The goofile Backtrack menu item ( Backtrack > Information Gathering > Web Application Analysis > Open Source Analysis ) is a great little Python script that provides easy access and results from one of Google’s Advanced Searches. During the information gathering phase of a penetration test it provides a great method to collect data about your target by searching a domain for specific file types. Below we describe goofile in more detail and provide an example of how goofile works.
When goofile is clicked in the Backtrack menu a terminal window is launched from the /pentest/enumeration/google/goofile/ directory where the goofile.py Python script is located. Goofile has a specific purpose which is to search Google for file types from a specific domain and output those results. The results could be used for various reasons but the primary two that come to mind would be looking for documents that provide sensitive information about a target or to pull the documents down and examine the EXIF data for details about the target. When performing a Advanced Search using Google there are eleven file types available which are detailed in the list below and while you can specify filetype in the search window (“some search string filetype:doc” or “some search string filetype:xls”) it is much easier to use the googfile.py script to query Google from within Backtrack without having to even open a browser. You could then download the files using wget and scrub the EXIF data using exiftool and again never even have to open a browser.
Advanced Google Search File Type Drop Down Options:
- Adobe Acrobat PDF: .pdf
- Adobe Postscript: .ps
- AutoDesk DWF: .dwf
- Google Earth KML: .kml
- Google Earth KMZ: .kmz
- Microsoft Excel: .xls
- Microsoft PowerPoint: .ppt
- Microsoft Word: .doc
- Rich Text Format: .rtf
- Shockwave Flash: .swf
So while you are not limited to those filetypes those are the file types that display in the Google Advanced Search File Type drop down menu. Again you can also specify “filetype:pdf” in the Google search window but goofile provides a much easier way to query numerous domains and filetypes easily. Below we show an example of goofile in action.
Query Google For Specific Filetypes Located On A Specific Domain Using goofile:
- root@bt:/pentest/enumeration/google/goofile# ./goofile.py -d question-defense.com -f pdf
- |Goofile v1.5 |
- |Coded by Thomas (G13) Richards |
- |www.g13net.com |
- |code.google.com/p/goofile |
- Searching in question-defense.com for pdf
- Files found:
As you can see there are two PDF files available in Googles index located on Question-Defense.com domains. You can then download those files using wget and obtain the EXIF data if there is any available as part of information gathering. While it appears that there are specific file types that Google indexes more so than others the newer Microsoft Office filetypes including DOCX, PPTX, and XLSX are definitely filetypes that are indexed. At times it is even possible to get image file results returned though its not a complete image search by any means.