A tool to generate media files with malicious metadata
Switch branches/tags
Nothing to show
Clone or download



GitHub release GitHub stars GitHub forks Docker Stars Docker Pulls license Open Source Love

With this small suite of open source pentesting tools you're able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data.

Installation / Usage

First install docker on your host system.

Now you can simply run the following command:

sudo docker run -p 80:80 --rm lednerb/metadata-attacker

When finished open your favorite browser and switch to the docker ip or http://localhost


  • Image-Attacker developed by @mniemietz
  • Audio-Attacker developed by @derctwr
  • Video-Attacker, project merging and docker containers by @Lednerb