π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
β3,685Apr 20, 2026Updated last month
Alternatives and similar repositories for malicious-pdf
Users that are interested in malicious-pdf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,561Updated this week
- An OOB interaction gathering server and client libraryβ4,321Updated this week
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,176Updated this week
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β4,985Updated this week
- ScareCrow - Payload creation framework designed around EDR bypass.β2,878Aug 18, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI β’ AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.β3,457Jan 19, 2025Updated last year
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.β6,612Jan 18, 2026Updated 4 months ago
- Rockyou for web fuzzingβ3,154Mar 11, 2026Updated 2 months ago
- Automation for internal Windows Penetrationtest / AD-Securityβ3,663Aug 28, 2025Updated 8 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,233Aug 14, 2024Updated last year
- One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈβ6,534Apr 12, 2026Updated last month
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,146Jun 10, 2024Updated last year
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.β2,076Jul 12, 2025Updated 10 months ago
- Collection of methodology and test case for various web vulnerabilities.β7,114Jun 25, 2025Updated 10 months ago
- Managed Kubernetes at scale on DigitalOcean β’ AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Adversary Emulation Frameworkβ11,206May 7, 2026Updated last week
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,635Mar 8, 2026Updated 2 months ago
- All about bug bounty (bypasses, payloads, and etc)β6,729Sep 8, 2023Updated 2 years ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,079Mar 7, 2026Updated 2 months ago
- Privilege Escalation Enumeration Script for Windowsβ3,834Apr 29, 2026Updated 3 weeks ago
- Contextual Content Discovery Toolβ3,175Apr 29, 2024Updated 2 years ago
- A toolkit for testing, tweaking and cracking JSON Web Tokensβ6,531May 1, 2025Updated last year
- A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.β2,252Apr 24, 2026Updated 3 weeks ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,937Mar 20, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Awesome list of step by step techniques to achieve Remote Code Execution on various apps!β1,947Oct 7, 2023Updated 2 years ago
- a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )β2,823Feb 27, 2026Updated 2 months ago
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,652Mar 21, 2026Updated last month
- β1,690Apr 14, 2025Updated last year
- evilginx3 + gophish�β1,990Jun 15, 2024Updated last year
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)β1,505Dec 21, 2023Updated 2 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the defaultβ¦β1,647Aug 6, 2022Updated 3 years ago
- A fast, simple, recursive content discovery tool written in Rust.β7,732Apr 15, 2026Updated last month
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β5,668Feb 8, 2025Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,554Mar 8, 2026Updated 2 months ago
- This map lists the essential techniques to bypass anti-virus and EDRβ3,255Mar 28, 2025Updated last year
- Hidden parameters discovery suiteβ2,056Sep 8, 2024Updated last year
- HTTP parameter discovery suite.β6,229Feb 20, 2025Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,341Aug 7, 2025Updated 9 months ago
- Notes about attacking Jenkins serversβ2,095Jul 10, 2024Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,829May 22, 2024Updated last year