π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
β3,702Apr 20, 2026Updated last month
Alternatives and similar repositories for malicious-pdf
Users that are interested in malicious-pdf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,650May 15, 2026Updated last week
- An OOB interaction gathering server and client libraryβ4,332Updated this week
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,177May 18, 2026Updated last week
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β4,998Updated this week
- ScareCrow - Payload creation framework designed around EDR bypass.β2,881Aug 18, 2023Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.β3,460Jan 19, 2025Updated last year
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.β6,618Jan 18, 2026Updated 4 months ago
- Rockyou for web fuzzingβ3,157Mar 11, 2026Updated 2 months ago
- Automation for internal Windows Penetrationtest / AD-Securityβ3,664Aug 28, 2025Updated 8 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,243Aug 14, 2024Updated last year
- One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈβ6,540Apr 12, 2026Updated last month
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,151Jun 10, 2024Updated last year
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.β2,079Updated this week
- Collection of methodology and test case for various web vulnerabilities.β7,122Jun 25, 2025Updated 11 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Adversary Emulation Frameworkβ11,254May 7, 2026Updated 2 weeks ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,644Mar 8, 2026Updated 2 months ago
- All about bug bounty (bypasses, payloads, and etc)β6,742Sep 8, 2023Updated 2 years ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,088Mar 7, 2026Updated 2 months ago
- Privilege Escalation Enumeration Script for Windows��β3,842Apr 29, 2026Updated 3 weeks ago
- Contextual Content Discovery Toolβ3,180Apr 29, 2024Updated 2 years ago
- A toolkit for testing, tweaking and cracking JSON Web Tokensβ6,542May 1, 2025Updated last year
- A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.β2,258Apr 24, 2026Updated last month
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,950Mar 20, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Awesome list of step by step techniques to achieve Remote Code Execution on various apps!β1,947Oct 7, 2023Updated 2 years ago
- a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )β2,834Feb 27, 2026Updated 3 months ago
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,667Mar 21, 2026Updated 2 months ago
- β1,691Apr 14, 2025Updated last year
- evilginx3 + gophishβ1,993Jun 15, 2024Updated last year
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)β1,505Dec 21, 2023Updated 2 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the defaultβ¦β1,647Aug 6, 2022Updated 3 years ago
- A fast, simple, recursive content discovery tool written in Rust.β7,786Apr 15, 2026Updated last month
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β5,707Feb 8, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer β’ AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,554Mar 8, 2026Updated 2 months ago
- This map lists the essential techniques to bypass anti-virus and EDRβ3,261Mar 28, 2025Updated last year
- Hidden parameters discovery suiteβ2,059Sep 8, 2024Updated last year
- HTTP parameter discovery suite.β6,244Feb 20, 2025Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,344Aug 7, 2025Updated 9 months ago
- Notes about attacking Jenkins serversβ2,096Jul 10, 2024Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,835May 22, 2024Updated 2 years ago