# jonaslejon/malicious-pdf

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/jonaslejon-malicious-pdf).**

4,070 stars · 529 forks · Python · BSD-2-Clause

## Links

- GitHub: https://github.com/jonaslejon/malicious-pdf
- awesome-repositories: https://awesome-repositories.com/repository/jonaslejon-malicious-pdf.md

## Topics

`bugbounty` `bugbounty-tool` `pdf` `pdf-generation` `penetration-test` `penetration-testing` `penetrationtesting` `pentesting` `pentesting-tools` `python` `redteam` `redteaming` `scanner`

## Description

This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities.

The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vectors, such as credential theft and remote execution, to facilitate security verification.

The system supports the assembly of automated file suites and the organization of attack vectors into modular libraries. It utilizes template-based generation and payload-driven synthesis to construct documents that identify security gaps in PDF processing logic and document converters.

## Tags

### Security & Cryptography

- [PDF Security Testing](https://awesome-repositories.com/f/security-cryptography/pdf-security-testing.md) — Creates documents with specific payloads to check if PDF viewers and web applications handle vulnerabilities safely.
- [Attack Vector Libraries](https://awesome-repositories.com/f/security-cryptography/attack-vector-libraries.md) — Organizes vulnerability tests into discrete categories like remote execution and credential theft.
- [Malware Analysis](https://awesome-repositories.com/f/security-cryptography/malware-analysis.md) — Generates files with common attack vectors to verify if security scanners can detect concealed threats.
- [Payload Obfuscators](https://awesome-repositories.com/f/security-cryptography/payload-obfuscation/executable-obfuscators/payload-obfuscators.md) — Provides a utility for encoding and hiding malicious content within documents to evaluate security scanners.
- [Multi-Technique Obfuscation Engines](https://awesome-repositories.com/f/security-cryptography/payload-obfuscation/multi-technique-obfuscation-engines.md) — Implements multi-stage encoding and layering techniques to bypass security scanner detection.
- [Vulnerability Research](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/vulnerability-research.md) — Implements a workflow for building specialized file suites to research remote execution and credential theft.
- [Penetration Testing Suites](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team/offensive-security-frameworks/penetration-testing-suites.md) — Provides a suite of tools to identify security gaps in PDF processing logic.
- [Security Payload Generators](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/exploit-development-utilities/payload-creation-tools/security-payload-generators.md) — Crafts specific attack vectors such as credential theft and remote execution for security verification.
- [Document Vulnerability Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-testing-tools/wps-vulnerability-testing/document-vulnerability-testing.md) — Generates PDF files containing specific payloads to test how viewers handle common security vulnerabilities. ([source](https://github.com/jonaslejon/malicious-pdf/blob/main/.gitignore))

### Content Management & Publishing

- [PDF Generation Tools](https://awesome-repositories.com/f/content-management-publishing/content-processing-transformation/document-processing-conversion/document-processing-tools/format-conversion-toolkits/pdf-generation-tools.md) — Generates PDF files with embedded payloads to test the resilience of document viewers.
- [Adversarial Document Generation](https://awesome-repositories.com/f/content-management-publishing/pdf-document-generation/adversarial-document-generation.md) — Creates PDF documents containing common attack vectors to verify viewer and application resilience. ([source](https://github.com/jonaslejon/malicious-pdf#readme))

### Networking & Communication

- [Document Synthesis](https://awesome-repositories.com/f/networking-communication/request-payloads/execution-payload-tracing/adversarial-payload-execution/bash-driven-payloads/document-synthesis.md) — Constructs PDF files by combining vulnerability strings with valid file format specifications.

### Testing & Quality Assurance

- [PDF Fuzzing Frameworks](https://awesome-repositories.com/f/testing-quality-assurance/pdf-fuzzing-frameworks.md) — Provides a system for creating a wide range of malformed PDF documents to identify vulnerabilities in parsing libraries.
- [Automated Test Suites](https://awesome-repositories.com/f/testing-quality-assurance/automated-test-suites.md) — Provides capabilities to group individual test cases into collections for batch testing document converters.
- [Security Detection Test Suites](https://awesome-repositories.com/f/testing-quality-assurance/automated-test-suites/security-detection-test-suites.md) — Creates collections of specialized PDF files to test for vulnerabilities like credential theft in document converters. ([source](https://github.com/jonaslejon/malicious-pdf/blob/main/CHANGELOG.md))

### User Interface & Experience

- [Payload Injection Templates](https://awesome-repositories.com/f/user-interface-experience/ui-template-customization/pdf-template-management/payload-injection-templates.md) — Creates documents by injecting specific attack payloads into pre-defined PDF structure templates.