π Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
β4,098Jun 4, 2026Updated last month
Alternatives and similar repositories for malicious-pdf
Users that are interested in malicious-pdf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findinβ¦β7,743Jun 29, 2026Updated last week
- An OOB interaction gathering server and client libraryβ4,422Updated this week
- linWinPwn is a bash script that streamlines the use of a number of Active Directory toolsβ2,187Updated this week
- ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.β5,094Jun 28, 2026Updated last week
- ScareCrow - Payload creation framework designed around EDR bypass.β2,887Aug 18, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean β’ AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.β3,469Jan 19, 2025Updated last year
- A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.β6,668May 27, 2026Updated last month
- Rockyou for web fuzzingβ3,185Mar 11, 2026Updated 3 months ago
- Automation for internal Windows Penetrationtest / AD-Securityβ3,676Aug 28, 2025Updated 10 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,276Aug 14, 2024Updated last year
- One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈβ6,636May 29, 2026Updated last month
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formβ¦β1,175Jun 10, 2024Updated 2 years ago
- Adversary Emulation Frameworkβ11,461Jun 3, 2026Updated last month
- Collection of methodology and test case for various web vulnerabilities.β7,150Jun 25, 2025Updated last year
- Proton VPN Special Offer - Get 70% off β’ AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.β2,108May 21, 2026Updated last month
- Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!β2,680Jun 11, 2026Updated 3 weeks ago
- All about bug bounty (bypasses, payloads, and etc)β6,782Sep 8, 2023Updated 2 years ago
- Privilege Escalation Enumeration Script for Windowsβ3,870Updated this week
- Contextual Content Discovery Toolβ3,214Apr 29, 2024Updated 2 years ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probingβ3,109Mar 7, 2026Updated 3 months ago
- A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.β2,284Apr 24, 2026Updated 2 months ago
- A toolkit for testing, tweaking and cracking JSON Web Tokensβ6,680May 1, 2025Updated last year
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.β4,999Mar 20, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer β’ AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Eβ¦β8,722Mar 21, 2026Updated 3 months ago
- evilginx3 + gophishβ2,006Jun 15, 2024Updated 2 years ago
- Awesome list of step by step techniques to achieve Remote Code Execution on various apps!β1,948Oct 7, 2023Updated 2 years ago
- a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )β2,870Feb 27, 2026Updated 4 months ago
- β1,697Apr 14, 2025Updated last year
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)β1,504Dec 21, 2023Updated 2 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the defaultβ¦β1,651Aug 6, 2022Updated 3 years ago
- A fast, simple, recursive content discovery tool written in Rust.β7,890Apr 15, 2026Updated 2 months ago
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β5,750Feb 8, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- This map lists the essential techniques to bypass anti-virus and EDRβ3,337Mar 28, 2025Updated last year
- HTTP parameter discovery suite.β6,335Feb 20, 2025Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secretsβ1,574Mar 8, 2026Updated 3 months ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivyβs loader does this by β¦β743Aug 18, 2023Updated 2 years ago
- Hidden parameters discovery suiteβ2,074Sep 8, 2024Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,362Aug 7, 2025Updated 10 months ago
- Notes about attacking Jenkins serversβ2,099Jul 10, 2024Updated last year