pdfid Package Description
This tool is not a PDF parser, but it will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened. PDFiD will also handle name obfuscation.
The idea is to use this tool first to triage PDF documents, and then analyze the suspicious ones with my pdf-parser.
An important design criterium for this program is simplicity. Parsing a PDF document completely requires a very complex program, and hence it is bound to contain many (security) bugs. To avoid the risk of getting exploited, I decided to keep this program very simple (it is even simpler than pdf-parser.py).
Source: http://blog.didierstevens.com/programs/pdf-tools/
pdfid Homepage | Kali pdfid Repo
- Author: Didier Stevens
- License: None
Tools included in the pdfid package
pdfid – Scans PDF files for certain PDF keywords
[email protected]:~# pdfid -h
Usage: pdfid [options] [pdf-file]
Tool to test a PDF file
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-s, --scan scan the given directory
-a, --all display all the names
-e, --extra display extra data, like dates
-f, --force force the scan of the file, even without proper %PDF header
-d, --disarm disable JavaScript and auto launch
pdfid Usage Example
[email protected]:~# pdfid /usr/share/doc/texmf/fonts/lm/lm-info.pdf
PDFiD 0.0.12 /usr/share/doc/texmf/fonts/lm/lm-info.pdf
PDF Header: %PDF-1.4
obj 526
endobj 526
stream 151
endstream 151
xref 1
trailer 1
startxref 1
/Page 26
/Encrypt 0
/ObjStm 0
/JS 0
/JavaScript 0
/AA 0
/OpenAction 0
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Launch 0
/EmbeddedFile 0
/Colors > 2^24 0