Offensive Security Tool: malicious-pdf
Reading Time: 2 Minutes
Offensive Security Tool: malicious-pdf
Malicious PDF Generator
Social Engineering attacks combined with Phishing Attack simulation, when performing assessments as a Red-Team Penetration tester, requires a certain preparation beforehand. It’s about choosing the right tools and testing the attacks before launching them in real-time. You only have one or very few limited attempts before the victim would realize, something is wrong. Therefore, it’s crucial to understand how important preparation is, and the specific tool, that allows you to generate PDFs containing payloads, with some specific purpose.
Malicious-pdf by jonaslejon, allows you to generate ten different malicious pdf files with phone-home functionality. It can be used with Burp Collaborator or Interact.sh
See Also: Recon Tool: ReconFTW
Usage
python3 malicious-pdf.py burp-collaborator-url
Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.
Do not use the https:// etc prefix on the url argument.
Purpose
- Test web pages/services accepting PDF-files
- Test security products
- Test PDF readers
- Test PDF converters
See Also: Write up: Find hidden and encrypted secrets from any website