How to Create Safe PDFs with Viruses for Software Testing
Need to test the integration of your virus scanner? Use these safe PDFs for testing a virus scanner.
PDFs are a common file format, and can be used to spread viruses. When testing software, you may need to perform an integration test to verify the virus scanner.
For the health and safety of your devices and the network that you’re on, DO NOT download files infected with live viruses to test with. (But what if I’m an expert? You’re reading this article, so yah ain’t. Don’t do it.)
In this article, I will show you how to create safe PDFs with viruses and where to download PDFs for virus testing.
WARNING: The methods described in this article are for educational purposes related to white hat testing and should not be used on live systems. Use of these methods may result in damage to your computer or network. I’m not your mama, and I’m not liable for you doing something dumb.
Where to Find Safe EICAR PDFs for Virus Scan Testing
EICAR files are files that have been made to test virus scanners. They are safe to open and will not harm your computer, but are flagged by properly working virus scanners. While they are not harmful, some personal antivirus programs make it difficult to remove the file.
Where to Download EICAR Test Files
- Download the EICAR.ORG txt file
- This GitHub collection of EICAR files
How to Create Safe PDFs for Virus Scan Testing
EICAR files contain a string that the antivirus solution should flag.
That’s fine and lovely, but sometimes you need a PDF with a virus instead. Here’s how to create a testing pdf with a virus for software testing.
We don’t care about receiving a payload, so
Step 0 — Make sure your host computer has an active anti-malware
We’ll be working inside of a VM, but it’s worth double-checking that your machine has some sort of active anti-malware on it.
Step 1 — Create a Kali Linux VM
Kali Linux is an operating system for penetration testers. It comes pre-installed with all sorts of open-source penetration testing tools.
Your exact installation steps will differ, so head to Kali.org and download a virtual machine image.
Spin up your favorite virtual machine software, point it at the Kali image, and boom, bang, you’re a hacker.
(Kali images have the default credentials of kali/kali)
Step 2 — Open the Social Engineering Toolkit
Open the Kali social engineering toolkit that comes pre-loaded on Kali Linux systems, by opening the applications menu (Kali Icon) -> “08 — Exploitation Tools” -> “social engineering toolkit (root)”.
If you’re a command line pro, then open the social engineering toolkit by opening a terminal and running sudo setoolkit
.
Regardless of how you open the program, a terminal window will appear with the tool ready to use.
Step 3 — Make the PDF
Once the Social Engineering Toolkit has loaded and you see the splash screen. You should see the first menu with options.
- Type 1 to select “Social Engineering Attacks”, then press Enter.
- Type 3 to select “Infectious Media Generator”, then press Enter.
- Type 1 to select “File-Format Exploits”, then press Enter.
- Enter your WAN IP address. Use WanIP.info to find your WAN IP address.
- Type 13 to select “Adobe PDF Embedded EXE Social Engineering”, then press Enter.
- We’ll use their blank PDF for this attack, so type “2” and press Enter.
- Type 2 to select “Windows Meterpreter Reverse_TCP”, and press Enter.
- Type your IP Address again, and press enter for the port.
If we were trying to fully test the ability to penetrate a system, we would then start the listener. But since we’re just interested in a PDF with some valid virus, we don’t need to start the listener.
Step 4 — Find the File
Finding the file can be the trickiest part of using some of Kali’s tools.
To find your newly created PDF for virus testing:
- Open a new terminal
- Type
sudo -s
to enter elevated permissions cd /root/.set/autorun
ls
- You should see you .pdf file here. Copy the file to your desktop, and it’s ready to be uploaded to your virus scanner for testing.
New to Medium? Become a member to read more.
Interested in software testing? Follow the Software Testing Pipeline.