shapemaker / MetaDetective

MetaDetective

Delving Deep into File Metadata.
Crafted to bridge the gap in metadata extraction and analysis.

Explore the full documentation »

View Demo . Report Bug · Request Feature

Metadata often holds critical insights in cybersecurity, playing a pivotal role in OSINT and pentesting. With Metagoofil on Kali Linux pivoting away from direct metadata analysis, a gap emerged. Enter MetaDetective: a Python 3 tool adeptly filling this void. It efficiently extracts, categorizes, and displays metadata from single or multiple files, even supporting specific file extensions and result filtering. From author credentials and modification logs to embedded links and software details, and even GPS data, it illuminates potential cybersecurity investigation pathways. While not claiming to be groundbreaking, MetaDetective is undeniably a valuable asset for cybersecurity aficionados.

(🔼 Back to top)

1. Python 3: Ensure Python 3 is installed on your system before initiating the installation process.

2. Exiftool: Given its simplicity, MetaDetective doesn't rely on any external dependencies or libraries. However, it does necessitate exiftool. Ensure you have exiftool set up on your system.

🔺 Important: MetaDetective has been exclusively tested with Python 3.11.4 on Linux and in conjunction with exiftool version 12.56. While the tool might operate on other Python versions, distributions, or exiftool versions, compatibility are only assured with these specific configurations.

Clone the Repository:

You have a couple of options to clone the repository:

• Using HTTPS:

git clone https://github.com/franckferman/MetaDetective.git

• Using GitHub CLI:

gh repo clone franckferman/MetaDetective

• If you only need the script, you can also directly download it using curl:

curl -O https://raw.githubusercontent.com/franckferman/MetaDetective/master/MetaDetective/MetaDetective.py

This will provide you with the necessary project files.

(🔼 Back to top)

Examples of Command Usage:

• Analyzing all files within a directory (with default settings):

python3 MetaDetective.py -d directory

• Analyzing specific files while ignoring certain results and data types:

python3 MetaDetective.py -d directory -i ^admin anonymous -t doc pdf

• Analyzing all types of files within a directory in singular mode display, with a formatted mode type:

python3 MetaDetective.py -d directory -t all -display singular -format formatted

• Analyzing all files within a directory (with default settings) and exporting the results to HTML:

python3 MetaDetective.py -d directory --export MD_Export-Case_1.html

1. Getting Started

To begin, you can invoke the help command:

python3 MetaDetective.py -h

2. Specifying Files for Analysis

MetaDetective requires at least one file for processing:

python3 MetaDetective.py -f file

For multiple files, use:

python3 MetaDetective.py -f file1 file2 file3

You can also utilize patterns:

python3 MetaDetective.py -f *specificnameforFiles*

Alternatively, specify a directory to process all files within it:

python3 MetaDetective.py -d directory

3. Additional Parameters

Ignoring Specific Results

Use -i to exclude non-pertinent results:

python3 MetaDetective.py -d directory -i anonymous

Specify multiple ignore terms:

python3 MetaDetective.py -d directory -i anonymous admin administrateur

Regex is also supported:

python3 MetaDetective.py -d directory -i anonymous ^admin

Specifying Data Type

The -t option lets you specify data types:

python3 MetaDetective.py -d directory -t pdf

Add multiple data types:

python3 MetaDetective.py -d directory -t pdf doc

To include all types:

python3 MetaDetective.py -d directory -t all

Display Options

Use -display to modify the display:

python3 MetaDetective.py -display all

This will show each file with relevant metadata.

For a unique, centralized display without showing each file:

python3 MetaDetective.py -display singular

This option filters and removes duplicates, focusing on singular results.

Format Options

When using -display singular, further modify the display:

Use -format formatted for a stylish display (with dashes):

python3 MetaDetective.py -display all -format formatted

Or use -format concise, for a simpler look:

python3 MetaDetective.py -display all -format concise

Export Options

For users seeking to export their results for in-depth analysis or record-keeping, the -e or --export option is available.

To export using the default filename combined with an auto-generated timestamp:

python3 MetaDetective.py -d directory -e

For a customized filename, simply provide the desired name after the --export or -e flag:

python3 MetaDetective.py -d directory --export MD_Export-Case_1.html

(🔼 Back to top)

MetaDetective now offers a Dockerized version for easy setup and consistent execution.

To set up and use MetaDetective with Docker, refer to the Docker-specific documentation available here: MetaDetective Docker Setup.

(🔼 Back to top)

Encountering issues? Don't worry. If you come across any problems or have questions, please don't hesitate to submit a ticket for assistance: Submit an issue on GitHub

(🔼 Back to top)

We truly appreciate and welcome community involvement. Your contributions, feedback, and suggestions play a crucial role in improving the project for everyone. If you're interested in contributing or have ideas for enhancements, please feel free to open an issue or submit a pull request on our GitHub repository. Every contribution, no matter how big or small, is highly valued and greatly appreciated!

(🔼 Back to top)

This project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: Read the license on GitHub

(🔼 Back to top)

(🔼 Back to top)