Jump to content
Nytro

AnalyzePDF.py

By Nytro, in Programe utile

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

AnalyzePDF.py

Analyzes PDF files by looking at their characteristics in order to add some intelligence into the determination of them being malicious or benign.

Requirements

* pdfid * pdfinfo * yara Usage

$ python AnalyzePDF.py -h usage: AnalyzePDF.py [-h] [-m MOVE] [-y YARARULES] Path

Produces a high level overview of a PDF to quickly determine if further analysis is needed based on it's characteristics

positional arguments: Path Path to directory/file(s) to be scanned

optional arguments: -h, --help show this help message and exit -m MOVE, --move MOVE Directory to move files triggering YARA hits to -y YARARULES, --yararules YARARULES Path to YARA rules. Rules should contain a weighted score in the metadata section. (i.e. weight = 3)

example: python AnalyzePDF.py -m tmp/badness -y foo/pdf.yara bar/getsome.pdf

Restrictions

Free to use for non-commercial. Give credit where credit is due.

Sursa & Download: https://github.com/hiddenillusion/AnalyzePDF

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...