IPTC-Attacker

As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag.

Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.

Features

Generate JPG images with IPTC metadata
Huge collection of XSS vectors
Easy to use: Generate the image, upload it to your image provider, and verify if the input if filtered

Project Samples

Generated XSS testing image with IPTC metadata in Firefox

Project Activity

See All Activity >

Follow IPTC-Attacker

IPTC-Attacker Web Site

Other Useful Business Software

AI-powered service management for IT and enterprise teams

Enterprise-grade ITSM, for every business

Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.

Try it Free

Rate This Project

User Reviews

Be the first to post a review of IPTC-Attacker!

Additional Project Details

Intended Audience

Auditors, Security Professionals, Testers

Programming Language

JavaScript, PHP

Related Categories

PHP Security Software, PHP Penetration Testing Tool, JavaScript Security Software, JavaScript Penetration Testing Tool

Registered

2014-06-30

Similar Business Software

Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Proton Pass

Proton Pass is an open-source password manager based in Switzerland that encrypts your usernames, passwords, bank cards, and encrypted notes and lets users quickly autofill details across all devices and browsers. Proton Pass goes beyond keeping your password safe, it secures your online...

See Software
Reflectiz

Reflectiz is a web exposure management platform that helps organizations identify, monitor, and mitigate security, privacy, and compliance risks across their online environments. It provides full visibility and control over first, third, and fourth-party components like scripts, trackers, and...

See Software
Google Cloud Platform

Google Cloud is a cloud-based service that allows you to create anything from simple websites to complex applications for businesses of all sizes. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage...

See Software
Air

Centralize your team's content in a workspace that's organized, versioned, and easy to share. Sure, Air stores your content. But it also has smart search, guest permissions, custom layouts, version tracking, and hassle-free sharing that makes every part of the creative process easier and more...

See Software