☠️
smadi0x86 Playground
  • 💀Welcome to smadi0x86 Playground
    • 🍷Resources
    • 🚬Projects
    • 🎓Certifications
    • 📌Pinned
    • ❓Questions
    • 📞Contact
  • 🏞️Cloud Native
    • Docker
      • Quick Reference
      • Introduction
      • Containers
      • Images
      • Storage & Volumes
      • Security
      • Cheatsheet
    • Git
    • Serverless Framework
    • YAML
  • 🔨Software Engineering
    • System Design
    • Environment Variables
    • JSON Web Tokens
  • 👾Architecture
    • C Language
      • Introduction
      • GCC Compilation
      • Libraries & Linking
      • I/O
      • Files
      • Pointers
      • Dynamic Memory Allocation
      • Data Types
      • Strings Manipulation
      • Bit Manipulation
      • Pre-processors
      • Macros
      • Type Qualifiers
    • C/C++ Build Systems
      • Fundamentals for Linking
      • Symbolic Linking
      • Cross-Platform Compilation
      • CMake for Building and Linking
      • Shared Libraries
      • Dynamic Linking and Dependency Management
    • Operating Systems
      • OS & Architecture
      • Processes
      • CPU Scheduling
      • Memory Management
  • 🛩️Cyber Warfare
    • Flight Physics
    • Communication
      • PWM & PPM
      • MAVLink
  • 🏴‍☠️Offensive Security
    • Active Directory
      • Introduction
    • Web Attacks
      • Server Side
        • OS Command Injection
        • Information Disclosure
        • Directory Traversal
        • Business Logic
        • Authentication
        • File Upload
        • SSRF
      • Client Side
        • CSRF
        • XSS
    • Recon
      • Active
        • Host discovery
        • Nmap
        • Mass Scan
      • Passive
        • Metadata
      • Web Applications
        • Discovery
        • Subdomains & Directories
        • SSL Certs
        • CMS
        • WAF Detection
      • Firewall Evasion
  • Binary Exploitation
    • Stack Smashing
      • x86
      • x86_64
    • pwntools
      • Processes and Communication
      • Logging and Context
      • Cyclic
      • Packing
      • ELF
      • ROP
  • 😈Advanced Persistent Threat
    • C2
      • Sliver
    • Malware
      • Techniques
        • COFF Loader
      • Sektor7
        • Essentials
        • Common Techniques & APIs
  • 💌Certifications
    • AWS Certified Cloud Practitioner (CLF-C01)
      • Cloud Foundations
      • Domain 1: Cloud Concepts
      • Domain 2: Security and Compliance
      • Domain 3: Technology
      • Domain 4: Billing and Pricing
    • AWS Certified Solutions Architect - Associate (SAA-C03)
      • Foundation
    • Certified Kubernetes Administrator (CKA)
      • Core Concepts
      • Scheduling
      • Logging & Monitoring
      • Application Lifecycle Management
      • Cluster Maintenance
      • Security
      • Storage
      • Networking
      • Design Kubernetes Cluster
      • Kubernetes The Kubeadm Way
      • Troubleshooting
      • JSONPATH
      • Lightning Lab
      • Mock Exams
      • Killer Shell
    • Certified Kubernetes Security (CKS)
      • Foundation
      • Cluster Setup
      • Cluster Hardening
      • Supply Chain Security
      • Runtime Security
      • System Hardening
      • Killer Shell
    • (KGAC-101) Kong Gateway Foundations
      • Introduction to APIs and API Management
      • Introduction to Kong Gateway
      • Getting Started with Kong Enterprise
      • Getting Started with Kong Konnect
      • Introduction to Kong Plugins
  • 📜Blog Posts
    • Modern Solutions For Preventing Ransomware Attacks
Powered by GitBook
On this page
  • Gathering site/domain metadata from online sources
  • Metadata Sites
  • wget
  • metagoofil
  • AWS Recon
  • Infoga
  • VPN Configuration files
  • Gathering site/domain metadata from offline sources
  • Extract metadata from the data we have.
  • exiftool
  • Strings
  • tesseract
  • Music Metadata
  1. Offensive Security
  2. Recon
  3. Passive

Metadata

Metadata is data that describes, structures and administers different forms of content.

PreviousPassiveNextWeb Applications

Last updated 6 months ago

Gathering site/domain metadata from online sources

Metadata Sites

wget

wget -nd -r -R htm,html,php,asp,aspx,cgi -P
wget -nd -r -A pdf,doc,docx,xls,xlsx -P

metagoofil

Find all files on a domain

metagoofil  -d [domain] -t pdf,docx,txt -o metagoofil -n 50 -l 200

AWS Recon

Infoga

Linux and Windows

git clone https://github.com/m4ll0k/Infoga.git
cd Infoga
python setup.py install
python infoga.py

python infoga.py --domain nsa.gov --source all --breach -v 2 --report ../nsa_gov.txt
python infoga.py --info m4ll0k@protonmail.com --breach -v 3 --report ../m4ll0k.txt

VPN Configuration files

OME organizations publicly distribute configuration files and keys for VPN systems.

Cisco profile configuration files (PCFs) contain IPsec VPN client variables, including the following:

• VPN server endpoint addresses

• Plaintext credentials (group name and password)

• Encrypted credentials (an obfuscated group password)

Using google search strings:

Crack / decode the passwords

Gathering site/domain metadata from offline sources

Extract metadata from the data we have.

exiftool

exiftool poissonrecon.pdf

Strings

-e >>> for 16 bit big-endian unicode
-el >>> for 16 bit little-endian unicode
-n >>> set minimum caracter length
-a >>> ascii
-u >>> unicode

strings -n 4 test.elf

tesseract

Find text in images

apt install tesseract-ocr
apt-get install tesseract-ocr-LANG
apt-get install tesseract-ocr-all

for x in *.jpg; do tesseract $x stdout -psm 11 -l eng >> tesser.out; done

Music Metadata

Archive.org
metapicz
image forensic
findexif
exif regex
🏴‍☠️
Page cover image
Cisco VPN Client Password Decoder
LogoGitHub - mischif/music-metadata-tools: A collection of tools for manipulating and interacting with metadata in music filesGitHub
LogoGitHub - darkbitio/aws-recon: Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.GitHub
Cisco VPN Client Password Decoder (unofficial)
LogoIFM - Cisco Password Cracker