FOCA is an useful security testing tool, which lets you find out more about a website by analyzing the metadata in the documents that it makes available.
FOCA is very easy to use. All you need to do is create a new document pointing FOCA Free at your website. Click the Search All button, and the app will display all of the Microsoft Office and Open Office documents, including PDFs and other documents on the site, which have been indexed by Google, Bing and Exalead.
This is useful for numerous reasons, not to mention exposing any documents that were never intended for public viewing.Supported formats include:
- .DOC
- .DOCX
- .PPT
- .PPS
- .XLS
- .XLSX
- .ODT
- .ODS
- .ODS
- .SVG
FOCA can download the documents, extract their metadata, and then summarise the results in a simple report that is easy to understand. The outcome depends upon numerous factors, including what app was used in their creation etc. But more often than not you confined info about user names, network folders, printer names, and email addresses. All of which can be maliciously used by hackers.