Offensive Security Tool: malicious-pdf

by | May 13, 2022 | Tools

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 2 Minutes

Offensive Security Tool: malicious-pdf

GitHub Link

 

 

Malicious PDF Generator

Social Engineering attacks combined with Phishing Attack simulation, when performing assessments as a Red-Team Penetration tester, requires a certain preparation beforehand. It’s about choosing the right tools and testing the attacks before launching them in real-time. You only have one or very few limited attempts before the victim would realize, something is wrong. Therefore, it’s crucial to understand how important preparation is, and the specific tool, that allows you to generate PDFs containing payloads, with some specific purpose.

Malicious-pdf by jonaslejon, allows you to generate ten different malicious pdf files with phone-home functionality. It can be used with Burp Collaborator or Interact.sh

 

See Also: Recon Tool: ReconFTW

 

Usage

 

python3 malicious-pdf.py burp-collaborator-url

Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.

Do not use the https:// etc prefix on the url argument.

Purpose

  • Test web pages/services accepting PDF-files
  • Test security products
  • Test PDF readers
  • Test PDF converters

 

See Also: Write up: Find hidden and encrypted secrets from any website

Merch

Recent Articles

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This