As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag.

Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.

Features

  • Generate JPG images with IPTC metadata
  • Huge collection of XSS vectors
  • Easy to use: Generate the image, upload it to your image provider, and verify if the input if filtered

Project Samples

Project Activity

See All Activity >

Follow IPTC-Attacker

IPTC-Attacker Web Site

Other Useful Business Software
Compliant and Reliable File Transfers Backed by Top Security Certifications Icon
Compliant and Reliable File Transfers Backed by Top Security Certifications

Cerberus FTP Server delivers SOC 2 Type II certified security and FIPS 140-2 validated encryption.

Stop relying on non-certified, legacy file transfer tools that creak under the weight of modern security demands. Get full audit trails, advanced access controls and more supported by an award-winning team of experts. Start your free 25-day trial today.
Start Free Trial
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of IPTC-Attacker!

Additional Project Details

Intended Audience

Auditors, Security Professionals, Testers

Programming Language

JavaScript, PHP

Related Categories

PHP Security Software, PHP Penetration Testing Tool, JavaScript Security Software, JavaScript Penetration Testing Tool

Registered

2014-06-30