XowiaScan
Home Tools Pricing API Docs About Sign in Get started
← All tools

Image EXIF Extractor

Recon & Discovery

Pull EXIF, IPTC and XMP metadata from an image — GPS, device serials, owner, software — with a clear leak summary.

What is Image EXIF Extractor?

Image EXIF Extractor reads the metadata baked into photos and surfaces what actually matters for OSINT: GPS coordinates, the camera/phone model and its unique serial number, the owner/author name, editing software, timestamps and embedded location names. It parses EXIF, IPTC and XMP (plus PNG text chunks), not just the basics.

Analyze your own uploads, or point it at an image URL on a target — the fetch is server-side and SSRF-guarded — to check what their published images leak. A one-glance leak summary tells you exactly what each image gives away.

What it does

  • Leak summary — grades what the image exposes: GPS, device serial, owner, location, software, timestamps.
  • GPS & mapping — latitude/longitude (plus altitude/direction) with one-click OpenStreetMap / Google Maps links.
  • Device fingerprint — make/model, lens, and unique camera/lens serial numbers.
  • IPTC + XMP + PNG text — author, copyright, captions, location names, document/instance IDs.
  • Batch mode — drop several images, or paste up to 15 image URLs (one per line), and audit them in one run with an aggregate summary.
  • Reverse-geocoded GPS — coordinates resolved to a place name (city / region / country) in your browser, plus map links.
  • Analyze by upload or URL — URL fetch is SSRF-guarded and size-capped (25 MB each).
  • Strip & export — download a metadata-free copy (re-encoded in your browser) or export all findings as JSON.

Where it fits in your workflow

  • OSINT: place a photo geographically and tie it to a specific device via serials.
  • Bug bounty: check images hosted on a target for leaked GPS / internal author names.
  • Demonstrate & remediate metadata-leak risk in a client’s published content.
Use Image EXIF Extractor

Run it from your dashboard.

Create free account Sign in Use via API

At a glance

CategoryRecon & Discovery
RunsServer-side
Token cost 2 / run (free tier)
AccessFree · no login to try
Status● Live

Frequently asked questions

Why are there no GPS tags?

Many platforms strip EXIF on upload, and most phones let users disable location tagging. Absence of GPS is common for images sourced from social media.

Is the uploaded image stored?

No — it is processed in a temporary file, analyzed, then discarded. URL fetches are downloaded to a temp file and deleted after parsing.

Explore more tools →