ParanoiDF – PDF Analysis & Password Cracking Tool


ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more.

ParanoiDF - PDF Analysis & Password Cracking Tool

We have posted about a few PDF related tools before, including the one this tool is based on:

peepdf – Analyze & Modify PDF Files
PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility
Origami – Parse, Analyze & Forge PDF Documents

Features

These are only the newly added features, not the original peepdf features which can be found here.

  • crackpw – This executes Nacho Barrientos Arias’s PDFCrack tool by performing an OS call. The command allows the user to input a custom dictionary, perform a benchmark or continue from a saved state file. If no custom dictionary is input, this command will attempt to brute force a password using a modifiable charset text file in directory “ParanoiDF/pdfcrack”.
  • decrypt – This uses an OS call to Jay Berkenbilt’s “QPDF” which decrypts the PDF document and outputs the decrypted file. This requires the user-password.
  • encrypt – Encrypts an input PDF document with any password you specify. Uses 128-bit RC4 encryption.
  • embedf – Create a blank PDF document with an embedded file. This is for research purposes to show how files can be embedded in PDFs. This command imports Didier Stevens Make-pdf-embedded.py script as a module.
  • embedjs – Similiar to “embedf”, but embeds custom JavaScript file inside a new blank PDF document. If no custom JavaScript file is input, a default app.alert messagebox is embedded.
  • extractJS – This attempts to extract any embedded JavaScript in a PDF document. It does this by importing Blake Hartstein’s Jsunpackn’s “pdf.py” JavaScript tool as a module, then executing it on the file.
  • redact – Generate a list of words that will fit inside a redaction box in a PDF document. The words (with a custom sentence) can then be parsed in a grammar parser and a custom amount can be displayed depending on their score. This command requires a tutorial to use. Please read “redactTutorial.pdf” in directory “ParanoiDF/docs”.
  • removeDRM – Remove DRM (editing, copying etc.) restrictions from PDF document and output to a new file. This does not need the owner-password and there is a possibility the document will lose some formatting. This command works by calling Kovid Goyal’s Calibre’s “ebook-convert” tool.

You can download ParanoiDF here:

master.zip

Or read more here.

Posted in: Forensics, Hacking Tools, Malware, Password Cracking Tools

, , ,


Latest Posts:


Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.


Comments are closed.