What is ExifTool?
ExifTool is a command-line application and Perl library for reading, writing, and editing metadata in files. It supports a wide range of file formats.
Concept Behind Metadata
Metadata is "data about data" - information embedded in files that describes their characteristics:
- Technical information: dimensions, resolution, camera settings
- Descriptive information: title, author, comments, keywords
- Administrative information: creation dates, software used, copyright
- Location data: GPS coordinates, altitude
Usage Details with Examples
1. Read all metadata from a file
exiftool image.jpg2. Read specific metadata
exiftool -Title -Author -Date file.jpg3. Write/change metadata
exiftool -Title="My Photo" -Author="John Smith" image.jpg4. Remove all metadata
exiftool -all= file.jpg5. Remove specific metadata
exiftool -GPS*= file.jpg # Remove location data6. Extract only comments
exiftool -Comment file.jpg7. Work with multiple files
exiftool -Data *.jpg #All JPEGs
exiftool -Title -Author folder/*.png #Multiple attributes8. Save output to file
exiftool photo.jpg > metadata.txtUse Cases
1. Digital Forensics
#Verify image authenticity
exiftool -CreateDate -ModifyDate -Software imagem_suspeita.jpg
#Search for sensitive data
exiftool -GPS* fotos/*.jpg # GPS location2. OSINT (Open Source Intelligence)
#Extract information from social media images
exiftool foto_perfil.jpg | grep -i "camera\|model\|software"3. CTFs and Pentesting
#Search for hidden flags in metadata
exiftool arquivo_desafio.jpg | grep -E "flag|comment|description"
#Check all possible fields
exiftool -a -u -g1 file.jpg4. Privacy
#Clear metadata before sharing photos
exiftool -all= -overwrite_original photo.jpgPractical CTF Example
Common scenario:
#1. Download challenge image
wget http://ctf.example.com/challenge.jpg
#2. Analyze basic metadata
exiftool challenge.jpg
#3. If nothing is found, check all fields
exiftool -a -u -g1 challenge.jpg
#4. Search for specific strings
exiftool challenge.jpg | grep -i "flag\|secret\|key\|password"
#5. Extract embedded thumbnails
exiftool -b -ThumbnailImage challenge.jpg > thumbnail.jpgUseful advanced commands:
#List all metadata groups
exiftool -g1 -s file.jpg
#Extract metadata in JSON format
exiftool -json file.jpg
#Check hexadecimal structure
exiftool -v -s file.jpg | less
#Search for strings in all fields
exiftool -a file.jpg | strings | grep "pattern"Practical Usage
Command executed:
exiftool nothing.pngParsed output:
ExifTool Version Number : 13.30 #ExifTool Version
File Name : nothing.png #File Name
Directory : /path/to/file #Location
File Size : 675 bytes #Size
File Modification Date/Time : 2025:06:06 16:04:24-03:00
File Access Date/Time : 2026:06:06 16:04:24-03:00
File Inode Change Date/Time : 2025:06:06 16:04:24-03:00
File Permissions : -rw-r--r-- #Permissions
File Type : PNG #File Type
File Type Extension : png
MIME Type : image/png
Image Width : 300 #Width in pixels
Image Height : 100 #Height in pixels
Bit Depth : 8 #Color depth
Color Type : RGB #Color space
Compression : Deflate/Inflate
Filter : Adaptive
Interlace : Noninterlaced
Comment : FLAG{welcome_to_the_red_team} #FLAG!
Image Size : 300x100
Megapixels : 0.030 #Resolution in megapixelsFlag Identified:
Comment: FLAG{welcome_to_the_red_team}