Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
aespython		aespython
colorama		colorama
docs		docs
fonts		fonts
jsbeautifier		jsbeautifier
pdfcrack		pdfcrack
pdfminer		pdfminer
redactDict		redactDict
stanfordParser		stanfordParser
JSAnalysis.py		JSAnalysis.py
LICENSE		LICENSE
PDFConsole.py		PDFConsole.py
PDFCore.py		PDFCore.py
PDFCrypto.py		PDFCrypto.py
PDFFilters.py		PDFFilters.py
PDFUtils.py		PDFUtils.py
README.md		README.md
aes.py		aes.py
ccitt.py		ccitt.py
extractJavaScript.py		extractJavaScript.py
html.py		html.py
jjdecode.py		jjdecode.py
lzw.py		lzw.py
mPDF.py		mPDF.py
makeEmbedded.py		makeEmbedded.py
makeJavaScript.py		makeJavaScript.py
paranoiDF.py		paranoiDF.py
pdf2txt.py		pdf2txt.py
peepdf.dtd		peepdf.dtd
redact.py		redact.py

Repository files navigation

ParanoiDF

The swiss army knife of PDF Analysis Tools.

Home Page

https://github.com/patrickdw123/ParanoiDF
patrickdw123(at)gmail(dot)com
Linkedin - search for Patrick Wragg.

Features

See https://github.com/patrickdw123/ParanoiDF/wiki.

Dependances

In order to crack passwords:
- PdfCrack needed (apt-get install pdfcrack)
In order to remove DRM (editing, copying Etc.):
- Calibre's ebook-convert needed (apt-get install calibre)
In order to decrypt PDFs:
- qpdf needed (apt-get install qpdf)
In order to use the command redact:
- NLTK (Natural Language ToolKit) needed (apt-get install python-nltk)
- Java (Stanford parser is written in Java) needed (apt-get install default-jre)
To support XML output "lxml" is needed:
- http://lxml.de/installation.html
Included modules: lzw, colorama, jsbeautifier, ccitt, pythonaes (Thanks to all the developers!!)

Installation

No installation is needed apart of the commented dependencies, just execute:

python paranoiDF.py

Execution

There are two important options when ParanoidF is executed:

-f: Ignores the parsing errors. Analysing malicious files propably leads to parsing errors, so this parameter should be set. -l: Sets the loose mode, so does not search for the endobj tag because it's not obligatory. Helpful with malformed files.

Simple execution

Shows the statistics of the file after being decoded/decrypted and analysed:

python paranoiDF.py [options] pdf_file

Interactive console

Executes the interactive console, giving a wide range of tools to play with.

python paranoiDF.py -i

Batch execution

It's possible to use a commands file to specify the commands to be executed in the batch mode. This type of execution is good to automatise analysis of several files:

python paranoiDF.py [options] -s commands_file

Some Hints

If the information shown when a PDF file is parsed is not enough to know if it's harmful or not, the following commands can help to do it:

tree

Shows the tree graph of the file or specified version. Here we can see suspicious elements.

offsets

Shows the physical map of the file or the specified version of the document. This is helpful to see unusual big objects or big spaces between objects.

search

Search the specified string or hexadecimal string in the objects (decoded and encrypted streams included).

object/rawobject

Shows the (raw) content of the object.

stream/rawstream

Shows the (raw) content of the stream.

TODO

Refine and test redaction thresholds.
Digital Signatures.

Bugs

Feel free to send bugs/criticisms/praises/comments to patrickdw123(at)gmail(dot)com.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ParanoiDF

Home Page

Features

Dependances

Installation

Execution

Some Hints

TODO

Bugs

About

Releases

Packages

Languages

License

swappy8088/ParanoiDF

Folders and files

Latest commit

History

Repository files navigation

ParanoiDF

Home Page

Features

Dependances

Installation

Execution

Some Hints

TODO

Bugs

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages