Alex Savca

Done. Sorry for the delay, I built clang locally on my current netbook to make sure I fixed it correctly :)

> The comments about it being a fork should be removed from the README though sweat_smile :rofl: By the way, I only made a PR to the first commit: `add...

> Too bad it seems this repo isn't maintained anymore? seems so

@merkleID This tool use python2 with corresponding libs. You can find my fork here: https://github.com/chinarulezzz/spoofcheck . It has been ported to py3. Also, you can start it in the docker.

Seems like the debian devs faced the same problem, only in a different package. They [patched](https://salsa.debian.org/perl-team/modules/packages/libnet-whois-ip-perl/-/raw/master/debian/patches/remove-AutoLoader.patch) the libnet-whois-ip-perl for that.

> is this tool meant for steganographic purposes or does rendering the image trigger the payload ? I think the second. I do not think that this is a good...

@ecki Yes. And not only. Please, refer to #4 (reference list) to better understand the possible use cases.

@dewebdes >no, the program have no input argument for an image file, it just bind a code with auto generated blank image afaik, pixload can inject the payload into existing...

Useful references: - [Bypassing CSP using polyglot JPEGs](https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs) - [Hacking group using Polyglot images to hide malvertising attacks](https://devcondetect.com/blog/2019/2/24/hacking-group-using-polyglot-images-to-hide-malvertsing-attacks) - [Encoding Web Shells in PNG IDAT chunks](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/) - [An XSS on...

>can you add function for change number of pixels? Seems like there is no problem to make that on some image formats. Here is the code example: https://github.com/chinarulezzz/pixload/blob/master/gif.pl#L64 It's a...