1
00:00:02,140 --> 00:00:06,820
Footprinting, also known as reconnaissance, is the technique used for gathering information about

2
00:00:06,820 --> 00:00:11,030
computer systems and the entities they belong to to get this information.

3
00:00:11,050 --> 00:00:13,870
A hacker might use various tools and technologies.

4
00:00:18,980 --> 00:00:25,970
Folke fingerprinting organizations with collected archives is a tool used mainly to find metadata and

5
00:00:25,970 --> 00:00:26,930
hidden information.

6
00:00:26,940 --> 00:00:33,040
The documents it scans these documents may be on Web pages and can be downloaded and analyzed with Folke.

7
00:00:33,530 --> 00:00:39,230
It's capable of analyzing a wide variety of documents with the most common being Microsoft Office,

8
00:00:39,470 --> 00:00:41,590
OpenOffice or PDF files.

9
00:00:42,110 --> 00:00:47,270
These documents are searched for three possible search engines Google, Bing and Duck Duck.

10
00:00:49,330 --> 00:00:51,730
Here's how you can download and install Folke.

11
00:00:53,510 --> 00:01:00,170
You can download Folke from the 11 Paths website that has seen on this slide, Folke is open source.

12
00:01:00,170 --> 00:01:06,710
You can download all the sources as well as the executable binary from GitHub dot com, slash 11 paths,

13
00:01:06,710 --> 00:01:07,540
slash Folke.

14
00:01:08,270 --> 00:01:12,840
However, this version requires SQL Server Express installed on the host machine.

15
00:01:13,190 --> 00:01:19,130
So I prefer to download and use the previous version of Folke, which requires dot net framework version

16
00:01:19,130 --> 00:01:20,180
three point five only.

17
00:01:20,840 --> 00:01:23,630
It's a portable version so you don't need to install it.

18
00:01:24,680 --> 00:01:26,570
Download the zip file, extract it.

19
00:01:28,710 --> 00:01:31,950
Go to the bin folder and run Folke dot exact file.

20
00:01:32,100 --> 00:01:32,820
That's it.

21
00:01:34,420 --> 00:01:40,600
To work with Folke start a new project using Project Button on the upper left corner.

22
00:01:43,400 --> 00:01:49,820
Give the project a name and to the website and choose the folder to save the results to when you finish

23
00:01:49,820 --> 00:01:53,240
filling the fields, click the create button to create a new project.

24
00:01:54,050 --> 00:01:59,630
After creating a new FOLKE project, we can start a network scan from the tree at the left side select

25
00:01:59,630 --> 00:02:00,630
network node.

26
00:02:01,280 --> 00:02:02,750
Now select the search types.

27
00:02:03,080 --> 00:02:06,340
The search types listed on the panel are web search.

28
00:02:06,590 --> 00:02:14,420
You can choose whether Google or Bing DNS Search Dictionary Search to perform DNS search using a dictionary

29
00:02:15,320 --> 00:02:19,730
IP Bing to serve the domain names hosted on the same IP address.

30
00:02:20,330 --> 00:02:24,650
Shodan and rob text queries and click the start button to start the scan.

31
00:02:25,220 --> 00:02:30,860
Now we can collect some documents published by the target domain to collect their metadata from the

32
00:02:30,860 --> 00:02:31,970
tree at the left side.

33
00:02:31,970 --> 00:02:33,350
Select metadata node.

34
00:02:34,490 --> 00:02:38,150
You're supposed to see a panel similar to the one which is seen on the slide.

35
00:02:39,170 --> 00:02:45,500
Select the document types you want to collect and click the search button to start the document search.

36
00:02:46,790 --> 00:02:50,300
You can see the documents found on the metadata node of the tree.

37
00:02:51,950 --> 00:02:55,250
You should download the documents to be able to extract the metadata.

38
00:02:55,520 --> 00:02:55,910
Right.

39
00:02:55,910 --> 00:02:59,570
Click the documents you want to download from the menu, select download.

40
00:03:00,470 --> 00:03:03,860
Now you can extract the metadata of the downloaded documents.

41
00:03:05,270 --> 00:03:09,170
You can understand if a document is downloaded from the download column of the table.

42
00:03:10,530 --> 00:03:18,570
Select the documents that you want to collect the metadata, right, click and select, extract metadata

43
00:03:18,570 --> 00:03:22,720
from the menu, you'll see the results under the metadata node of the tree.

44
00:03:23,700 --> 00:03:25,230
Let's see Folke in action.

45
00:03:26,070 --> 00:03:28,230
Find the 11 Paths Folke website.

46
00:03:31,990 --> 00:03:36,850
On the website, you see a download button, which brings you to the GitHub page of 11 paths.

47
00:03:38,370 --> 00:03:42,280
You can find the latest release version of Folke under Folker releases folder.

48
00:03:42,810 --> 00:03:47,070
It requires SQL Server Express installed on the host machine.

49
00:03:47,520 --> 00:03:49,320
Go back to the 11 Paths website.

50
00:03:50,840 --> 00:03:53,360
You can find a link to the previous version of Folke.

51
00:03:56,890 --> 00:04:01,300
Read and accept the Eulo and download the Folke product zip file.

52
00:04:14,560 --> 00:04:15,820
Extract the zip file.

53
00:04:20,100 --> 00:04:23,890
Go to Benfold and run Folke Dot exact file.

54
00:04:31,800 --> 00:04:38,700
On the project menu, select new project to create a new project, fill the boxes in carefully.

55
00:04:57,810 --> 00:05:02,040
And then click create save the project file for further usages.

56
00:05:06,300 --> 00:05:10,800
Now we can start a new scan, select the network node from the tree.

57
00:05:12,430 --> 00:05:13,630
Select the search types.

58
00:05:20,480 --> 00:05:25,700
On the dictionary search panel, you have to choose a valid dictionary, the default path is probably

59
00:05:25,700 --> 00:05:26,380
not valid.

60
00:05:27,140 --> 00:05:32,780
You can find a valid dictionary inside the DNS dictionary folder, which is under the Benfold where

61
00:05:32,780 --> 00:05:34,600
you found the Fogdog exact file.

62
00:05:42,820 --> 00:05:47,700
Click the start button to start the scan and let the scan continue for a couple of minutes.

63
00:06:01,590 --> 00:06:07,260
Let's collect the documents from the target Web site and extract their metadata, select the metadata

64
00:06:07,260 --> 00:06:10,890
node from the tree, select the document types you're interested in.

65
00:06:19,970 --> 00:06:25,900
And click search all button to find the documents, let the search continue for a couple of minutes.

66
00:06:39,680 --> 00:06:42,560
Select the documents that you want to collect the metadata.

67
00:06:45,350 --> 00:06:47,270
Right, click and select download.

68
00:06:51,120 --> 00:06:58,830
Select the downloaded documents, right, click and select extract metadata at this time, look at the

69
00:06:58,830 --> 00:07:04,440
nodes under the metadata node of the tree and you will see the metadata extracted from other downloaded

70
00:07:04,440 --> 00:07:05,070
documents.

71
00:07:05,430 --> 00:07:08,970
You can examine the metadata of each document one by one.

72
00:07:25,070 --> 00:07:30,830
Or you can find valuable data summarized under the metadata summary, note usernames of the owners of

73
00:07:30,830 --> 00:07:36,470
the documents operating system where the document is created, email addresses collected from the metadata

74
00:07:36,470 --> 00:07:38,240
of the documents and more.