I've wrote this little script to generate generic Malformed QRCodes.
These qrcodes are useful if you want to test some QRCode scanner's parser or how the application handle QRCode data.
Down side of this tool: you need to manually scan codes with camera :(
What to you need:
- python3
- qrcode
- Pillow
- argparse
1 git clone https://github.com/h0nus/QRGen
2 cd QRGen
3 pip3 install -r requirements.txt
OR python3 -m pip install -r requirements.txt
4 python3 qrgen.py
5 Enjoy attacking QRCodes :P
You can change the default wordlists to what you want by passing -w/--wordlist :) Order of default wordlists group:
- SQL Injection
- XSS
- Command Injection
- Format String
- XXE
- String Fuzzing
- SSI Injection
- LFI/Directory Traversal
- custom passed with -w/--wordlist