π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
β4,040Jun 4, 2026Updated last week
Alternatives and similar repositories for malicious-pdf
Users that are interested in malicious-pdf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,687May 15, 2026Updated last month
- An OOB interaction gathering server and client libraryβ4,376May 25, 2026Updated 3 weeks ago
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,181May 18, 2026Updated 3 weeks ago
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β5,065Updated this week
- ScareCrow - Payload creation framework designed around EDR bypass.β2,885Aug 18, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean β’ AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.β3,467Jan 19, 2025Updated last year
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.β6,644May 27, 2026Updated 2 weeks ago
- Rockyou for web fuzzingβ3,166Mar 11, 2026Updated 3 months ago
- Automation for internal Windows Penetrationtest / AD-Securityβ3,672Aug 28, 2025Updated 9 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,257Aug 14, 2024Updated last year
- One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈβ6,600May 29, 2026Updated 2 weeks ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,162Jun 10, 2024Updated 2 years ago
- Adversary Emulation Frameworkβ11,362Jun 3, 2026Updated last week
- Collection of methodology and test case for various web vulnerabilities.β7,145Jun 25, 2025Updated 11 months ago
- Deploy open-source AI quickly and easily - Special Bonus Offer β’ AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.β2,092May 21, 2026Updated 3 weeks ago
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,666Updated this week
- All about bug bounty (bypasses, payloads, and etc)β6,764Sep 8, 2023Updated 2 years ago
- Privilege Escalation Enumeration Script for Windowsβ3,857Apr 29, 2026Updated last month
- Contextual Content Discovery Toolβ3,194Apr 29, 2024Updated 2 years ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,100Mar 7, 2026Updated 3 months ago
- A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.β2,277Apr 24, 2026Updated last month
- A toolkit for testing, tweaking and cracking JSON Web Tokensβ6,636May 1, 2025Updated last year
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,970Mar 20, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient β’ AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,694Mar 21, 2026Updated 2 months ago
- evilginx3 + gophishβ2,000Jun 15, 2024Updated 2 years ago
- Awesome list of step by step techniques to achieve Remote Code Execution on various apps!β1,948Oct 7, 2023Updated 2 years ago
- a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )β2,856Feb 27, 2026Updated 3 months ago
- β1,691Apr 14, 2025Updated last year
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)β1,505Dec 21, 2023Updated 2 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the defaultβ¦β1,652Aug 6, 2022Updated 3 years ago
- A fast, simple, recursive content discovery tool written in Rust.β7,842Apr 15, 2026Updated 2 months ago
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β5,730Feb 8, 2025Updated last year
- Simple, predictable pricing with DigitalOcean hosting β’ AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- This map lists the essential techniques to bypass anti-virus and EDRβ3,281Mar 28, 2025Updated last year
- HTTP parameter discovery suite.β6,270Feb 20, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,565Mar 8, 2026Updated 3 months ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivyβs loader does this by β¦β744Aug 18, 2023Updated 2 years ago
- Hidden parameters discovery suiteβ2,064Sep 8, 2024Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,356Aug 7, 2025Updated 10 months ago
- Notes about attacking Jenkins serversβ2,099Jul 10, 2024Updated last year