pdf-parser.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Examine structure of PDF and look at its contents
Helpful Options:
 -a   stats
 -d   dump stream contents
 -f   pass stream through filter
        FlateDecode
        ASCIIHexDecode
        ASCII85Decode
        LZWDecode
        RunLengthDecode
 -H   hash objects
 -o   select object by ID
 -s   search for string (not streams)
      --searchstream search for string in stream
 -w   raw output from filter

pdfid.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Identify high risk keywords and dictionary entries in a PDF
Helpful Options:
 -d  disarm JavaScript and auto launch
 -e  display extra data
 -f  force scan when missing PDF header
 -p  plugins
 -o  output to file
 -v  verbose

Plugins:
 plugin_triage
    score 1.0 requires further analysis
    score 0.0 if not
 plugin_nameobfuscation
    score 1.0 name obfuscation is used
    score 0.0 if not
 plugin_embeddedfile
    score 0.9 when embedded file present
    score 1.0 name obfuscation also used

base64dump.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Extract encoded strings from file, base64 by default but others available
Helpful Options:
 -a  ascii dump
 -d  dump
 -e  change encoding, base64 default
     bu for backslash unicode (\u)
     pu for percent unicode (%u)
     hex for hexadecimal
 -n  min bytes
 -s  select item
 -S  strings dump
 -w  ignore whitespace
 -x  hex dump

base64

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux
  • Description: Encode or decode base64
Encode:
 $ base64
   paste text here
   ctrl+d

Decode:
 $ base64 -d
   paste text here
   ctrl+d

box-js

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux
  • Description: Analyze JavaScript while emulating Windows runtime components
Helpful Options:
 --download   actually download payload instead of simulating request