pdfid.py

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Identify high risk keywords and dictionary entries in a PDF
Helpful Options:
 -d  disarm JavaScript and auto launch
 -e  display extra data
 -f  force scan when missing PDF header
 -p  plugins
 -o  output to file
 -v  verbose

Plugins:
 plugin_triage
    score 1.0 requires further analysis
    score 0.0 if not
 plugin_nameobfuscation
    score 1.0 name obfuscation is used
    score 0.0 if not
 plugin_embeddedfile
    score 0.9 when embedded file present
    score 1.0 name obfuscation also used