QRGen is wrote this little script to generate generic Malformed QRCodes. These qrcodes are useful if you want to test some QRCode scanner’s parser or how the application handle QRCode data.

Note: Down side of this tool: you need to manually scan codes with camera.


What to you need:

  • python3
  • qrcode
  • Pillow
  • argparse

Follow the steps;

git clone https://github.com/h0nus/QRGen
cd QRGen
pip3 install -r requirements.txt OR python3 -m pip install -r requirements.txt
python3 qrcode.py
Enjoy attacking QRCodes 😛

Also Read – PeekABoo : Penetration Testing To Enable Remote Desktop On The Targeted Machine


You can change the default wordlists to what you want by passing -w/–wordlist 🙂 Order of default wordlists group:

  • SQL Injection
  • XSS
  • Command Injection
  • Format String
  • XXE
  • String Fuzzing
  • SSI Injection
  • LFI/Directory Traversal
  • custom passed with -w/–wordlist