Using FOCA for Recon
Hello again! Recently, I taught a class for Neospace.us (a hackerspace and non-traditional learning space) on corporate and network reconnaissance, with an emphasis on remaining incognito. I would like to add a follow up technique to that module, and another powerful, automated reconnaissance tool for your arsenal. The tool is FOCA, it's only for Windows, and it's great for generating fast network information about a target. It can easily whois, spider, and perform various searches against any domain. But there are so many, many reviews of this great tool, you don't have to take it from me. What I want to highlight is that this information is all publicly provided, and makes this a great 'Open Source Intelligence Tool' (OSINT) for starting an engagement. Of particular intrest, is information our target may not be aware they are making public, such as usernames and software used in writing and publishing documents. By having FOCA download, and extract the meta data of available documents, you can revel useful information while still operating as a regular user. Again, there are tons of videos on this tool, but it is simple, harmless, and very revealing, so I highly encourage you to play with it.