UNKNOWN
Maintainers
** Home page **
http://peepdf.eternal-todo.com http://twitter.com/peepdf
** Dependencies **
In order to analyse Javascript code “PyV8” is needed:
The “sctest” command is a wrapper of “sctest” (libemu). Besides libemu pylibemu is used and must be installed:
http://libemu.carnivore.it (latest version from git repository, Sourceforge package is outdated) https://github.com/buffer/pylibemu
Included modules: lzw, ccitt (Thanks to all the developers!!)
** Installation **
Run, in peepdf directory
easy_install .
The setup script handles the installation of jsbeautifier, colorama, pythonaes and lxml
** Execution **
There are two important options when peepdf is executed:
-f: Ignores the parsing errors. Analysing malicious files propably leads to parsing errors, so this parameter should be set. -l: Sets the loose mode, so does not search for the endobj tag because it’s not obligatory. Helpful with malformed files.
- Simple execution
Shows the statistics of the file after being decoded/decrypted and analysed:
peepdf.py [options] pdf_file
- Interactive console
Executes the interactive console to let play with the PDF file:
peepdf.py -i [options] pdf_file
If no PDF file is specified it’s possible to use the decode/encode/js*/sctest commands and create a new PDF file:
peepdf.py -i
- Batch execution
It’s possible to use a commands file to specify the commands to be executed in the batch mode. This type of execution is good to automatise analysis of several files:
peepdf.py [options] -s commands_file pdf_file
** Updating **
The option has been desactivated as it is not working for now. To update, cd to peepdf directory and type:
git pull origin master easy_install .
** Some hints **
If the information shown when a PDF file is parsed is not enough to know if it’s harmful or not, the following commands can help to do it:
- tree
Shows the tree graph of the file or specified version. Here we can see suspicious elements.
- offsets
Shows the physical map of the file or the specified version of the document. This is helpful to see unusual big objects or big spaces between objects.
- search
Search the specified string or hexadecimal string in the objects (decoded and encrypted streams included).
- object/rawobject
Shows the (raw) content of the object.
- stream/rawstream
Shows the (raw) content of the stream.
- The rest of commands, of course
> help
** Bugs **
Send me bugs and comments, please!! ;) You can do it via mail (jesparza AT eternal-todo.com) or through Github (https://github.com/jesparza/peepdf/issues).
Thanks!!
Download Files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| File Name & Checksum SHA256 Checksum Help | Version | File Type | Upload Date |
|---|---|---|---|
| peepdf-0.3.6.tar.gz (113.4 kB) Copy SHA256 Checksum SHA256 | – | Source | Jun 10, 2017 |
