Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

UNKNOWN

Project Description

** Home page **

http://peepdf.eternal-todo.com http://twitter.com/peepdf

** Dependencies **

** Installation **

Run, in peepdf directory

easy_install .

The setup script handles the installation of jsbeautifier, colorama, pythonaes and lxml

** Execution **

There are two important options when peepdf is executed:

-f: Ignores the parsing errors. Analysing malicious files propably leads to parsing errors, so this parameter should be set. -l: Sets the loose mode, so does not search for the endobj tag because it’s not obligatory. Helpful with malformed files.

  • Simple execution

Shows the statistics of the file after being decoded/decrypted and analysed:

peepdf.py [options] pdf_file
  • Interactive console

Executes the interactive console to let play with the PDF file:

peepdf.py -i [options] pdf_file

If no PDF file is specified it’s possible to use the decode/encode/js*/sctest commands and create a new PDF file:

peepdf.py -i
  • Batch execution

It’s possible to use a commands file to specify the commands to be executed in the batch mode. This type of execution is good to automatise analysis of several files:

peepdf.py [options] -s commands_file pdf_file

** Updating **

The option has been desactivated as it is not working for now. To update, cd to peepdf directory and type:

git pull origin master easy_install .

** Some hints **

If the information shown when a PDF file is parsed is not enough to know if it’s harmful or not, the following commands can help to do it:

  • tree

Shows the tree graph of the file or specified version. Here we can see suspicious elements.

  • offsets

Shows the physical map of the file or the specified version of the document. This is helpful to see unusual big objects or big spaces between objects.

  • search

Search the specified string or hexadecimal string in the objects (decoded and encrypted streams included).

  • object/rawobject

Shows the (raw) content of the object.

  • stream/rawstream

Shows the (raw) content of the stream.

  • The rest of commands, of course

> help

** Bugs **

Send me bugs and comments, please!! ;) You can do it via mail (jesparza AT eternal-todo.com) or through Github (https://github.com/jesparza/peepdf/issues).

Thanks!!

Release History

Release History

This version
History Node

0.3.6

History Node

0.3.5

History Node

0.3.4

History Node

0.3.3

History Node

0.3.2

History Node

0.3.1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
peepdf-0.3.6.tar.gz (113.4 kB) Copy SHA256 Checksum SHA256 Source Jun 10, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting