IPTC-Attacker

As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag.

Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.

Features

Generate JPG images with IPTC metadata
Huge collection of XSS vectors
Easy to use: Generate the image, upload it to your image provider, and verify if the input if filtered

Project Samples

Generated XSS testing image with IPTC metadata in Firefox

Project Activity

See All Activity >

Follow IPTC-Attacker

IPTC-Attacker Web Site

Other Useful Business Software

Level Up Your Cyber Defense with External Threat Management

See every risk before it hits. From exposed data to dark web chatter. All in one unified view.

Move beyond alerts. Gain full visibility, context, and control over your external attack surface to stay ahead of every threat.

Try for Free

Rate This Project

User Reviews

Be the first to post a review of IPTC-Attacker!

Additional Project Details

Intended Audience

Auditors, Security Professionals, Testers

Programming Language

JavaScript, PHP

Related Categories

PHP Security Software, PHP Penetration Testing Tool, JavaScript Security Software, JavaScript Penetration Testing Tool

Registered

2014-06-30

Similar Business Software

Social-Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by Dave Kennedy, the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. It has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture...

See Software
Defense.com

Take control of cyber threats. Identify, prioritize and track all your security threats with Defense.com. Simplify your cyber threat management. Detection, protection, remediation, and compliance, are all in one place. Make intelligent decisions about your security with automatically prioritized...

See Software
TrustedSite

TrustedSite Security is a complete solution for external security testing and monitoring. In a single, easy-to-use platform, TrustedSite brings together the essential tools your organization needs to reduce the likelihood of a breach, from attack surface discovery to vulnerability scanning to...

See Software
Looxy.io

Looxy.io aims to be the most useful single place you can go to for software testing. looxy.io software testing is planning to add many new tests including web page performance tests, Load testing, penetration testing, Web application security testing and everything in between. All test...

See Software