Analysis updated 2026-07-03
Test whether a web application that accepts PDF uploads is vulnerable to server-side request forgery by checking which generated files phone home to your test server.
Check a PDF viewer or converter against a list of named CVEs by generating the test files and watching for callbacks to your Burp Collaborator endpoint.
Test whether security tools and static analysis products detect PDF-based payloads at different obfuscation levels using the built-in four-level obfuscation option.
| jonaslejon/malicious-pdf | boris-code/feapder | canonical/cloud-init | |
|---|---|---|---|
| Stars | 3,686 | 3,686 | 3,687 |
| Language | Python | Python | Python |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 2/5 | 3/5 | 3/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires a server you control such as a Burp Collaborator or Interact.sh instance to receive callbacks from the generated PDFs.
Malicious PDF Generator is a Python tool that creates a collection of specially crafted PDF files for security testing. It is designed for penetration testers, bug bounty hunters, and security researchers who need to check whether a PDF viewer, web application, or document processing service is vulnerable to various PDF-based attacks. The README notes it is intended for educational and professional use only. Running the tool requires passing a URL to a server you control, such as a Burp Collaborator endpoint or an Interact.sh instance. The tool then generates around 70 test PDF files, each designed to trigger a different type of potentially dangerous behavior when opened or processed. These behaviors include making outbound network requests back to your server (useful for detecting server-side request forgery), leaking Windows NTLM credentials over a network connection, injecting JavaScript into PDF viewers, submitting form data to an external URL, loading remote files, and various XML external entity attacks. The tool includes an obfuscation option with four levels. At the default level, payloads are written plainly. Higher levels progressively obscure the content using techniques like hex encoding, bracket notation in JavaScript, and compression, which can help test whether security products or static analysis tools detect the payloads. The test matrix in the README maps each generated file to a specific attack technique and in many cases to a named CVE, making it straightforward to trace a callback hit back to the exact mechanism that triggered it. PDF viewers and converters from Adobe, Foxit, and browser-embedded renderers are among the targets represented in the test cases. Installation is via pip and the tool runs from the command line. Output files are written to a local directory.
A Python command-line tool that generates about 70 specially crafted PDF test files, each targeting a different known attack technique, so security testers can check whether a PDF viewer or document processing service is vulnerable.
Mainly Python. The stack also includes Python.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.