Directory: /pentest/forensics/pdf-parser
This tool (also a python script) was made by the same author as the pdfid. You can have a basic overview with that and continue to a more detailed analysis with this one. This one will actually parse the PDF file, and identify the elements inside it. It will not actually render the PDF file.
Some commands:
./pdf-parser.py -a msf.pdf - display stats about the file
./pdf-parser.py msf.pdf - print the parsed output
./pdf-parser.py -s Java msf.pdf - search for the string Java in the PDF and will display the full object where it was found
./pdf-parser.py -o 5 msf.pdf - display only object with ID 5
./pdf-parser.py -o 5 -f msf.pdf - display only object with ID 5, and apply filter (only FlateDecode is supported)
./pdf-parser.py -r 5 msf.pdf - display objects that reference object with ID 5.
Display stats:
Display object 5:
Apply filter to object 5, which reveals the JavaScript, we can see that it's obfuscated:
Check which object reference object with ID 5, which is object 4:
Official website: http://blog.didierstevens.com/programs/pdf-tools/
No comments:
Post a Comment