The main functionalities of peepdf are the following:
Analysis:
- Decodings: hexadecimal, octal, name objects
- More used filters
- References in objects and where an object is referenced
- Strings search (including streams)
- Physical structure (offsets)
- Logical tree structure
- Metadata
- Modifications between versions (changelog)
- Compressed objects (object streams)
- Analysis and modification of Javascript (PyV8): unescape, replace, join
- Shellcode analysis (Libemu python wrapper, pylibemu)
- Variables (set command)
- Extraction of old versions of the document
- Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>)
- Checking hashes on VirusTotal
Creation/Modification:
- Basic PDF creation
- Creation of PDF with Javascript executed wen the document is opened
- Creation of object streams to compress objects
- Embedded PDFs
- Strings and names obfuscation
- Malformed PDF output: without endobj, garbage in the header, bad header...
- Filters modification
- Objects modification
Execution modes:
- Simple command line execution
- Powerful interactive console (colorized or not)
- Batch mode
TODO:
- Embedded PDFs analysis
- Improving automatic Javascript analysis
- GUI
Fuente: http://www.ehacking.net/2014/03/peepdf-pdf-analysis-tool.html
Entradas
No hay comentarios:
Publicar un comentario