With this small suite of open source pentesting tools you’re able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data.
Installation / Usage
First install docker on your host system.
Now you can simply run the following command:
sudo docker run -p 80:80 --rm lednerb/metadata-attacker
When finished open your favorite browser and switch to the docker ip or http://localhost
- Image-Attacker developed by @mniemietz
- Audio-Attacker developed by @derctwr
- Video-Attacker, project merging and docker containers by @Lednerb