Automatic tool for extracting EXIF metadata from website images and sets of URLs.
A perfect tool for bug hunters and OSINT researchers.
- Get EXIF metadata from website images quickly and in real-time
- Nominatim API integration for fast location detection
- Automatic detection of URLs containing images
- Download all images from a website in a few seconds
- Crawling support
- Base64 image support
- INPUT supported: STDIN, URL and LIST
- OUTPUT supported: FILE
- Detecting images with EXIF GPS metadata is a valid vulnerability in BUG BOUNTY PROGRAMS! (P3 -P4): "EXIF Geolocation Data Not Stripped From Uploaded Images"
git clone https://github.com/msegoviag/exifharvester.git cd exifharvesterpython exifharvester.py -u dpreview.com -i 1The following external libraries may need to be installed: urllib3, requests, beautifulsoup4 and Pillow
These dependencies can be installed using the requirements.txt file:
- Installation on Linux and MacOS
pip install -r requirements.txt
- Installation on Windows:
python.exe -m pip install -r requirements.txt
python exifharvester.py -u dpreview.com
echo dpreview.com | python exifharvester.py
cat urls.txt | python exifharvester.py
python exifharvester.py -f urls.txt
python exifharvester.py -l 1337.jpg
python exifharvester.py -u dpreview.com -s DownloadedImages -o results.txt
python exifharvester.py -u dpreview.com --raw
python exifharvester.py -u test.com -c PHPSESSID=e1faf854faf7fa62f1
python exifharvester.py -u test.com -ua "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
python exifharvester.py -u test.com -p 127.0.0.1:8118
python exifharvester.py -u dpreview.com -t 15
python exifharvester.py -u dpreview.com -cr
python exifharvester.py -u dpreview.com -cr -d 4 (depth)
python exifharvester.py -u dpreview.com -i 1 (ignore errors and shows informative results)
python exifharvester.py -u dpreview.com -i 2 (silent)
python exifharvester.py -u dpreview.com -api 0 (The Nominatim API is not used)
python exifharvester.py -u dpreview.com -api 1 (The use of the Nominatim API is enforced)
python exifharvester.py -h
- Selenium support for detecting images that are dynamically loaded with Javascript, a common behaviour in several frameworks.
- More refactor.
Exifharvester is licensed under the GNU GPL license. take a look at the LICENSE for more information.
Usage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.