Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
Used for penetration testing and/or red teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links.
Usage
git clone https://github.com/jonaslejon/malicious-pdf.git cd malicious-pdf python3 malicious-pdf.py burp-collaborator-url
Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.
Do not use the https:// etc prefix on the url argument.
Purpose
- Test web pages/services accepting PDF-files
- Test security products
- Test PDF readers
- Test PDF converters
Credits
- Insecure features in PDFs
- Burp Suite UploadScanner
- Bad-Pdf
- A Curious Exploration of Malicious PDF Documents
- “Portable Document Flaws 101” talk at Black Hat USA 2020
- Adobe Reader – PDF callback via XSLT stylesheet in XFA
- Foxit PDF Reader PoC, DoHyun Lee
- Eicar test file by Stas Yakobov
The Malicious PDF is a github repository by Jonas Lejon
Leave a Reply