IPTC-Attacker

As an open source penetration testing tool, IPTC-Attacker allows to create an image with IPTC metadata containing testing vectors for Cross-Site Scripting attacks. Each checkbox can be used to include a huge collection of payloads into the selected tags (HTML5sec, XSS Cheat Sheet). If a checkbox will be not selected, the string aaa'bbb"ccc<ddd is automatically included into the unchecked IPTC tag.

Therefore, testing for XSS vulnerabilities via IPTC metadata is possible by looking into the source code of the attacked Web application; strictly speaking for aaa'bbb"ccc<ddd or alternatively by verifying if, for example, alert-windows appear due to the XSS vector collection.

Features

Generate JPG images with IPTC metadata
Huge collection of XSS vectors
Easy to use: Generate the image, upload it to your image provider, and verify if the input if filtered

Project Samples

Generated XSS testing image with IPTC metadata in Firefox

Project Activity

See All Activity >

Follow IPTC-Attacker

IPTC-Attacker Web Site

Other Useful Business Software

Enterprise-Class Managed File Transfer.

For organizations that need to automate secure file transfers to protect sensitive data.

Diplomat MFT by Coviant Software is a secure, reliable managed file transfer solution designed to simplify and automate SFTP, FTPS, and HTTPS file transfers. Built for seamless integration, Diplomat MFT works across major cloud storage platforms, including AWS S3, Azure Blob, Google Cloud, Oracle Cloud, SharePoint, Dropbox, Box, and more.

Learn More

Rate This Project

User Reviews

Be the first to post a review of IPTC-Attacker!

Additional Project Details

Intended Audience

Auditors, Security Professionals, Testers

Programming Language

JavaScript, PHP

Related Categories

PHP Security Software, PHP Penetration Testing Tool, JavaScript Security Software, JavaScript Penetration Testing Tool

Registered

2014-06-30

Similar Business Software

Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Reflectiz

Reflectiz is a web exposure management platform that helps organizations identify, monitor, and mitigate security, privacy, and compliance risks across their online environments. It provides full visibility and control over first, third, and fourth-party components like scripts, trackers, and...

See Software
Google Cloud Platform

Google Cloud is a cloud-based service that allows you to create anything from simple websites to complex applications for businesses of all sizes. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage...

See Software
Auth0

Auth0 takes a modern approach to Identity, providing secure access to any application, for any user. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. Auth0 is part of Okta, The World’s Identity...

See Software
ManageEngine Endpoint Central

ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the...

See Software