# Expload  
![image](https://github.com/user-attachments/assets/fbae4274-21d0-4233-9c96-5e19bab88488)

## what is expload
A tool for injecting magic bytes of allowed files, and spoofing the mime type. In order to exploit vulnerable file upload forms that use these as the sole validation mechanism

## useage
```
expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME [-d] [-h2] [-he HEADERS [HEADERS ...]] [-c COOKIES] [-r]

expload args

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     url to upload to
  -p PAYLOAD, --payload PAYLOAD
                        path to file to upload
  -e EXT, --ext EXT     extension to spoof
  -n NAME, --name NAME  field name for file upload
  -f FILENAME, --filename FILENAME
                        file name to upload with
  -d, --doubleextend    spoofed extension inserted into filename
  -h2, --http2          use http2 if supported
  -he HEADERS [HEADERS ...], --headers HEADERS [HEADERS ...]
                        headers and keys colon seperated
  -c COOKIES, --cookies COOKIES
                        cookies seperated by ; and wrapped in quotes
  -r, --response        display the response from the target webapp
```