12
00:00:55,040 --> 00:01:01,550
‫You can download all the sources, as well as the executable binary from GitHub dot com slash 11 path

13
00:01:01,550 --> 00:01:02,420
‫slash FOCA.

14
00:01:03,840 --> 00:01:04,950
‫To work with FOCA.

15
00:01:06,540 --> 00:01:10,020
‫Start a new project using Project Button on the upper left corner.

16
00:01:12,820 --> 00:01:14,170
‫Give the project a name.

17
00:01:14,440 --> 00:01:20,110
‫Enter the website and choose the folder to save the results to when you finish filling the fields,

18
00:01:20,110 --> 00:01:22,630
‫click the Create button to create a new project.

19
00:01:23,500 --> 00:01:29,050
‫After creating a new focus project, we can start a network scan from the tree at the left side select

20
00:01:29,050 --> 00:01:30,040
‫network node.

21
00:01:30,700 --> 00:01:32,170
‫Now select the search types.

22
00:01:32,530 --> 00:01:35,740
‫The search types listed on the panel are web search.

23
00:01:36,040 --> 00:01:43,840
‫You can choose whether Google or Bing DNA Search Dictionary Search to perform DNS search using a Dictionary

24
00:01:44,770 --> 00:01:52,180
‫IP Bing to serve the domain names hosted on the same IP address showdown, and Rob ticks queries and

25
00:01:52,180 --> 00:01:54,100
‫click the Start button to start the scan.

26
00:01:54,670 --> 00:02:00,310
‫Now we can collect some documents published by the target domain to collect their metadata from the

27
00:02:00,310 --> 00:02:01,410
‫tree at the left side.

28
00:02:01,420 --> 00:02:07,600
‫Select Metadata Node You're supposed to see a panel similar to the one which is seen on the slide.

29
00:02:08,620 --> 00:02:14,470
‫Select the document types you want to collect and click the Search All button to start the document

30
00:02:14,480 --> 00:02:14,920
‫search.

31
00:02:16,240 --> 00:02:19,750
‫You can see the documents found under metadata node of the tree.

32
00:02:21,400 --> 00:02:26,440
‫You should download the documents to be able to extract the metadata, right click the documents you

33
00:02:26,440 --> 00:02:27,910
‫want to download from the menu.

34
00:02:27,910 --> 00:02:28,930
‫Select Download.

35
00:02:29,950 --> 00:02:33,280
‫Now you can extract the metadata of the downloaded documents.

36
00:02:34,740 --> 00:02:38,610
‫You can understand if a document is downloaded from the download column of the table.

37
00:02:40,000 --> 00:02:48,010
‫Select the documents that you want to collect the metadata, right click and select extract metadata

38
00:02:48,010 --> 00:02:48,670
‫from the menu.

39
00:02:49,030 --> 00:02:52,180
‫You'll see the results under the metadata node of the tree.

40
00:02:53,920 --> 00:03:00,610
‫Now you've got to remember before using folk, this version does require ask you all server xpress installed

41
00:03:00,610 --> 00:03:01,460
‫on our computer.

42
00:03:02,200 --> 00:03:02,860
‫So does that mean?

43
00:03:02,980 --> 00:03:03,240
‫Yeah.

44
00:03:03,250 --> 00:03:05,200
‫First, we need to install to ask you all server.

45
00:03:06,660 --> 00:03:11,940
‫Open up your browser, go to Mascarell server download page and download the express version.

46
00:03:12,010 --> 00:03:12,720
‫And so we need.

47
00:03:29,120 --> 00:03:31,400
‫All right, we'll just do the basic insulation.

48
00:03:32,910 --> 00:03:34,610
‫Yeah, accept the terms.

49
00:03:37,820 --> 00:03:39,980
‫The installation location and.

50
00:03:41,100 --> 00:03:44,430
‫Follow the instructions, just install, it's going to take a little while.

51
00:03:51,070 --> 00:03:51,890
‫So we're going to do.

52
00:03:51,910 --> 00:03:54,310
‫We're going to use FOCA and Windows.

53
00:03:54,820 --> 00:03:57,490
‫So then we'll just go to the releases page on GitHub.

54
00:04:10,870 --> 00:04:13,210
‫And download zip file and extract it.

55
00:04:18,660 --> 00:04:21,660
‫So let's have a look at the FOCA interface, and let's just try it out.

56
00:04:23,500 --> 00:04:25,570
‫Yeah, so first, we'll need to create a project.

57
00:04:27,030 --> 00:04:30,540
‫Now in this test, we're going to scan NHS Dot UK.

58
00:04:41,570 --> 00:04:46,340
‫And before we see FOCA in action, we're going to need to configure the FOCA options.

59
00:04:46,760 --> 00:04:50,810
‫So you'll need to just Google the custom search API key.

60
00:04:51,790 --> 00:04:59,440
‫Now, to get the search API key, there is documentation on the 11 Paths GitHub Wiki page so you can

61
00:04:59,440 --> 00:05:03,010
‫learn your custom key search and configure your options.

62
00:05:04,300 --> 00:05:05,350
‫Don't worry, I'll wait for you.

63
00:05:11,750 --> 00:05:16,280
‫Now we can start a new scan, select the network node from the tree.

64
00:05:17,940 --> 00:05:23,730
‫Select the search types on the dictionary search panel, you have to choose a valid dictionary, the

65
00:05:23,730 --> 00:05:25,860
‫default path is probably not valid.

66
00:05:26,640 --> 00:05:32,250
‫You can find a valid dictionary inside the DNS dictionary folder, which is under the bin folder where

67
00:05:32,250 --> 00:05:34,110
‫you found the Foca Dot exact file.

68
00:05:34,440 --> 00:05:39,330
‫Click the Start button to start the scan and let the scan continue for a couple of minutes.

69
00:05:43,560 --> 00:05:47,490
‫Let's collect the documents from the Target website and extract their metadata.

70
00:05:48,120 --> 00:05:50,100
‫Select the metadata node from the tree.

71
00:05:50,790 --> 00:05:56,310
‫Select the document types you're interested in and click Search All Button to find the documents.

72
00:05:56,970 --> 00:05:59,070
‫Let the search continue for a couple of minutes.

73
00:06:01,410 --> 00:06:04,230
‫Select the documents that you want to collect the metadata.

74
00:06:07,040 --> 00:06:08,930
‫Right click and select download.

75
00:06:12,830 --> 00:06:18,560
‫Select the downloaded documents, right click and select Extract metadata at this time.

76
00:06:20,090 --> 00:06:25,520
‫Look at the nodes under the metadata node of the tree and you will see the metadata extracted from other

77
00:06:25,520 --> 00:06:26,750
‫downloaded documents.

78
00:06:27,110 --> 00:06:33,020
‫You can examine the metadata of each document one by one, or you can find valuable data summarized

79
00:06:33,020 --> 00:06:34,640
‫under the metadata summary node.

80
00:06:35,180 --> 00:06:40,850
‫User names of the owners of the documents operating system with the document is created, email addresses

81
00:06:40,850 --> 00:06:44,030
‫collected from the metadata of the documents and more.