Nytro Posted July 17, 2012 Report Posted July 17, 2012 [h=1]PdfStreamDumper 0.9.320[/h] April 25, 2012 By MayureshOur first post regarding the PdfStreamDumper can be found here. Recently, an update – PdfStreamDumper version 0.9.320 – was released.PdfStreamDumper is a free tool for the analysis of malicious PDF documents. It also has some features that can make it useful for PDF vulnerability development. It has as specialized tools for dealing with obsfuscated javascript, low level PDF headers and objects, and shellcode. In terms of shellcode analysis, it has an integrated interface for libemu sctest, and a shellcode_2_exe feature. Javascript tools include integration with JS Beautifier for code formatting, the ability to run portions of the script live for live deobsfuscation, toolbox classes to handle extra canned functionality, as well as a pretty stable refactoring engine that will parse a script and replace all the screwy random function and variable names with logical sanitized versions for readability. PdfStreamDumper also supports unescaping/formatting manipulated pdf headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.)[h=2]Changes made to PdfStreamDumper:[/h]PdfStreamDumper got a Virustotal plugin. It has two modes, one just searchs for the currently loaded file, and the other is a bulk request mode. The bulk request mode can load a CRLF list of md5s from the clipboard, or it can scan the currently laded PDF and grab the md5s for the embedded objects (flash, u3d, ttf, prc etc). Dumper also received an Extract URLs menu item and Download File menu item. The Stream Parser has finally been optimized and is now 20x faster.[h=3]Download PdfStreamDumper:[/h]PDFStreamDumper 0.9.320 – PDFStreamDumper_Setup.exe – http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exeSursa: PdfStreamDumper version 0.9.320! — PenTestIT Quote
