Star 历史趋势
数据来源: GitHub API · 生成自 Stargazers.cn
README.md

malicious-pdf.png

made-with-python OpenSSF Best Practices

Malicious PDF Generator ☠️

Generate 67 malicious PDF test files for testing phone-home callbacks, SSRF, XSS, XXE, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

Used for penetration testing, bug bounty hunting, and/or red-teaming etc. I created this tool because I needed a tool to generate a bunch of PDF files with various links. Educational and professional purposes only.

Usage

pip install -r requirements.txt
python3 malicious-pdf.py burp-collaborator-url

Output will be written to the output/ directory as: test1.pdf, test2.pdf, test3.pdf etc.

Options

--output-dir DIR    Directory to save generated PDF files (default: output/)
--no-credit         Do not embed credit/attribution metadata in generated PDFs
--obfuscate LEVEL   Obfuscation level (0-3):
                      0 = None (default)
                      1 = PDF name hex encoding + string octal/hex encoding
                      2 = Level 1 + JS bracket notation + javascript: URI case/whitespace obfuscation
                      3 = Level 2 + FlateDecode stream compression

Example with obfuscation:

python3 malicious-pdf.py https://your-interact-sh-url --obfuscate 2

Maximum obfuscation (Level 4 wraps JS payloads in a base64 decoder stub so the original API calls never appear as literal substrings):

python3 malicious-pdf.py https://your-interact-sh-url --obfuscate 4

Purpose

  • Test web pages/services accepting PDF files
  • Test security products
  • Test PDF readers
  • Test PDF converters
  • Test server-side PDF processing libraries (PDFBox, iText, etc.)
  • Test PDF static analysis tools — staged JS payloads (form-field /V, base64 decoder) defeat naïve /JS regex scanners
  • Bug bounty hunting — useful for finding SSRF, XXE, blind callbacks, and NTLM leaks in file upload endpoints, PDF-to-image converters, and document processing pipelines on programs that accept PDF input

Credits

In Media

Complete Test Matrix

Click to expand all 70 test cases
Test FileFunctionCVE/ReferenceAttack VectorMethodImpact
test1.pdfcreate_malpdf()CVE-2018-4993External file access/GoToE action with UNC pathNetwork callback via file system
test1_1.pdfcreate_malpdf()CVE-2018-4993External file access/GoToE action with HTTPS URLNetwork callback via HTTPS
test2.pdfcreate_malpdf2()XFA form submissionForm data exfiltrationXDP form with submit eventAutomatic form submission
test3.pdfcreate_malpdf3()JavaScript injectionCode execution/OpenAction with app.openDoc()External document loading
test4.pdfcreate_malpdf4()CVE-2019-7089XSLT injectionXFA with external XSLT stylesheetUNC path callback
test5.pdfcreate_malpdf5()PDF101 researchURI action/URI action typeDNS prefetching/HTTP request
test6.pdfcreate_malpdf6()PDF101 researchLaunch action/Launch with external URLExternal resource execution
test7.pdfcreate_malpdf7()PDF101 researchRemote PDF/GoToR actionRemote PDF loading
test8.pdfcreate_malpdf8()PDF101 researchForm submission/SubmitForm with HTML flagsForm data submission
test9.pdfcreate_malpdf9()PDF101 researchData import/ImportData actionExternal data import
test10.pdfcreate_malpdf10()CVE-2017-10951JavaScript executionFoxit this.getURL() callbackNetwork callback via Foxit Reader
test11.pdfcreate_malpdf11()EICAR testAV detectionEmbedded EICAR stringAnti-virus testing
test12.pdfcreate_malpdf12()CVE-2014-8453FormCalc data exfiltrationXFA FormCalc Post() functionSame-origin data exfiltration with cookies
test13.pdfcreate_malpdf13()Request injectionCRLF header injectionXFA submit textEncoding CRLFHTTP header manipulation
test14.svgcreate_malpdf14()ImageMagick shell injectionShell injection via SVG/MSLSVG-MSL polyglot authenticate attributeRemote code execution via ImageMagick
test15.pdfcreate_malpdf15()PDF specificationFormCalc header injectionXFA FormCalc Post() with custom headersArbitrary HTTP header injection
test16.pdfcreate_malpdf16()PDF specificationJavaScript via GotoE/GoToE with javascript: URIBrowser XSS when PDF embedded via <embed>/<object>
test17.pdfcreate_malpdf17()CVE-2014-8452XXE injectionXMLData.parse() external entityXML external entity resolution
test18.pdfcreate_malpdf18()PortSwigger researchAnnotation URI injectionUnescaped parens inject JS action via duplicate /A keyXSS via PDF-Lib/jsPDF output
test19.pdfcreate_malpdf19()PortSwigger researchPV auto-execution/AA /PV Screen annotation fires JS on page visibleAutomatic code execution (Acrobat)
test20.pdfcreate_malpdf20()PortSwigger researchPC close trigger/AA /PC annotation fires JS on page closeCode execution on close (Acrobat)
test21.pdfcreate_malpdf21()PortSwigger researchSubmitForm SubmitPDF/SubmitForm with Flags 256 sends entire PDFFull PDF content exfiltration
test22.pdfcreate_malpdf22()PortSwigger researchJS submitForm()this.submitForm() with cSubmitAs: "PDF"PDF content submission (Acrobat)
test23.pdfcreate_malpdf23()PortSwigger researchWidget button injectionInvisible /Btn widget covering page, JS on clickCode execution (Chrome/PDFium)
test24.pdfcreate_malpdf24()PortSwigger researchText field SSRFWidget /Tx field with submitForm() POSTBlind SSRF via form data
test25.pdfcreate_malpdf25()PortSwigger researchContent extractiongetPageNthWord() reads all text and exfiltratesRendered text exfiltration
test26.pdfcreate_malpdf26()PortSwigger researchMouseover trigger/AA /E annotation fires JS on mouse enterCode execution on hover (PDFium)
test27RemovedDuplicate of test3 (Acrobat OpenAction JS) + test23 (Chrome Widget Btn)
test28.pdfcreate_malpdf28()PortSwigger researchURL hijackingUnescaped parens inject new /URI actionClick redirection via PDF-Lib/jsPDF
test29.pdfcreate_malpdf29()CVE-2024-4367FontMatrix injectionType1 font FontMatrix string breaks out of c.transform()Arbitrary JS execution in PDF.js (Firefox < 126)
test30.pdfcreate_malpdf30()PDF101 researchExternal XObject streamImage XObject fetches data from remote URL via /FS /URLSilent callback via page rendering (no actions/JS)
test31.pdfcreate_malpdf31()PDF101 researchThread action/S /Thread with remote FileSpecNetwork callback via thread reference
test32.pdfcreate_malpdf32()PDF101 researchLaunch with print/Launch with /Win << /O /print >> forces remote fetchNetwork callback via print operation
test33_1.pdfcreate_malpdf33_1()PDF101 researchJS: this.submitForm()Acrobat JS form submission callbackAcrobat Reader
test33_2.pdfcreate_malpdf33_2()PDF101 researchJS: this.getURL()Acrobat JS URL fetchAcrobat Reader
test33_3.pdfcreate_malpdf33_3()PDF101 researchJS: app.launchURL()Acrobat JS launch URLAcrobat Reader
test33_4.pdfcreate_malpdf33_4()PDF101 researchJS: app.media.getURLData()Acrobat JS media fetchAcrobat Reader
test33_5.pdfcreate_malpdf33_5()PDF101 researchJS: SOAP.connect()Acrobat JS SOAP connectionAcrobat Reader
test33_6.pdfcreate_malpdf33_6()PDF101 researchJS: SOAP.request()Acrobat JS SOAP requestAcrobat Reader
test33_7.pdfcreate_malpdf33_7()PDF101 researchJS: this.importDataObject()Acrobat JS data importAcrobat Reader
test33_8.pdfcreate_malpdf33_8()PDF101 researchJS: app.openDoc()Acrobat JS open documentAcrobat Reader
test33_9.pdfcreate_malpdf33_9()PDF101 researchJS: fetch()Web API callback (PDF.js/browser)Firefox/PDF.js
test33_10.pdfcreate_malpdf33_10()PDF101 researchJS: XMLHttpRequestWeb API callback (PDF.js/browser)Firefox/PDF.js
test33_11.pdfcreate_malpdf33_11()PDF101 researchJS: new Image()Web API image callback (PDF.js/browser)Firefox/PDF.js
test33_12.pdfcreate_malpdf33_12()PDF101 researchJS: WebSocketWeb API WebSocket callback (PDF.js/browser)Firefox/PDF.js
test33_13.pdfcreate_malpdf33_13()Adobe 0-day blog (Apr 2026)JS: RSS.addFeed()Acrobat JS RSS feed callbackAcrobat Reader
test33_14.pdfcreate_malpdf33_14()Adobe 0-day blog (Apr 2026)JS: util.readFileIntoStream() + SOAP.request()Local file read + exfil chain (try/catch error path also callbacks)Acrobat Reader
test33_15.pdfcreate_malpdf33_15()Adobe 0-day blog (Apr 2026)Form-field-staged JS loaderBase64 payload in /Tx widget /V, decoded via getField() + util.stringFromStreamAcrobat Reader
test34_1.pdfcreate_malpdf34_1()PDF101 researchUNC: XObject streamImage XObject with UNC pathNTLM theft via page rendering
test34_2.pdfcreate_malpdf34_2()PDF101 researchUNC: GoToR/GoToR action with UNC FileSpecNTLM theft via remote PDF
test34_3.pdfcreate_malpdf34_3()PDF101 researchUNC: Thread/Thread action with UNC FileSpecNTLM theft via thread reference
test34_4.pdfcreate_malpdf34_4()PDF101 researchUNC: URI/URI action with UNC pathNTLM theft via URI action
test34_5.pdfcreate_malpdf34_5()PDF101 researchUNC: JS submitFormthis.submitForm() with UNC pathNTLM theft via JS form submission
test34_6.pdfcreate_malpdf34_6()PDF101 researchUNC: JS getURLthis.getURL() with UNC pathNTLM theft via JS URL fetch
test34_7.pdfcreate_malpdf34_7()PDF101 researchUNC: JS launchURLapp.launchURL() with UNC pathNTLM theft via JS launch
test34_8.pdfcreate_malpdf34_8()PDF101 researchUNC: JS SOAPSOAP.connect() with UNC pathNTLM theft via JS SOAP
test34_9.pdfcreate_malpdf34_9()PDF101 researchUNC: JS openDocapp.openDoc() with UNC pathNTLM theft via JS open document
test35.pdfcreate_malpdf35()PDF101 researchNames dictionary/Names /JavaScript catalog-level auto-execute triggerAlternative JS execution trigger
test36.pdfcreate_malpdf36()CVE-2016-2175 / CVE-2017-9096XXE in XMP metadataXXE <!ENTITY> in /Metadata XMP streamServer-side callback (PDFBox, iText)
test37.pdfcreate_malpdf37()CVE-2016-2175 / CVE-2017-9096XXE in XFA form dataXXE <!ENTITY> in /AcroForm /XFA streamServer-side callback (PDFBox, iText)
test38.pdfcreate_malpdf38()CVE-2020-29075Silent DNS trackingCatalog /AA with /WC, /WS, /DS triggersDNS callback without prompt (Acrobat)
test39.pdfcreate_malpdf39()CVE-2022-28244CSP bypassRichMedia annotation with embedded HTML/JSCross-origin request (Acrobat)
test40.pdfcreate_malpdf40()CVE-2018-5158PostScript calculator injection/FunctionType 4 JS injection in image XObjectJS execution in PDF.js worker (Firefox)
test41.pdfcreate_malpdf41()CVE-2018-20065URI without user gesture/OpenAction with /S /URI auto-navigationSilent navigation (PDFium/Chrome)
test42.pdfcreate_malpdf42()CVE-2025-66516XXE OOB parameter entity in XFA%xxe; param entity in /AcroForm /XFA forces DTD fetchServer-side blind XXE (Tika, Confluence, Jira)
test43.pdfcreate_malpdf43()CVE-2025-70401Annotation /T field XSS<img> tag in Text annotation /T (author) fieldXSS callback (Apryse WebViewer, web viewers)
test44.pdfcreate_malpdf44()CVE-2024-12426LibreOffice URL expansion/URI with vnd.sun.star.expand: expands ${HOME}Env var exfiltration (LibreOffice < 24.8.4)
test45.pdfcreate_malpdf45()CVE-2025-59803OCG JS trigger on signing/AA /WP+/DP triggers JS via OCG in sign workflowCallback during signing (Foxit < 2025.2.1)
test46.pdfcreate_malpdf46()CVE-2026-25755jsPDF object injectionBroken JS string + injected /AA /O auto-actionAuto-callback via any viewer (jsPDF < 4.2.0)
test47.pdfcreate_malpdf47()PDF 2.0 specAssociated Files HTML embedHTML via catalog /AF + /EF EmbeddedFileCallback via embedded HTML (PDF 2.0 viewers)
test48.pdfcreate_malpdf48()XFA specXFA SOAP callback<submit method="soap"> with initialize eventSOAP HTTP request (Acrobat XFA engine)

Todo: New test cases

  • Acrobat JS fingerprinting APIs — Add test cases for reconnaissance/fingerprinting APIs used in the April 2026 Adobe 0-day exploit chain (ref): Collab.isDocReadOnly (filesystem probing), app.plugIns (enumerate installed plugins), app.viewerVersion (version fingerprinting)

Todo: Obfuscation methods not yet implemented

  • Empty-password PDF encryption — Encrypt all strings/streams with empty user password. Document opens without prompting but static analysis tools cannot read content. Biggest gap in current obfuscation. Ref: Didier Stevens, How secure is PDF encryption?
  • Object streams (ObjStm) — Hide PDF objects inside compressed stream containers. Simple parsers (including PDFiD without -O flag) miss objects entirely. Ref: PDF spec ISO 32000 §7.5.7
  • getAnnots() code storage — Split JavaScript payload across annotation metadata fields (subject, author). Retrieve at runtime via app.doc.getAnnots()[n].subject and eval. Ref: Julia Wolf - PDF Obfuscation using getAnnots()
  • Info dict data extraction — Store encoded payload in /Info trailer fields (/Title, /Author). Retrieve at runtime via info.Title in JS. Ref: corkami PDF tricks
  • AcroForm field value extraction — Store payload fragments in form field /V values. Retrieve via getField("name").value in JS. Ref: corkami PDF tricks
  • Names tree split execution — Split JavaScript across multiple /Names entries executed sequentially. Ref: corkami PDF tricks
  • Incremental updates after %%EOF — Append new objects/actions after the original %%EOF marker via incremental update. Ref: PDF101 content masking, Didier Stevens
  • JS unescape() encoding — Wrap JS payload in eval(unescape("%61%6C%65%72%74...")). Ref: corkami PDF tricks
  • Fake file headers — Prepend JPEG/HTML/other magic bytes before %PDF- header (spec allows header within first 1024 bytes). Confuses file-type detection. Ref: corkami, Decalage
  • Anti-emulation checks — Detect real Adobe Reader via event.target.zoomType == "FitPage" or global variable type checks before executing payload. Ref: corkami PDF tricks

Won't implement

  • CVE-2023-26369 - Adobe Acrobat TTF font heap OOB write — Requires binary exploitation (heap spray, ROP chains, shellcode). No public PoC. Cannot produce a simple callback.
  • CVE-2021-28550 - Adobe Acrobat Use-After-Free — Requires binary exploitation chain + sandbox escape (CVE-2021-31199/31201). No public PoC. Cannot produce a simple callback.

Star History

Star History Chart

关于 About

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
bugbountybugbounty-toolpdfpdf-generationpenetration-testpenetration-testingpenetrationtestingpentestingpentesting-toolspythonredteamredteamingscanner

语言 Languages

Python100.0%

提交活跃度 Commit Activity

代码提交热力图
过去 52 周的开发活跃度
39
Total Commits
峰值: 22次/周
Less
More

核心贡献者 Contributors