Word documents, PDFs, and images contain hidden metadata: author names, usernames, software versions, GPS coordinates, and internal server paths.
# Extract metadata from a Word document using exiftool: exiftool company_report.docx # Example output from a real document: File Name : Q4_Financial_Report.docx Creator : tom.bridges Last Modified By : jessica.park Company : AcmeTech Corp Software : Microsoft Office 16.0 (Windows 10) Template : C:\Users\tom.bridges\AppData\Roaming\... # What attackers learn: # - Real username: tom.bridges (matches email pattern t.bridges@acmetech.corp) # - Internal file path reveals Windows username format # - Office version reveals potential CVEs to target # Extract from PDF: exiftool annual_report.pdf # Extract from images (EXIF data): exiftool photo.jpg # GPS coordinates, camera model, date/time, software used # Tools to use: # - ExifTool (all platforms): exiftool.org # - FOCA (Windows): metadata extractor for mass file analysis # - Metagoofil: automated Google dorking + metadata extraction