Matthew McCorkle

Day 15 - goofile - 100 tools in 100 days!

1 . Introduction
2 . My Setup
3 . What is goofile?
4 . Why use goofile?
5 . How to use goofile?
6 . Summary


This post is designed to introduce you to the tool goofile.

For all future posts I will have a disclaimer here:

Disclaimer: Please only use goofile for professional and educational reasons. Do not use this tool for nefarious or malicious reasons.


1. Introduction

Welcome to the fifteenth blog post of 100 tools in 100 days.

Find goofile here.


2. My Setup

For running the goofile tool, I used Kali Linux in a VMware Workstation 16 Player virtualized environment.


3. What is goofile?

If you have been following my last few posts you will see that I am on an open-source pattern.

Goofile is an open-source tool that searches Google for the domain and the file type of your choice.

Goofile is basically an easy way to perform Google dorking for filetypes and it outputs the paths in an easy to read format.

Don’t know what Google dorking is? Google dorking is a method of using special commands in the Google search bar to return specific results only. Imagine Google dorking as a funnel that only allows items that you are looking for through to the results page (Google dorking isn’t always that straightforward).


4. Why use goofile?

Imagine you are a penetration tester and the organization you are performing legal and ethical penetration testing on has important documents or file types available on their website.

Instead of searching every possible link and enumerating all possible paths of a domain, you can perform and quick search for specific file types using goofile.

Goofile can give a penetration tester an early edge during enumeration if they find files that contain information that allows entry into the system.


Warning:

goofile may cause an overload of requests to Google, if this happens you may need to setup a Custom Site Search Engine, please follow the developers instructions here if this happens to you.

5. How to use goofile?

Step 1:
In your terminal in Kali Linux type the following command:

goofile

if it is not installed type y and hit enter.


Step 2:
goofile is super simple to use. You need to point it to a domain and tell it 
the file type to look for. 

I searched for PDF files at neopets.com, see below:

goofile -d neopets.com -f pdf


Step 3:
To verify my results I went to the path of the file neopets_tcg.pdf

It worked!



6. Summary

Goofile can be used to establish a map of files that may exist openly on the internet for penetration testers to sift through before entering a victim system.

Goofile can be used by a home user to find file types for a website they regularly use.

As always, respect the privacy of those you find through these methods and only use this tool for educational or professional purposes.

Thanks for reading!

If you have suggestions for what tool to cover next, contact me!