FOCA (Fingerprinting Organizations with Collected Archives) is a tool used primarily to find metadata and hidden information in the documents it scans.
These documents can be found at websites and can be obtained and analyzed with FOCA.
It is able to analyze a wide variety of documents, with the most common Microsoft files Office, Open Office or PDF, although it also analyzes Adobe InDesign or SVG files.
These documents can be found in search engines: Google, Bing and DuckDuckGo. The sum of the results from the three machines amounts to several documents. It is also possible to add local files to extract the EXIF information from graphics files and a complete analysis of the information discovered through the URL and is carried out even before the λήψη of the file.
FOCA includes a server discovery module, the goal of which is to automate the procedure searching for them, using recursively linked techniques. The techniques used in this regard are:
- Web Search
Searches for host and domain names by searching for URLs related to the main domain, each link is parsed to extract new host and domain names from it. - DNS Search
Each domain will be asked which hostnames computer are configured on the NS, MX, and SPF servers to discover new hostnames and domain names. - IP Resolution
Each hostname will be resolved against DNS to obtain the IP address associated with that server name. To make this task as accurate as possible, the query is made against an internal DNS of the organization. - PTR Scanning
To find more servers in the same segment of a given IP address, FOCA will scan a PTR record. - Bing IP
For each IP address discovered, a new domain name associated with that IP address will be started. - Common names
This section is designed to execute dictionary attacks against DNS. Use a text file where you add a list of common hostnames, such as ftp, pc01, pc02, intranet, extranet, internal, test, and so on. - DNS Prediction
It is used for those environments in which a computer name has been discovered that may give rise to the thought that a template is being used in the naming system. - Robex
Robtex is one of the many services available on the Internet for the analysis of IP addresses and domains, FOCA uses it to try to discover new domains based on the information available to Robtext.
System requirements
- Microsoft Windows (64 bits). Versions 7, 8, 8.1 and 10.
- Microsoft .NET Framework 4.7.1.
- Microsoft Visual C ++ 2010 x64 or newer.
- SQL Server 2014 or later.
Application snapshots
Video guide
https://www.youtube.com/watch?v=m5fqI5WPB5g&feature=emb_title
Download the program from here.