File Upload Auditor

Bypass Upload Filters

File upload features are high-risk entry points. This tool generates test files designed to bypass extension filters, magic byte checks, and MIME type validation to test for RCE via upload.

Try File Upload Auditor Documentation

Vectors:PHP, ASP, JSP, SVG XSS

Upload Test

> rasec upload-gen --vector polyglot

[+] Generating upload bypass files...

[1] shell.php.jpg (Double Extension)

[2] shell.php%00.jpg (Null Byte)

[3] image.png (Polyglot: Valid PNG + PHP Code)

> Magic Bytes: 89 50 4E 47 ...

> Payload: <?php system($_GET['c']); ?> injected in IDAT chunk

[+] Files saved to ./output

Key Features

Extension Bypasses

Generates files with double extensions (.php.jpg) and null bytes.

Magic Byte Injection

Creates polyglot files that look like images but contain executable code.

SVG payloads

Generates SVGs containing XSS vectors.

Ready to try File Upload Auditor?

Start using this tool in seconds. No credit card required.

Launch File Upload Auditor

All Tools Try Live Demo