begood Posted May 11, 2010 Report Posted May 11, 2010 What is it? origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Features Create PDF documents from scratch. Parse existing documents, modify them and recompile them. Explore documents at the object level, going deep into the document structure, uncompressing PDF object streams and desobfuscating names and strings. High-level operations, such as encryption/decryption, signature, file attachments... A GTK interface to quickly browse into the document contents. Quick look # Create a simple PDF document. contents = ContentStream.newcontents.write 'I AM EMPTY', => 350, :y => 750, :rendering => PS::Text::Rendering::STROKE, :size => 15PDF.new.append_page(Page.new.setContents(contents)).saveas('empty.pdf') # Read a PDF document and add an action.pdf = PDF.read("foo.pdf")pdf.onDocumentOpen Action::URI.new('http://google.com')pdf.saveas('bar.pdf') # Return an array of objects whose name begins with 'JS'pdf.ls(/^JS/)# Return an array of objects containing '/bin/sh'pdf.grep('/bin/sh')# Add a JS script to execute on first page.pdf.pages.first.onOpen Action::JavaScript.new('app.alert("Hello");')# Attach an embedded file to a documentpdf.attach_file('other_doc.pdf') Full scripts We provide some scripts helping to perform common actions on PDF files. Feel free to send us your own scripts at origami(at)security-labs.org. detectjs.rb: search for all JavaScript objects.embed.rb: add an attachment to a PDF file.create-jspdf.rb: add a JavaScript to a PDF file, executed when the document is opened.moebius.rb: transform a PDF to a moebius strip.encrypt.rb: encrypt a PDF file. More to come on next releases...Origami in PDF Quote
