ParanoiDF – PDF Analysis & Password Cracking Tool

The New Acunetix V12 Engine


ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more.

ParanoiDF - PDF Analysis & Password Cracking Tool

We have posted about a few PDF related tools before, including the one this tool is based on:

peepdf – Analyze & Modify PDF Files
PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility
Origami – Parse, Analyze & Forge PDF Documents

Features

These are only the newly added features, not the original peepdf features which can be found here.

  • crackpw – This executes Nacho Barrientos Arias’s PDFCrack tool by performing an OS call. The command allows the user to input a custom dictionary, perform a benchmark or continue from a saved state file. If no custom dictionary is input, this command will attempt to brute force a password using a modifiable charset text file in directory “ParanoiDF/pdfcrack”.
  • decrypt – This uses an OS call to Jay Berkenbilt’s “QPDF” which decrypts the PDF document and outputs the decrypted file. This requires the user-password.
  • encrypt – Encrypts an input PDF document with any password you specify. Uses 128-bit RC4 encryption.
  • embedf – Create a blank PDF document with an embedded file. This is for research purposes to show how files can be embedded in PDFs. This command imports Didier Stevens Make-pdf-embedded.py script as a module.
  • embedjs – Similiar to “embedf”, but embeds custom JavaScript file inside a new blank PDF document. If no custom JavaScript file is input, a default app.alert messagebox is embedded.
  • extractJS – This attempts to extract any embedded JavaScript in a PDF document. It does this by importing Blake Hartstein’s Jsunpackn’s “pdf.py” JavaScript tool as a module, then executing it on the file.
  • redact – Generate a list of words that will fit inside a redaction box in a PDF document. The words (with a custom sentence) can then be parsed in a grammar parser and a custom amount can be displayed depending on their score. This command requires a tutorial to use. Please read “redactTutorial.pdf” in directory “ParanoiDF/docs”.
  • removeDRM – Remove DRM (editing, copying etc.) restrictions from PDF document and output to a new file. This does not need the owner-password and there is a possibility the document will lose some formatting. This command works by calling Kovid Goyal’s Calibre’s “ebook-convert” tool.

You can download ParanoiDF here:

master.zip

Or read more here.

Posted in: Forensics, Hacking Tools, Malware, Password Cracking

, , ,


Latest Posts:


HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.


Comments are closed.