As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag.
Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.
Features
- Generate JPG images with IPTC metadata
- Huge collection of XSS vectors
- Easy to use: Generate the image, upload it to your image provider, and verify if the input if filtered
Other Useful Business Software
Compliant and Reliable File Transfers Backed by Top Security Certifications
Stop relying on non-certified, legacy file transfer tools that creak under the weight of modern security demands. Get full audit trails, advanced access controls and more supported by an award-winning team of experts. Start your free 25-day trial today.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of IPTC-Attacker!