franckferman/metadetective repository overview

⁠

⁠🕵️‍♂️ MetaDetective

Unleash Metadata Intelligence with MetaDetective.
Bridging the chasm in metadata extraction and analysis.

📘 Explore the full documentation⁠ · 🎥 View Demo⁠ · 🐞 Report Bug⁠ · 🛠️ Request Feature⁠

⁠📜 Table of Contents

⁠📖 About

MetaDetective: Advanced metadata extraction and web scraping.

Metadata, in the realm of cybersecurity, is more than just embedded information; it's a gateway to insightful perspectives, often unveiling crucial leads in OSINT and pentesting. MetaDetective was born out of the need to offer a potent solution, especially as prominent tools like Metagoofil on Kali Linux shifted their focus away from direct metadata analysis.

As key tools like Metagoofil on Kali Linux shifted their trajectory away from pure metadata analysis, the exigency for a robust alternative took center stage. Enter MetaDetective.

⁠🧠 Tailored Metadata Analysis

Drawing inspiration from the foundational tools like Metagoofil, MetaDetective emerges as a revitalized and improved iteration, dedicated to providing efficient metadata extraction and presentation. It stands out as a comprehensive Python 3 tool, purposely designed to bridge the existing gaps in metadata analysis.

⁠📊 Streamlined Data Presentation

Beyond mere extraction, MetaDetective prides itself on its capability to meticulously categorize and showcase metadata. Whether dealing with an individual file or an array of them, the tool ensures users grasp the entire spectrum of data, both in its breadth and depth.

⁠🌐 Web Scraping

While Metagoofil once leaned on Google searches—a method riddled with IP restrictions and the labyrinth of proxy workarounds—MetaDetective pioneers a path with direct web scraping. By targeting sites directly, it sidesteps disruptions, delivering a dataset that's not just richer, but also more precise, spotlighting potential data leaks.

⁠🔍 Complementary Utility for OSINT and Pentesting

MetaDetective isn't just a standalone behemoth. It's crafted for seamless integration and synergy with tools like Metagoofil. A quintessential addition to every pentester's and OSINT researcher's toolkit, MetaDetective magnifies data acquisition prowess and broadens the horizons of analysis.

(🔼 Back to top⁠)

⁠🐋 MetaDetective Docker Setup

⁠About our Docker image

Our Docker image is built upon the lightweight foundation of debian:bullseye-slim.

The following essential packages are installed:

python3: The core programming language for running MetaDetective.

python3-pip: Used specifically to fetch and install the MetaDetective release directly from PyPI.

libimage-exiftool-perl: MetaDetective partly relies on this tool for metadata extraction and analysis.

Due to the ENV PATH="/root/.local/bin:${PATH}" setting in the Dockerfile, you can directly launch MetaDetective within the container without needing to navigate to any specific directory. Simply invoke MetaDetective followed by the desired command-line arguments.

⁠Pulling the Image

Retrieve the Docker image using:

# docker pull franckferman/metadetective

⁠Running the Container

Start a container based on the image:

# docker run -it --name metadetective franckferman/metadetective /bin/bash

⁠Stopping the Container

# docker stop metadetective

This command will stop the container named "metadetective".

⁠Removing the Container

Once the container is stopped, you can remove it using:

# docker rm metadetective

This command will remove the container named "metadetective".

⁠Troubleshooting container deletion problems

1. List All Containers (including stopped ones):

# docker ps -a

Check if the container "metadetective" is listed. If it's listed, note the container ID.

1. Force Remove the Container:

# docker rm -f metadetective

Alternatively, if using the container ID:

# docker rm -f [CONTAINER_ID]

(🔼 Back to top⁠)

⁠🎮 Usage

Ensure you adapt your command according to how you've set up MetaDetective.

⁠Getting started

Kick off with the built-in help to explore MetaDetective's functionalities:

python3 src/MetaDetective/MetaDetective.py -h

⁠Command examples

⁠🕵️ File analysis:

⁠🔎 Export function:

⁠🌐 Web Scraping:

⁠Additional parameters

⁠🌐 Web Scraping:

To initiate the web scraping mode, use the --scraping flag. Remember, this option doesn't function independently. It requires either a scanning or downloading parameter.

• Activating web scraping mode:

python3 src/MetaDetective/MetaDetective.py --scraping

• Scanning and displaying statistics: Ensure both the URL and --scan flags are used.

python3 src/MetaDetective/MetaDetective.py --scraping --scan --url https://example.com

• Downloading web content: Indicate the desired directory using --download-dir and provide the target URL.

python3 src/MetaDetective/MetaDetective.py --scraping --download-dir ~ --url https://example.com

• Adjusting scraping depth: Use the --depth flag to specify how deeply the scraper should navigate through links.

python3 src/MetaDetective/MetaDetective.py --scraping --scan --url https://aulnay-sous-bois.fr --depth 1

⁠Additional Flags:

• External link tracking: Use --follow-extern to allow tracking of external links (those outside the base URL). Typically not advised, but might be useful in certain contexts.

• Thread management: Use --threads to specify the number of threads for concurrent operations.

• Rate limiting: Use --rate to control the maximum number of requests per second.

⁠🕵️ File analysis & Metadata Analyzer:

⁠Basic Commands:

To begin analyzing files, you'll use either the -d or -f flag.

• -d or --directory: Select a directory containing one or multiple files.
• -f or --files: Choose a single or multiple specific files.

Analyze the contents of a directory.

python3 src/MetaDetective/MetaDetective.py -d examples

Analyze the contents of a file.

python3 src/MetaDetective/MetaDetective.py -f examples/MetaDetective.docx

Analyze the contents of multiple files.

python3 src/MetaDetective/MetaDetective.py -f examples/MetaDetective-APTX_4869_report.pdf examples/MetaDetective-Kogoro_s_Choice.pdf

⁠Specifying data type

You can filter to analyze specific file types:

⁠Ignoring specific results:

If you want to omit specific keywords from the displayed metadata, use the -i or --ignore flag. For instance, you might want to exclude common usernames like "admin" during the reconnaissance phase of your pentest. Regex patterns are supported, e.g., ^BeginBy.

⁠Display options

Adapt the display of your results to suit your preferences:

⁠Format options

Modify your display further with these:

⁠🔎 Export options

MetaDetective provides flexibility in exporting analysis results.

By default, using the --export or -e option will save your results in an HTML format. This design ensures a visually appealing report for your analysis.

If you prefer a .txt format, that's possible too. Switch between formats using the -e or --export flag followed by the desired format: -e txt or -e pdf.

The export will, by default, use a predefined name appended with a timestamp. To customize this name, you can append a suffix using the -c or --custom flag.

Further, the --out or -o argument lets you specify the directory path for your exported data.

Be aware: The display and format options, as previously discussed, will influence the presentation of your exported document, whether in HTML or TXT format. Data representation might differ between the two formats.

Note: The export format can greatly affect data presentation and accessibility. Opt for the format that aligns with your requirements.

(🔼 Back to top⁠)

⁠🔧 Troubleshooting

Encountering issues? Don't worry. If you come across any problems or have questions, please don't hesitate to submit a ticket for assistance: Submit an issue on GitHub⁠

(🔼 Back to top⁠)

⁠🤝 Contributing

We truly appreciate and welcome community involvement. Your contributions, feedback, and suggestions play a crucial role in improving the project for everyone. If you're interested in contributing or have ideas for enhancements, please feel free to open an issue or submit a pull request on our GitHub repository. Every contribution, no matter how big or small, is highly valued and greatly appreciated!

(🔼 Back to top⁠)

⁠📚 License

This project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: Read the license on GitHub⁠

(🔼 Back to top⁠)

⁠📞 Contact

(🔼 Back to top⁠)