Delving Deep into File Metadata.
Crafted to bridge the gap in metadata extraction and analysis.
Explore the full documentation ยป
View Demo
.
Report Bug
ยท
Request Feature
Table of Contents
Metadata often holds critical insights in cybersecurity, playing a pivotal role in OSINT and pentesting. With Metagoofil on Kali Linux pivoting away from direct metadata analysis, a gap emerged. Enter MetaDetective: a Python 3 tool adeptly filling this void. It efficiently extracts, categorizes, and displays metadata from single or multiple files, even supporting specific file extensions and result filtering. From author credentials and modification logs to embedded links and software details, and even GPS data, it illuminates potential cybersecurity investigation pathways. While not claiming to be groundbreaking, MetaDetective is undeniably a valuable asset for cybersecurity aficionados.
-
Python 3: Ensure Python 3 is installed on your system before initiating the installation process.
-
Exiftool: Given its simplicity, MetaDetective doesn't rely on any external dependencies or libraries. However, it does necessitate exiftool. Ensure you have exiftool set up on your system.
๐บ Important: MetaDetective has been exclusively tested with Python 3.11.4 on Linux and in conjunction with exiftool version 12.56. While the tool might operate on other Python versions, distributions, or exiftool versions, compatibility are only assured with these specific configurations.
Clone the Repository:
You have a couple of options to clone the repository:
- Using HTTPS:
git clone https://github.com/franckferman/MetaDetective.git
- Using GitHub CLI:
gh repo clone franckferman/MetaDetective
- If you only need the script, you can also directly download it using curl:
curl -O https://raw.githubusercontent.com/franckferman/MetaDetective/stable/MetaDetective/MetaDetective.py
This will provide you with the necessary project files.
Examples of Command Usage:
- Analyzing all files within a directory (with default settings):
python3 MetaDetective.py -d directory
- Analyzing specific files while ignoring certain results and data types:
python3 MetaDetective.py -d directory -i ^admin anonymous -t doc pdf
- Analyzing all types of files within a directory in singular mode display, with a formatted mode type:
python3 MetaDetective.py -d directory -t all -display singular -format formatted
- Analyzing all files within a directory (with default settings) and exporting the results to HTML:
python3 MetaDetective.py -d directory --export MD_Export-Case_1.html
- Getting Started
To begin, you can invoke the help command:
python3 MetaDetective.py -h
- Specifying Files for Analysis
MetaDetective requires at least one file for processing:
python3 MetaDetective.py -f file
For multiple files, use:
python3 MetaDetective.py -f file1 file2 file3
You can also utilize patterns:
python3 MetaDetective.py -f *specificnameforFiles*
Alternatively, specify a directory to process all files within it:
python3 MetaDetective.py -d directory
- Additional Parameters
Ignoring Specific Results
Use -i to exclude non-pertinent results:
python3 MetaDetective.py -d directory -i anonymous
Specify multiple ignore terms:
python3 MetaDetective.py -d directory -i anonymous admin administrateur
Regex is also supported:
python3 MetaDetective.py -d directory -i anonymous ^admin
Specifying Data Type
The -t option lets you specify data types:
python3 MetaDetective.py -d directory -t pdf
Add multiple data types:
python3 MetaDetective.py -d directory -t pdf doc
To include all types:
python3 MetaDetective.py -d directory -t all
Display Options
Use -display to modify the display:
python3 MetaDetective.py -display all
This will show each file with relevant metadata.
For a unique, centralized display without showing each file:
python3 MetaDetective.py -display singular
This option filters and removes duplicates, focusing on singular results.
Format Options
When using -display singular, further modify the display:
Use -format formatted for a stylish display (with dashes):
python3 MetaDetective.py -display all -format formatted
Or use -format concise, for a simpler look:
python3 MetaDetective.py -display all -format concise
Export Options
For users seeking to export their results for in-depth analysis or record-keeping, the -e or --export option is available.
To export using the default filename combined with an auto-generated timestamp:
python3 MetaDetective.py -d directory -e
For a customized filename, simply provide the desired name after the --export or -e flag:
python3 MetaDetective.py -d directory --export MD_Export-Case_1.html
MetaDetective now offers a Dockerized version for easy setup and consistent execution.
To set up and use MetaDetective with Docker, refer to the Docker-specific documentation available here: MetaDetective Docker Setup.
Encountering issues? Don't worry. If you come across any problems or have questions, please don't hesitate to submit a ticket for assistance: Submit an issue on GitHub
We truly appreciate and welcome community involvement. Your contributions, feedback, and suggestions play a crucial role in improving the project for everyone. If you're interested in contributing or have ideas for enhancements, please feel free to open an issue or submit a pull request on our GitHub repository. Every contribution, no matter how big or small, is highly valued and greatly appreciated!
This project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: Read the license on GitHub