With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. Apart of this it’s able to create new PDF files and to modify existent ones.

Features

Analysis

• Decodings: hexadecimal, octal, name objects
• More used filters
• References in objects and where an object is referenced
• Strings search (including streams)
• Physical structure (offsets)
• Logical tree structure
• Metadata
• Modifications between versions (changelog)
• Compressed objects (object streams)
• Analysis and modification of Javascript (Spidermonkey): unescape, replace, join
• Shellcode analysis (sctest wrapper, Libemu)
• Variables (set command)
• Extraction of old versions of the document

Creation/Modification:

• Basic PDF creation
• Creation of PDF with Javascript executed wen the document is opened
• Creation of object streams to compress objects
• Embedded PDFs
• Strings and names obfuscation
• Malformed PDF output: without endobj, garbage in the header, bad header…
• Filters modification
• Objects modification

With all the recent PDF security scares and PDF hacking it’s important to have adequate tools for PDF analysis.

There are some other tools for dealing with PDF Analysis like:

PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility & Origami – Parse, Analyze & Forge PDF Documents.

You can download peepdf here:

peepdf-0.1.zip

Or read more here.

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

Features

• Create PDF documents from scratch.
• Parse existing documents, modify them and recompile them.
• Explore documents at the object level, going deep into the document structure, uncompressing PDF object streams and desobfuscating names and strings.
• High-level operations, such as encryption/decryption, signature, file attachments…
• A GTK interface to quickly browse into the document contents.

Full Scripts

Some scripts are provided to help in performing common actions on PDF files. You can contribute more by sending your own scripts to origami(at)security-labs.org.

• detectjs.rb: search for all JavaScript objects.
• embed.rb: add an attachment to a PDF file.
• create-jspdf.rb: add a JavaScript to a PDF file, executed when the document is opened.
• moebius.rb: transform a PDF to a moebius strip.
• encrypt.rb: encrypt a PDF file.

You can download Origami here:

origami-1.0.0-beta1.tar.gz

Or read more here.