Awesome
Malicious PDF Generator ☠️
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links.
Usage
python3 malicious-pdf.py burp-collaborator-url
Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.
Purpose
- Test web pages/services accepting PDF-files
- Test security products
- Test PDF readers
- Test PDF converters
Credits
- Insecure features in PDFs
- Burp Suite UploadScanner
- Bad-Pdf
- A Curious Exploration of Malicious PDF Documents
- "Portable Document Flaws 101" talk at Black Hat USA 2020
- Adobe Reader - PDF callback via XSLT stylesheet in XFA
- Foxit PDF Reader PoC, DoHyun Lee
- Eicar test file by Stas Yakobov
In Media
- Brisk Infosec
- Daily REDTeam
- Malicious PDF File | Red Team | Penetration Testing
- John Hammond - Can a PDF File be Malware?
Todo
- Adobe Acrobat PDF Reader RCE when processing TTF fonts, CVE-2023-26369
- Adobe Acrobat and Reader Use-After-Free Vulnerability, CVE-2021-28550