How to Create Safe PDFs with Viruses for Software Testing

Need to test the integration of your virus scanner? Use these safe PDFs for testing a virus scanner.

Hales
Software Testing Pipeline
4 min readNov 9, 2022

--

A software developer’s computer screen while programming. The left side shows an IDE and the right shows a terminal with glasses. These are used to create safe PDFs for virus testing in 2022.
Photo by Alex Chumak on Unsplash

PDFs are a common file format, and can be used to spread viruses. When testing software, you may need to perform an integration test to verify the virus scanner.

For the health and safety of your devices and the network that you’re on, DO NOT download files infected with live viruses to test with. (But what if I’m an expert? You’re reading this article, so yah ain’t. Don’t do it.)

In this article, I will show you how to create safe PDFs with viruses and where to download PDFs for virus testing.

WARNING: The methods described in this article are for educational purposes related to white hat testing and should not be used on live systems. Use of these methods may result in damage to your computer or network. I’m not your mama, and I’m not liable for you doing something dumb.

Where to Find Safe EICAR PDFs for Virus Scan Testing

EICAR files are files that have been made to test virus scanners. They are safe to open and will not harm your computer, but are flagged by properly working virus scanners. While they are not harmful, some personal antivirus programs make it difficult to remove the file.

Where to Download EICAR Test Files

How to Create Safe PDFs for Virus Scan Testing

EICAR files contain a string that the antivirus solution should flag.

That’s fine and lovely, but sometimes you need a PDF with a virus instead. Here’s how to create a testing pdf with a virus for software testing.

We don’t care about receiving a payload, so

Step 0 — Make sure your host computer has an active anti-malware

We’ll be working inside of a VM, but it’s worth double-checking that your machine has some sort of active anti-malware on it.

Step 1 — Create a Kali Linux VM

Kali Linux is an operating system for penetration testers. It comes pre-installed with all sorts of open-source penetration testing tools.

Your exact installation steps will differ, so head to Kali.org and download a virtual machine image.

Spin up your favorite virtual machine software, point it at the Kali image, and boom, bang, you’re a hacker.

(Kali images have the default credentials of kali/kali)

Step 2 — Open the Social Engineering Toolkit

A screenshot of the Kali OS, with the path for how to open the social engineering toolkit within Kali. White text on a black background.
Find and open the Kali program ‘social engineering toolkit’. Screenshot by author.

Open the Kali social engineering toolkit that comes pre-loaded on Kali Linux systems, by opening the applications menu (Kali Icon) -> “08 — Exploitation Tools” -> “social engineering toolkit (root)”.

If you’re a command line pro, then open the social engineering toolkit by opening a terminal and running sudo setoolkit.

Regardless of how you open the program, a terminal window will appear with the tool ready to use.

Step 3 — Make the PDF

A screenshot of the Social-Engineer toolkit (SET) on Kali Linux when creating PDFs with a virus for integration testing.
The splash page for the Social-Engineer Toolkit (or SET). Screenshot by author.

Once the Social Engineering Toolkit has loaded and you see the splash screen. You should see the first menu with options.

Screenshot of using the social engineer toolkit on Kali linux. White text on a black background.
Select ‘1’ when you see this menu. Screenshot by author.
  1. Type 1 to select “Social Engineering Attacks”, then press Enter.
  2. Type 3 to select “Infectious Media Generator”, then press Enter.
  3. Type 1 to select “File-Format Exploits”, then press Enter.
  4. Enter your WAN IP address. Use WanIP.info to find your WAN IP address.
  5. Type 13 to select “Adobe PDF Embedded EXE Social Engineering”, then press Enter.
  6. We’ll use their blank PDF for this attack, so type “2” and press Enter.
  7. Type 2 to select “Windows Meterpreter Reverse_TCP”, and press Enter.
  8. Type your IP Address again, and press enter for the port.

If we were trying to fully test the ability to penetrate a system, we would then start the listener. But since we’re just interested in a PDF with some valid virus, we don’t need to start the listener.

Photo by Headway on Unsplash

Step 4 — Find the File

Finding the file can be the trickiest part of using some of Kali’s tools.

To find your newly created PDF for virus testing:

  1. Open a new terminal
  2. Type sudo -sto enter elevated permissions
  3. cd /root/.set/autorun
  4. ls
  5. You should see you .pdf file here. Copy the file to your desktop, and it’s ready to be uploaded to your virus scanner for testing.

--

--

Software Testing Pipeline
Software Testing Pipeline

Published in Software Testing Pipeline

Tech has a pipeline problem. We’re here to reduce the hurdles for people who want to start a career in tech. Learn about software testing and software quality assurance.

Hales
Hales

Written by Hales

QA Engineer. Nerd Extraordinaire. Lover of opossums.

Responses (1)