ExifLooter
Overview
Seção intitulada “Overview”ExifLooter is an OSINT (Open Source Intelligence) tool that automatically extracts EXIF metadata from images found on websites. It discovers sensitive information including GPS coordinates, camera models, lens specifications, and author details embedded in image files. This tool is essential for reconnaissance during authorized penetration testing and security assessments.
Installation
Seção intitulada “Installation”# Update system packages
sudo apt update
sudo apt upgrade
# Install from Kali repositories
sudo apt install exiflooter
# Or clone from GitHub
git clone https://github.com/initstring/exiflooter.git
cd exiflooter
pip install -r requirements.txt
python3 exiflooter.py --help
# Install dependencies
pip install pillow requests urllib3Basic Usage
Seção intitulada “Basic Usage”# Scan a single URL for images
python3 exiflooter.py -u http://target.com
# Scan with verbose output
python3 exiflooter.py -u http://target.com -v
# Display help menu
exiflooter -h
# Specify output format
python3 exiflooter.py -u http://target.com -o json
# Save results to file
python3 exiflooter.py -u http://target.com -w results.txtScanning Options
Seção intitulada “Scanning Options”| Option | Description |
|---|---|
-u URL | Target website URL to scan |
-d DOMAIN | Scan all images from domain |
-f FILE | Read URLs from file (one per line) |
-r | Recursive scan (follow links) |
-t THREADS | Number of threads (default: 5) |
-o FORMAT | Output format: text, json, csv, html |
-w OUTPUT | Write results to file |
-v | Verbose output (shows progress) |
--timeout SECONDS | Connection timeout (default: 10) |
--agent AGENT | Custom User-Agent string |
Extracting GPS Data
Seção intitulada “Extracting GPS Data”GPS coordinates from EXIF can reveal physical locations. Common EXIF tags for location data:
| EXIF Tag | Information |
|---|---|
| GPSLatitude | Latitude coordinates |
| GPSLongitude | Longitude coordinates |
| GPSAltitude | Elevation/altitude |
| GPSDateStamp | Date photo was taken |
| GPSTimeStamp | Time photo was taken |
| GPSMapDatum | Coordinate system used |
# Extract GPS data from scanned images
python3 exiflooter.py -u http://target.com -o json | grep -i "gps"
# Convert GPS coordinates to map format
# 40.7128° N, 74.0060° W (NYC example)Map found coordinates using Google Maps:
https://maps.google.com/?q=40.7128,-74.0060Output Formats
Seção intitulada “Output Formats”Text Output (default)
Seção intitulada “Text Output (default)”python3 exiflooter.py -u http://target.com -o text
# Output shows:
# Image URL
# Camera Model
# Lens Info
# GPS Coordinates
# Date Taken
# Author InfoJSON Output
Seção intitulada “JSON Output”python3 exiflooter.py -u http://target.com -o json > results.json
# JSON structure:
# {
# "url": "http://target.com/image.jpg",
# "camera": "Canon EOS 5D Mark IV",
# "lens": "Canon EF 24-70mm f/2.8L II USM",
# "gps": {"lat": 40.7128, "lon": -74.0060},
# "date_taken": "2024-05-01 14:23:45"
# }CSV Output
Seção intitulada “CSV Output”python3 exiflooter.py -u http://target.com -o csv > results.csv
# Columns: URL, Camera, Lens, Latitude, Longitude, DateTaken, AuthorHTML Output
Seção intitulada “HTML Output”python3 exiflooter.py -u http://target.com -o html -w report.html
# Creates interactive HTML report with embedded mapsFiltering Results
Seção intitulada “Filtering Results”Filter results by EXIF data type:
# Extract only images with GPS data
python3 exiflooter.py -u http://target.com --gps-only
# Find images by specific camera model
python3 exiflooter.py -u http://target.com --camera "Canon"
# Filter by date range
python3 exiflooter.py -u http://target.com --from-date 2024-01-01 --to-date 2024-12-31
# Find images with author/copyright information
python3 exiflooter.py -u http://target.com --has-authorBulk Scanning
Seção intitulada “Bulk Scanning”Scan multiple URLs from a file:
# Create URL list
cat urls.txt
# http://target1.com
# http://target2.com
# http://target3.com
# Scan all URLs
python3 exiflooter.py -f urls.txt -w bulk_results.txt
# Scan with multiple threads for speed
python3 exiflooter.py -f urls.txt -t 10 -w results.json -o jsonRecursive Scanning
Seção intitulada “Recursive Scanning”Follow links to discover more images:
# Recursively crawl website for images
python3 exiflooter.py -u http://target.com -r --depth 2
# Limit recursion depth
python3 exiflooter.py -u http://target.com -r --depth 3
# Exclude certain paths during recursion
python3 exiflooter.py -u http://target.com -r --exclude "admin,login,cdn"Integration with OSINT Workflow
Seção intitulada “Integration with OSINT Workflow”# 1. Identify target website
TARGET="http://target.com"
# 2. Scan for images and extract metadata
python3 exiflooter.py -u $TARGET -o json > metadata.json
# 3. Parse GPS coordinates
grep -o '"lat":\s*[0-9.-]*' metadata.json | cut -d: -f2
# 4. Search for employee details in image author fields
grep -o '"author":\s*"[^"]*"' metadata.json
# 5. Correlate with other OSINT sources
# Cross-reference camera models with staff announcements
# Match GPS coordinates with office locations
# Trace author names to LinkedIn profiles
# 6. Document findings
cat metadata.json | python3 -m json.tool > formatted_results.jsonAdvanced Metadata Extraction
Seção intitulada “Advanced Metadata Extraction”EXIF tags contain detailed technical information:
| Category | Common Tags |
|---|---|
| Camera | Make, Model, Serial Number |
| Lens | Lens Model, Focal Length, F-Number |
| Settings | ISO Speed, Shutter Speed, Exposure Compensation |
| Software | Processing Software, Version |
| Location | GPS Coordinates, Altitude, Direction |
| Temporal | Date/Time Original, Date Modified |
| Author | Copyright, Artist, Source |
# View all EXIF data for a specific image
exiftool image.jpg
# Extract only GPS data
exiftool -gps* image.jpg
# Export as CSV for analysis
exiftool -csv *.jpg > exif_data.csvPrivacy Considerations
Seção intitulada “Privacy Considerations”Educate users about EXIF data exposure:
# Strip EXIF data from images before publishing
mogrify -strip image.jpg
# Or with exiftool
exiftool -all= image.jpg
# Verify EXIF was removed
exiftool image.jpgTroubleshooting
Seção intitulada “Troubleshooting”| Issue | Solution |
|---|---|
| No images found | Check website robots.txt, verify URL is accessible |
| Timeout errors | Increase timeout with --timeout 30 |
| Memory issues on large scans | Reduce thread count, scan smaller sections |
| SSL certificate errors | Use --no-verify-ssl (only in authorized testing) |
| Empty EXIF data | Not all images contain metadata |
Common EXIF Data Examples
Seção intitulada “Common EXIF Data Examples”Canon EOS 5D Mark IV
- Model: Canon, 5D Mark IV
- Lens: Canon EF 24-70mm f/2.8L II USM
- ISO: 400
- Shutter: 1/125
- Aperture: f/2.8
- GPS: 40.7128, -74.0060 (NYC)
- Date: 2024-05-01 14:23:45
- Software: Adobe Lightroom 6.0
- Author: John Smith, Company NameLegal and Ethical Considerations
Seção intitulada “Legal and Ethical Considerations”- Only scan websites and images you have authorization to analyze
- Respect copyright and privacy laws regarding image metadata
- Do not use GPS data to track or locate individuals without consent
- Document all OSINT findings for authorized security assessments
- Consider GDPR and local privacy regulations
- Obtain written authorization before conducting reconnaissance
Related Tools
Seção intitulada “Related Tools”- exiftool — Detailed EXIF manipulation and extraction
- geopy — Convert GPS coordinates to addresses
- shodan — Find images through search engine reconnaissance
- theHarvester — Email harvesting and general OSINT
- recon-ng — Full-featured reconnaissance framework
References
Seção intitulada “References”- EXIF 2.32 Specification
- OWASP OSINT Testing Guide
- NIST SP 800-115 Technical Security Testing