PDFExaminer Tool - Analyse PDF Malware

Related tags

PDF pdfexaminer
Overview

PDFExaminer Tool - Analyse PDF Malware

PDFExaminer Command Line Scanner

This document describes installation and usage of the PDF Examiner – command line version. The PDFExaminer command line scanner is a compact PHP library to process PDF documents for decompression, decryption, and deobfuscation, to scan for known exploits and identify suspicious elements of new threats.

Requirements

PHP 5.0 or greater, tested up to 7.0. PHP 5 requires modules php5-hash, php5-ctype, php5-mcrypt and php5-zlib. PHP7 requires only php70-mcrypt 512MB RAM, 1GB Recommended

Recommended

For safe handling of MS Windows based exploits, Linux or Mac OSX is recommended. Yara - malware classification - http://plusvic.github.io/yara/ LibEmu - to detect Windows shellcode - http://libemu.carnivore.it/ NASM - to disassemble Windows shellcode - http://www.nasm.us/

Package Contents

pdfex-cli.php: command line related functions pdfex-lib.php: PDFExaminer engine pdfex-sig.php: detection signatures pdfex.php: command line script

Installation

Copy the PHP files to an accessible directory. It is not necessary to make the files executable.

Running PDF Examiner on the command line

Use the pdfex.php to specify a PDF file or directory of PDF files to process: php pdfex.php file_to_process.pdf

Command line options

php pdfex.php <-p user password> file_to_process.pdf -p option to specify decrypting using a user password.

php pdfex.php <-y yara include> file_to_process.pdf -y option to specify a Yara signature include file.

php pdfex.php file_to_process.pdf Returns the number of positive signature hits

php pdfex.php file_to_process.pdf <is_malware> Returns binary result of scan 0 for clean 1 for malware

php pdfex.php file_to_process.pdf

Returns a texual reporting of suspect PDF by object and generation

php pdfex.php file_to_process.pdf Returns a weighted severity of detected entities >10 is considered malware, however, one point is assigned per JavaScript containing object, potentially causing a false positive effect on complex JavaScript containing documents.

Brackets should be omitted in the actual command line option.

Chain multiple queries together to create your own custom output.

Advanced Options

The following PHP variables in pdfex-cli.php correspond to the following advanced capabilities:

$global_store_files = 1; Save objects of the PDF file in the $pdfdir directory of the named for the MD5 of the current file. The naming convention used is / obj--gen--dup<file offset in bytes to identify duplicate obj/gen combinations>-

$pdfdir = ‘’; Location where extracted objects can be saved.

The following options can be set in pdfex.php: $global_yara_cmd=/path/to/yara; Yara executable.

$global_yara_sig=/path/to/yarainclude.rar; Yara include file with signatures to scan for.
You might also like...
Convert html to an image, pdf or string
Convert html to an image, pdf or string

Convert a webpage to an image or pdf using headless Chrome The package can convert a webpage to an image or pdf. The conversion is done behind the sce

Spatie 4.1k Jan 1, 2023
Laravel Snappy PDF

Snappy PDF/Image Wrapper for Laravel 5 and Lumen 5.1 This package is a ServiceProvider for Snappy: https://github.com/KnpLabs/snappy. Wkhtmltopdf Inst

Barry vd. Heuvel 2.3k Jan 2, 2023
Sign PDF files with valid x509 certificate
Sign PDF files with valid x509 certificate

Sign PDF files with valid x509 certificate Require this package in your composer.json and update composer. This will download the package and the depe

Lucas Nepomuceno 175 Jan 2, 2023
Generate simple PDF invoices with PHP
Generate simple PDF invoices with PHP

InvoiScript Generate simple PDF invoices with PHP. Installation Run: composer require mzur/invoiscript Usage Example use Mzur\InvoiScript\Invoice; re

Martin Zurowietz 16 Aug 24, 2022
Convert a pdf to an image
Convert a pdf to an image

Convert a pdf to an image This package provides an easy to work with class to convert PDF's to images. Spatie is a webdesign agency in Antwerp, Belgiu

Spatie 1.1k Dec 29, 2022
PHP library allowing PDF generation or snapshot from an URL or an HTML page. Wrapper for Kozea/WeasyPrint

PhpWeasyPrint PhpWeasyPrint is a PHP library allowing PDF generation from an URL or an HTML page. It's a wrapper for WeasyPrint, a smart solution help

Pontedilana 23 Oct 28, 2022
Generate pdf file with printable labels
Generate pdf file with printable labels

printable_labels_pdf Generate pdf file with printable labels with PHP code. CREATE A PDF FILE WITH LABELS EASELY: You can get a pdf file with labels f

Rafael Martin Soto 5 Sep 22, 2022
A Laravel package for creating PDF files using LaTeX
A Laravel package for creating PDF files using LaTeX

LaraTeX A laravel package to generate PDFs using LaTeX · Report Bug · Request Feature For better visualization you can find a small Demo and the HTML

Ismael Wismann 67 Dec 28, 2022
Generate PDF invoices for your customers in laravel
Generate PDF invoices for your customers in laravel

What is Invoices? Invoices is a Laravel library that generates a PDF invoice for your customers. The PDF can be either downloaded or streamed in the b

Erik C. Forés 399 Jan 2, 2023
Comments
  • Documentation

    Documentation

    Hi. This is not a bug, this is a request for documentation. How can I use this library on a server when a user uploads a PDF file? I do not want a PDF file with any javascript code inside or other threads. I want to deny the upload on the spot. Can you provide an example?

    Thank you.

    opened by OpreaFlorin 0
  • PHP Memory Allocation limit on large pdfs

    PHP Memory Allocation limit on large pdfs

    Large pdfs cause php memory allocation limit to be hit. Need to edit in pdfex-lib.php. It would be nice to have this as a configurable command line argument. Note that the memory allocation limit is set in pdfex-lib and so will override the user settings in php.ini config.

    opened by seansdoyle 1
Owner
tylabs
Tools to detect malware in common document formats.
tylabs
GitHub
Magento 2 Invoice PDF Generator - helps you to customize the pdf templates for Magento 2

Magento 2 Invoice PDF Generator - helps you to customize the pdf templates for Magento 2. If you have an enabled template and a default template for the store you need your template the system will print the pdf template.

EAdesign 64 Oct 18, 2021
A PHP tool that helps you write eBooks in markdown and convert to PDF.

Artwork by Eric L. Barnes and Caneco from Laravel News ❤️ . This PHP tool helps you write eBooks in markdown. Run ibis build and an eBook will be gene

Mohamed Said 1.6k Jan 2, 2023
Convert HTML to PDF using Webkit (QtWebKit)

wkhtmltopdf and wkhtmltoimage wkhtmltopdf and wkhtmltoimage are command line tools to render HTML into PDF and various image formats using the QT Webk

wkhtmltopdf 13k Jan 4, 2023
HTML to PDF converter for PHP

Dompdf Dompdf is an HTML to PDF converter At its heart, dompdf is (mostly) a CSS 2.1 compliant HTML layout and rendering engine written in PHP. It is

null 9.3k Jan 1, 2023
PHP library generating PDF files from UTF-8 encoded HTML

mPDF is a PHP library which generates PDF files from UTF-8 encoded HTML. It is based on FPDF and HTML2FPDF (see CREDITS), with a number of enhancement

null 3.8k Jan 2, 2023
PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Wrapper for wkhtmltopdf/wkhtmltoimage

Snappy Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. It uses the excellent webkit-based wkhtmltopd

KNP Labs 4.1k Dec 30, 2022
Official clone of PHP library to generate PDF documents and barcodes

TCPDF PHP PDF Library Please consider supporting this project by making a donation via PayPal category Library author Nicola Asuni [email protected] co

Tecnick.com LTD 3.6k Jan 6, 2023
TCPDF - PHP PDF Library - https://tcpdf.org

tc-lib-pdf PHP PDF Library UNDER DEVELOPMENT (NOT READY) UPDATE: CURRENTLY ALL THE DEPENDENCY LIBRARIES ARE ALMOST COMPLETE BUT THE CORE LIBRARY STILL

Tecnick.com LTD 1.3k Dec 30, 2022
Pdf and graphic files generator library written in php

Information Examples Sample documents are in the "examples" directory. "index.php" file is the web interface to browse examples, "cli.php" is a consol

Piotr Śliwa 335 Nov 26, 2022
PdfParser, a standalone PHP library, provides various tools to extract data from a PDF file.

PdfParser Pdf Parser, a standalone PHP library, provides various tools to extract data from a PDF file. Website : https://www.pdfparser.org Test the A

Sebastien MALOT 1.9k Jan 2, 2023