Peepdf

From aldeid
Jump to navigation Jump to search

Description

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not.

Some of the peepdf features:

  • can list objects in the PDF file
  • supports many common filters and encodings
  • can parse different versions of a file, object streams and encrypted files
  • provides Javascript and shellcode analysis wrappers (provided PyV8 and Pylibemu are installed)
  • can create new PDF files or modify/obfuscate a PDF.

Installation

Prerequisites

lxml

$ sudo aptitude install python-lxml

PyV8

Info.png
Note
This optional package is only available for Windows

pylibemu

First install libemu. Then install setuptools, required for the installation of pylibemu:

$ sudo aptitude install python-setuptools

At last, install pylibemu:

$ git clone https://github.com/buffer/pylibemu.git
$ python setup.py build
$ sudo python setup.py install

Installation of peepdf

$ wget http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.tar.gz
$ tar xzvf peepdf_0.2-BlackHatVegas.tar.gz
$ cd peepdf_0.2-BlackHatVegas/

Usage

Syntax

Usage: ./peepdf.py [options] PDF_file

Options

-h, --help
show this help message and exit
-i, --interactive
Sets console mode.
-s SCRIPTFILE, --load-script=SCRIPTFILE
Loads the commands stored in the specified file and execute them.
-f, --force-mode
Sets force parsing mode to ignore errors.
-l, --loose-mode
Sets loose parsing mode to catch malformed objects.
-u, --update
Updates peepdf with the latest files from the repository.
-g, --grinch-mode
Avoids colorized output in the interactive console.
-v, --version
Shows program's version number.
-x, --xml
Shows the document information in XML format.

Example

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Comments

blog comments powered by Disqus