FOCA (Fingerprinting Organizations with Collected Archives) is a tool used primarily to find metadata and hidden information in the documents it scans.
These documents can be found on websites and can be downloaded and analyzed with FOCA.
It can analyze a wide variety of documents, most commonly Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files.
These documents can be found in the search engines: Google, Bing and DuckDuckGo. The sum of the results from the three machines amounts to many documents. It is also possible to add local files to extract EXIF information from graphics files and a complete analysis of the information discovered via the URL is done even before the file is downloaded.
FOCA includes a server tracking module, which aims to automate their search process using backlinks. The techniques used in this regard are:
- Web Search
Searches for host and domain names by searching for URLs related to the main domain, each link being parsed to extract new host and domain names from it.
- DNS Search
Each domain will be asked which hostnames are configured on the NS, MX, and SPF servers to discover new hostnames and domain names.
- IP Resolution
Each hostname will be resolved against DNS to obtain the IP address associated with that server name. To make this task as accurate as possible, the query is made against an internal DNS of the organization.
- PTR Scanning
To find more servers in the same segment of a given IP address, FOCA will scan a PTR record.
- Bing IP
For each IP address discovered, a process will begin to search for new domain names associated with that IP address.
- Common names
This section is designed to execute dictionary attacks against DNS. Use a text file where you add a list of common hostnames, such as ftp, pc01, pc02, intranet, extranet, internal, test, and so on.
- DNS Prediction
It is used for those environments in which a computer name has been discovered that may cause the thought that a template is being used in the naming system.
Robtex is one of the many services available on the Internet for analyzing IP addresses and domains, and FOCA uses it to try to discover new domains based on information available from Robtext.
- Microsoft Windows (64 bits). Versions 7, 8, 8.1 and 10.
- Microsoft. NET Framework 4.7.1.
- Microsoft Visual C ++ 2010 x64 or newer.
- SQL Server 2014 or later.
Download the program from here.