kali工具箱

peepdf Package Description

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it is able to create new PDF files, modify existent ones and obfuscate them.

Source: http://eternal-todo.com/tools/peepdf-pdf-analysis-tool
peepdf Homepage | Kali peepdf Repo

Author: Jose Miguel Esparza
License: GPLv3

Tools included in the peepdf package

peepdf – PDF analysis tool

[email protected]:~# peepdf -h

Usage: /usr/bin/peepdf [options] PDF_file



Version: peepdf 0.2 r183



Options:

  -h, --help            show this help message and exit

  -i, --interactive     Sets console mode.

  -s SCRIPTFILE, --load-script=SCRIPTFILE

                        Loads the commands stored in the specified file and

                        execute them.

  -f, --force-mode      Sets force parsing mode to ignore errors.

  -l, --loose-mode      Sets loose parsing mode to catch malformed objects.

  -u, --update          Updates peepdf with the latest files from the

                        repository.

  -g, --grinch-mode     Avoids colorized output in the interactive console.

  -v, --version         Shows program's version number.

  -x, --xml             Shows the document information in XML format.

peepdf Usage Example

Use XML format (-x) to display information about the PDF file (/usr/share/doc/texmf/fonts/lm/lm-info.pdf):

[email protected]:~# peepdf -x /usr/share/doc/texmf/fonts/lm/lm-info.pdf 

<peepdf_analysis url="http://peepdf.eternal-todo.com" version="0.2 r183" author="Jose Miguel Esparza">

  <date>2014-05-16 12:22</date>

  <basic>

    <filename>lm-info.pdf</filename>

    <md5>26c07d35ad8b5a0e402b2481ae03ffed</md5>

    <sha1>4f5284d0a128a53e405e13f9b958ab19dc09be5c</sha1>

    <sha256>5907f59e368762a3a2858a6826aab019d0accb367f1b8cc6062d472635579fe6</sha256>

    <size>900836</size>

    <pdf_version>1.4</pdf_version>

    <binary status="true"/>

    <linearized status="false"/>

    <encrypted status="false"/>

    <updates>0</updates>

    <num_objects>526</num_objects>

    <num_streams>151</num_streams>

    <comments>0</comments>

    <errors num="0"/>

  </basic>

  <advanced>

    <version num="0" type="original">

      <catalog object_id="1"/>

      <info object_id="2"/>

      <objects num="526">