FOCA

Description

FOCA (Fingerprinting Organizations with Collected Archives) is a metadata extraction and fingerprinting tool. It is considered the best tool for gathering information from websites by harvesting and analyzing metadata from publicly available documents (PDF, DOCX, XLSX, etc.). It extracts usernames, software versions, email addresses, operating systems, and other sensitive metadata.

Usage 1: Harvesting metadata from a target website

FOCA is a GUI-based tool used to scan a target domain, discover publicly available documents, download them, and extract metadata for reconnaissance.

Context:

FOCA is listed as the "best tool" for harvesting metadata from targets. It works by:

Specifying a target domain
Using search engines to find documents (PDF, DOC, XLSX, PPT, etc.) hosted on the target
Downloading the discovered documents
Extracting metadata (usernames, software versions, paths, email addresses, OS info)

website.com filetype:pdf

Usage 2: Information gathering in combination with other tools

FOCA is used alongside other reconnaissance tools like TheHarvester and Shodan for comprehensive information gathering.

Shodan: https://shodan.io
Shodan Exploits: https://exploits.shodan.io
TheHarvester (alternative command-line harvesting tool)

FOCA

Description

Usage 1: Harvesting metadata from a target website

Context:

Related Google Dork for finding documents:

Usage 2: Information gathering in combination with other tools

Related resources: