/Metadata-Attacker

A tool to generate media files with malicious metadata

Primary LanguagePHPMIT LicenseMIT

Metadata-Attacker

GitHub release GitHub stars GitHub forks Docker Stars Docker Pulls license Open Source Love

With this small suite of open source pentesting tools you're able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data.

Installation / Usage

First install docker on your host system.

Now you can simply run the following command:

sudo docker run -p 80:80 --rm lednerb/metadata-attacker

When finished open your favorite browser and switch to the docker ip or http://localhost

Credits

  • Image-Attacker developed by @mniemietz
  • Audio-Attacker developed by @derctwr
  • Video-Attacker, project merging and docker containers by @Lednerb