With this small suite of open source pentesting tools you're able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data.

First install docker on your host system.

Now you can simply run the following command:

sudo docker run -p 80:80 --rm lednerb/metadata-attacker

When finished open your favorite browser and switch to the docker ip or http://localhost

• Image-Attacker developed by @mniemietz
• Audio-Attacker developed by @derctwr
• Video-Attacker, project merging and docker containers by @Lednerb