How to Install and Use Metagoofil on Kali Linux
Metagoofil is a powerful OSINT (Open Source Intelligence) tool used to search Google for specific file types hosted on a target website. It’s ideal for penetration testers to discover sensitive files that might have been indexed by search engines.
In this guide, we’ll cover two ways to install Metagoofil on Kali Linux, explain virtual environments, and use ProxyChains and Tor to avoid being blocked by Google.
Installation Methods
Method 1: Install Metagoofil from APT
The easiest way to install Metagoofil on Kali Linux is to use the APT package manager. Here’s how:
sudo apt update sudo apt install metagoofil -y
Once installed, you can run Metagoofil directly from the terminal using the command:
metagoofil -d example.com -t pdf -l 100 -o output_folder -f output.html -w
Method 2: Install Metagoofil from GitHub
If you want the latest version or wish to customize Metagoofil, you can clone it from GitHub.
- Clone the GitHub repository:
- Set up a Python Virtual Environment
- Install Metagoofil’s dependencies:
- Run Metagoofil
git clone https://github.com/opsdisk/metagoofil
cd metagoofil
A virtual environment is a self-contained directory with its own Python interpreter and libraries, isolating dependencies from the system Python. It prevents conflicts between packages needed by different projects.
Create a virtual environment named .venv:
virtualenv -p python3 .venv
This command creates a hidden folder, .venv, in the current directory. The -p python3 option ensures it uses Python 3.
Activate the virtual environment:
source .venv/bin/activate
You should see (.venv) appear before your username in the terminal, indicating that the environment is active.
Now, install the requirements specified in the requirements.txt file:
pip install -r requirements.txt
After installation, you can run Metagoofil using the command:
python metagoofil.py -d example.com -t pdf,doc,xls -l 100 -o output_folder -f output.html -w
Handling Google Blocking with ProxyChains
Why Google Blocks Metagoofil
Google may block Metagoofil’s requests if it detects automated traffic (usually resulting in HTTP 429 errors). To bypass this, you can use ProxyChains to rotate through different proxies, making it harder for Google to detect and block you.
Install and Configure ProxyChains
- Install ProxyChains:
- Edit ProxyChains Configuration
- Use ProxyChains with Metagoofil
sudo apt install proxychains4 -y
Open the configuration file:
sudo vim /etc/proxychains4.conf
Add your proxy details at the bottom of the file:
round_robin
chain_len = 1
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 127.0.0.1 9050
socks4 127.0.0.1 9051
To run Metagoofil with ProxyChains, use:
proxychains4 python metagoofil.py -d example.com -t pdf,doc,xls -l 100 -o output_folder -f output.html
Using Tor as an Alternative Proxy
- Install Tor:
- Start Tor:
sudo apt install tor -y
Start Tor as a background service:
tor &
Tor will listen for connections on port 9050.
You can check if Tor is running by using the jobs command:
jobs
This will display the list of running background jobs.
If you want to stop Tor, you can use the kill command with the job ID:
kill %1
Here, %1 refers to the job number displayed by the jobs command.
Leave a Reply