π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
β3,665Apr 20, 2026Updated last week
Alternatives and similar repositories for malicious-pdf
Users that are interested in malicious-pdf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,481Updated this week
- An OOB interaction gathering server and client libraryβ4,291Apr 22, 2026Updated last week
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,172Mar 8, 2026Updated last month
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β4,945Updated this week
- ScareCrow - Payload creation framework designed around EDR bypass.β2,879Aug 18, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.β3,451Jan 19, 2025Updated last year
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.β6,596Jan 18, 2026Updated 3 months ago
- Rockyou for web fuzzingβ3,133Mar 11, 2026Updated last month
- Automation for internal Windows Penetrationtest / AD-Securityβ3,657Aug 28, 2025Updated 8 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,182Aug 14, 2024Updated last year
- One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈβ6,498Apr 12, 2026Updated 2 weeks ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,141Jun 10, 2024Updated last year
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.β2,064Jul 12, 2025Updated 9 months ago
- Collection of methodology and test case for various web vulnerabilities.β7,104Jun 25, 2025Updated 10 months ago
- Virtual machines for every use case on DigitalOcean β’ AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Adversary Emulation Frameworkβ11,081Apr 22, 2026Updated last week
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,613Mar 8, 2026Updated last month
- All about bug bounty (bypasses, payloads, and etc)β6,705Sep 8, 2023Updated 2 years ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,056Mar 7, 2026Updated last month
- Privilege Escalation Enumeration Script for Windowsβ3,819Apr 16, 2026Updated last week
- A toolkit for testing, tweaking and cracking JSON Web Tokensβ6,500May 1, 2025Updated 11 months ago
- Contextual Content Discovery Toolβ3,158Apr 29, 2024Updated 2 years ago
- A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.β2,229Updated this week
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,907Mar 20, 2026Updated last month
- Managed Database hosting by DigitalOcean β’ AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )β2,802Feb 27, 2026Updated 2 months ago
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,567Mar 21, 2026Updated last month
- Awesome list of step by step techniques to achieve Remote Code Execution on various apps!β1,945Oct 7, 2023Updated 2 years ago
- β1,682Apr 14, 2025Updated last year
- evilginx3 + gophishβ1,988Jun 15, 2024Updated last year
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)β1,503Dec 21, 2023Updated 2 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the defaultβ¦β1,639Aug 6, 2022Updated 3 years ago
- A fast, simple, recursive content discovery tool written in Rust.β7,690Apr 15, 2026Updated last week
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β5,639Feb 8, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,543Mar 8, 2026Updated last month
- This map lists the essential techniques to bypass anti-virus and EDRβ3,236Mar 28, 2025Updated last year
- Hidden parameters discovery suiteβ2,047Sep 8, 2024Updated last year
- HTTP parameter discovery suite.β6,209Feb 20, 2025Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,339Aug 7, 2025Updated 8 months ago
- Notes about attacking Jenkins serversβ2,092Jul 10, 2024Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,821May 22, 2024Updated last year