aeondave/exiftool
offensive-tools/forensic/exiftool/SKILL.md
exiftool: metadata extraction, copy, conversion, and editing utility for images, video, documents, archives, executables, and many other file types. Use when investigating EXIF, GPS, XMP, IPTC, embedded previews, sidecar metadata, or batch metadata manipulation in forensic, OSINT, or content-processing workflows.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill exiftoolInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 9, 2026, 4:38 AM163.7s1 file scanned
SKILL.md
- name:
- exiftool
- description:
- exiftool: metadata extraction, copy, conversion, and editing utility for images, video, documents, archives, executables, and many other file types. Use when investigating EXIF, GPS, XMP, IPTC, embedded previews, sidecar metadata, or batch metadata manipulation in forensic, OSINT, or content-processing workflows.
- compatibility:
- Windows, Linux, macOS; Perl-based tool with packaged binaries; extremely broad file-format support
- author:
- AeonDave
- version:
- 1.0
ExifTool
High-coverage metadata inspection and editing across a huge range of file types.
When to use ExifTool
Use ExifTool when you need to:
- dump metadata from images, videos, PDFs, archives, or binaries
- extract GPS, EXIF, XMP, IPTC, ICC, and embedded-preview information
- compare, copy, or transform metadata between files
- batch process directories recursively
- geotag images from GPS logs or normalize timestamp fields
Quick Start
# Read everything ExifTool considers available
exiftool file.jpg
# Short tag names with group names
exiftool -s -G1 file.jpg
# JSON output for automation
exiftool -j file.jpg
High-Value Read Workflows
Full metadata dump
exiftool -a -u -g1 file.jpg
Use this when you want duplicate and unknown tags grouped clearly.
Focused tags
exiftool -s -ImageSize -ExposureTime -CreateDate file.jpg
Structured output for tooling
exiftool -j file.jpg
exiftool -csv dir/
Recursive directory processing
exiftool -r -ext jpg pictures/
Embedded Data and Binary Extraction
# Extract thumbnail
exiftool -b -ThumbnailImage image.jpg > thumbnail.jpg
# Extract embedded metadata from nested content
exiftool -ee file.pdf
-ee is especially useful for embedded documents, previews, or timed metadata in container formats.
Copy and Transform Metadata
Copy tags from one file to another
exiftool -tagsFromFile src.jpg dst.jpg
exiftool -TagsFromFile src.jpg -all:all dst.jpg
Copy selected metadata while rewriting groups intentionally
exiftool -all= -tagsFromFile src.jpg -exif:all dst.jpg
Editing and Deletion
# Write or replace one tag
exiftool -comment='new comment' file.jpg
# Delete all metadata
exiftool -all= file.jpg
# Recursive delete of one group
exiftool -r -XMP-crss:all= DIR
Geotagging
exiftool -geotag track.log image.jpg
exiftool -geotag track.log -geosync=-20 DIR
Use this for forensic or OSINT workflows that align image timestamps with GPS logs.
Practical Notes
- By default, when ExifTool writes metadata it preserves originals as
*_originalbackups. - Use
-overwrite_originalonly when you intentionally do not want those backups. -ndisables print conversion and is useful when you need raw numeric values.-bis the right choice when extracting binary values like thumbnails or full XMP blobs.-Gand-gmatter because the same logical tag may exist in multiple metadata groups.
Caveats
- Editing metadata is not the same as sanitizing a file for privacy; review generated
_originalfiles too. - Upstream notes that PDF edits are reversible because original information is not actually removed from the file.
-all=on RAW formats can destroy metadata needed by vendor workflows; use carefully.
Resources
No bundled scripts/, references/, or assets/.
Use the official ExifTool documentation for the full tag database, batch formatting tricks, and advanced copy/write syntax.
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026