Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links.

python3 malicious-pdf.py burp-collaborator-url

Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.

• Test web pages/services accepting PDF-files
• Test security products
• Test PDF readers
• Test PDF converters

• Insecure features in PDFs
• Burp Suite UploadScanner
• Bad-Pdf
• A Curious Exploration of Malicious PDF Documents
• "Portable Document Flaws 101" talk at Black Hat USA 2020
• Adobe Reader - PDF callback via XSLT stylesheet in XFA
• Foxit PDF Reader PoC, DoHyun Lee
• Eicar test file by Stas Yakobov

1. git clone https://lnkd.in/g7nfz-nd

2. Copy Burp Collaborator URL to the clipboard.

3. python3 malicious-pdf.py burp-collaborator-url

4. Test file upload features with the generated PDFs.

5. PRO tip: On some endpoints, you need to provide base64 data.

You can use the search engine to find a PDF => Base64 converter. Use the base64 value in the input, usually via a POST request parameter.