You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add 11 new PDF XSS test cases from PortSwigger research
Add test18-test28 covering annotation URI injection, PV/PC/E
auto-execution triggers, SubmitForm with SubmitPDF flag, JS
submitForm() API, Chrome widget button/text field injection,
getPageNthWord() content extraction, hybrid Acrobat/Chrome
payloads, and URL hijacking. Also consolidate scheme validation
into shared KNOWN_SCHEMES, default output to output/ directory,
and update header and help text.
Source: https://portswigger.net/research/portable-data-exfiltration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: README.md
+14-2Lines changed: 14 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@
4
4
5
5
# Malicious PDF Generator ☠️
6
6
7
-
Generate eighteen different malicious PDF files with phone-home functionality. Can be used with [Burp Collaborator](https://portswigger.net/burp/documentation/collaborator) or [Interact.sh](https://github.com/projectdiscovery/interactsh)
7
+
Generate twenty-nine different malicious PDF files with phone-home functionality. Can be used with [Burp Collaborator](https://portswigger.net/burp/documentation/collaborator) or [Interact.sh](https://github.com/projectdiscovery/interactsh)
8
8
9
9
Used for penetration testing and/or red-teaming etc. I created this tool because I needed a tool to generate a bunch of PDF files with various links. Educational and professional purposes only.
10
10
@@ -15,7 +15,7 @@ pip install -r requirements.txt
15
15
python3 malicious-pdf.py burp-collaborator-url
16
16
```
17
17
18
-
Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current directory.
18
+
Output will be written to the `output/` directory as: test1.pdf, test2.pdf, test3.pdf etc.
19
19
20
20
## Complete Test Matrix
21
21
@@ -39,6 +39,17 @@ Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current di
| test16.pdf |`create_malpdf16()`| PDF specification | JavaScript via GotoE |`/GoToE` with `javascript:` URI | Browser XSS when PDF embedded via `<embed>`/`<object>`|
| test20.pdf |`create_malpdf20()`| PortSwigger research | PC close trigger |`/AA /PC` annotation fires JS on page close | Code execution on close (Acrobat) |
45
+
| test21.pdf |`create_malpdf21()`| PortSwigger research | SubmitForm SubmitPDF |`/SubmitForm` with Flags 256 sends entire PDF | Full PDF content exfiltration |
46
+
| test22.pdf |`create_malpdf22()`| PortSwigger research | JS submitForm() |`this.submitForm()` with `cSubmitAs: "PDF"`| PDF content submission (Acrobat) |
| test24.pdf |`create_malpdf24()`| PortSwigger research | Text field SSRF | Widget `/Tx` field with `submitForm()` POST | Blind SSRF via form data |
49
+
| test25.pdf |`create_malpdf25()`| PortSwigger research | Content extraction |`getPageNthWord()` reads all text and exfiltrates | Rendered text exfiltration |
50
+
| test26.pdf |`create_malpdf26()`| PortSwigger research | Mouseover trigger |`/AA /E` annotation fires JS on mouse enter | Code execution on hover (PDFium) |
51
+
| test27.pdf |`create_malpdf27()`| PortSwigger research | Hybrid payload | JS OpenAction + Widget button in single PDF | Targets both Acrobat and Chrome |
52
+
| test28.pdf |`create_malpdf28()`| PortSwigger research | URL hijacking | Unescaped parens inject new `/URI` action | Click redirection via PDF-Lib/jsPDF |
42
53
43
54
## Purpose
44
55
- Test web pages/services accepting PDF files
@@ -59,6 +70,7 @@ Output will be written as: test1.pdf, test2.pdf, test3.pdf etc in the current di
59
70
-[PDF - Mess with the web - FormCalc header injection](https://insert-script.blogspot.com/2015/05/pdf-mess-with-web.html)
60
71
-[Adobe Reader PDF - Client Side Request Injection](https://insert-script.blogspot.com/2018/05/adobe-reader-pdf-client-side-request.html)
61
72
-[ImageMagick - Shell injection via PDF password](https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html)
73
+
-[Portable Data Exfiltration - PortSwigger Research](https://portswigger.net/research/portable-data-exfiltration)
0 commit comments