FOCA (Fingerprinting Organizations with Collected Archives) is a tool used primarily to find metadata and hidden information in the documents it scans.
These documents can be found on websites and can be downloaded and analyzed with FOCA.
It is able to analyze a wide variety of documents, most commonly Microsoft Office, Open Office, or PDF files, although it also analyzes Adobe InDesign or SVG files.
These documents can be found in the search engines: Google, Bing and DuckDuckGo. The sum of the results from the three machines amounts to many documents. It is also possible to add local files to extract EXIF information from graphics files and a full analysis of the information discovered via the URL is done even before the file is downloaded.
FOCA includes a server tracking module, which aims to automate their search process using backlinks. The techniques used in this regard are:
- Web Search
Searches for host and domain names by searching for URLs related to the main domain, each link is parsed to extract new host and domain names from it.
- DNS Search
Each domain will be asked which hostnames are configured on the NS, MX, and SPF servers to discover new hostnames and domain names.
- IP Resolution
Each hostname will be resolved against DNS to obtain the IP address associated with that server name. To make this task as accurate as possible, the query is made against an internal DNS of the organization.
- PTR Scanning
To find more servers in the same segment of a given IP address, FOCA will scan a PTR record.
- Bing IP
For each IP address discovered, a new domain name associated with that IP address will be started.
- Common names
This section is designed to execute dictionary attacks against DNS. Use a text file where you add a list of common hostnames, such as ftp, pc01, pc02, intranet, extranet, internal, test, and so on.
- DNS Prediction
It is used for those environments in which a computer name has been discovered that may give rise to the thought that a template is being used in the naming system.
Robtex is one of the many services available on the Internet for the analysis of IP addresses and domains, FOCA uses it to try to discover new domains based on the information available to Robtext.
- Microsoft Windows (64 bits). Versions 7, 8, 8.1 and 10.
- Microsoft. NET Framework 4.7.1.
- Microsoft Visual C ++ 2010 x64 or newer.
- SQL Server 2014 or later.
Download the program from here.