Exiftool — tool to get meta information from image, audio and video files | OSINT Framework #1
Exiftool is a tool used in forensic analysis and penetration testing to gather information over file metadata data. This article will examine the basic services offered by Exiftool. In this article, I will talk about the ExifTool application, which can be easily installed with the package manager. I can say that it is a tool that will meet metadata editing needs for those who like to use command line.
Installation
ExifTool Tool for Debian-based Linux distributions
sudo apt install libimage-exiftool-perl
ExifTool with Homebrew for Intel compatible MacOS
brew install exiftool
ExifTool with Homebrew for M1 compatible macOS
arch -arm64 brew install exiftool
Viewing metadata information
Change from the command line to the directory whose metadata you want to view. If you want to view the metadata of all files in the directory, you can display it with a period.
exiftool .
I will show application of this tool with this photo. Name of this photo is WindowsXP.jpg .
First, change your directory to the directory where you saved the photo you want to get data from. I saved this photo on my Downloads folder
Now we can move on to using ExifTool.
As you can see above, we have received a lot of information about the photograph that is not normally visible. We have the authority to access a lot of information, including the date the photo was taken, its extension, the land and location where it was taken.
If you want to export metadata information to html file.
exiftool -h . > exif.html
Now, I used Cat function to see this exif.html document.
Editing metadata information
Now I will show how to change the title of the file we watch in Exiftool:
exiftool -Title="{NEWNAME}" "file.extension"
Deleting metadata information
Remove all metadata from a file
exiftool -Title="{NEWNAME}" "file.extension"
Remove metadata from certain format files in working directory
exiftool -all= -overwrite_original -ext png .
SOME COOL TIPS ABOUT THIS TOOLS:
- Note that extensions and filenames are case sensitive on Linux. * .jpg is not the same as *. (JPG especially when wildcards are used.)
- ExifTool creates a copy of the original file by appending _original to the filename as a backup. To avoid this and replace files directly, use the `-overwrite_original` option
Location case:
In some cases users can learn the coordinates of the location where the photo has taken
For example: If we get a location info like this >> GPS Latitude : 20°56’15.47″S, 164°39’30.56″E →> we can location where the photo has taken. For this I will use the best OSINT tool(for me) you can use — GOOGLE.
GPS Latitude : 20°56’15.47″S, 164°39’30.56″E
Let’s Google it:
Extra Links for techies: