Description
It is capable of analyzing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files, for instance.
These documents are searched for using three possible search engines: Google, Bing, and Exalead. The sum of the results from the three engines amounts to a lot of documents. It is also possible to add local files to extract the EXIF information from graphic files, and a complete analysis of the information discovered through the URL is conducted even before downloading the file.
With all data extracted from all files, FOCA matches information in an attempt to identify which documents have been created by the same team and what servers and clients may be infered from them.
Functionality
FOCA includes a server discovery module, whose purpose is to automate the servers search process using recursively interconnected routines. The techniques used to this end are:
Web Search
Searches for hosts and domain names through URLs associated to the main domain. Each link is analyzed to extract from it new host and domain names.
Searches for hosts and domain names through URLs associated to the main domain. Each link is analyzed to extract from it new host and domain names.
DNS Search
Each domain is checked to ascertain which are the host names configured in NS, MX, and SPF servers to discover new host and domain names.
Each domain is checked to ascertain which are the host names configured in NS, MX, and SPF servers to discover new host and domain names.
IP resolution
Each host name is resolved by comparison to the DNS to obtain the IP address associated to this server name. To perform this task as accurately as possible, the analysis is carried out against a DNS that is internal to the organization.
Each host name is resolved by comparison to the DNS to obtain the IP address associated to this server name. To perform this task as accurately as possible, the analysis is carried out against a DNS that is internal to the organization.
PTR Scanning
To find more servers in the same segment of a determined address, IP FOCA executes a PTR logs scan.
To find more servers in the same segment of a determined address, IP FOCA executes a PTR logs scan.
Bing IP
For each IP address discovered, a search process is launched for new domain names associated to that IP address.
For each IP address discovered, a search process is launched for new domain names associated to that IP address.
Common names
This module is designed to carry out dictionary attacks against the DNS. It uses a text file containing a list of common host names such as ftp, pc01, pc02, intranet, extranet, internal, test, etc.
This module is designed to carry out dictionary attacks against the DNS. It uses a text file containing a list of common host names such as ftp, pc01, pc02, intranet, extranet, internal, test, etc.
DNS Prediction
Used for those environments where a machine name has been discovered that is reason to suspect that a pattern is used in the naming system.
Used for those environments where a machine name has been discovered that is reason to suspect that a pattern is used in the naming system.
Robtex
The Robtex service is one of many services available on the Internet to analyze IP addresses and domain names. FOCA uses it in its attempt to discover new domains by searching the information available in Robtext on the latter.
The Robtex service is one of many services available on the Internet to analyze IP addresses and domain names. FOCA uses it in its attempt to discover new domains by searching the information available in Robtext on the latter.
Characteristics
FOCA began
as a metadata analysis tool to draw a network based on said metadata.
Today, it has become a reference in the computer security sector due to
the many options it includes. Thanks to the aforementioned FOCA options,
it is possible to undertake multiple attacks and analysis techniques
such as:
- Metadata extraction.
- Network analysis.
- DNS Snooping.
- Search for common files.
- Juicy files.
- Proxies search.
- Technologies identification.
- Fingerprinting.
- Leaks.
- Backups search.
- Error forcing.
- Open directories search.
Đăng nhận xét Blogger Facebook