As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag.
Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.
Features
- Generate JPG images with IPTC metadata
- Huge collection of XSS vectors
- Easy to use: Generate the image, upload it to your image provider, and verify if the input if filtered
Project Samples
Other Useful Business Software
Get Avast Free Antivirus with 24/7 AI-powered online scam detection
Award-winning antivirus protection, as well as protection against online scams, dangerous Wi-Fi connections, hacked accounts, and ransomware. It includes Avast Assistant, your built-in AI partner, which gives you help with suspicious online messages, offers, and more.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of IPTC-Attacker!