From Collaborative RCE Tool Library
PDF Stream Dumper
| Tool name: | PDF Stream Dumper |
|
||
|---|---|---|---|---|
| Author: | dzzie | |||
| Website: | http://sandsprite.com/blogs/index.php?uid=7 | |||
| Current version: | 0.9.170 | |||
| Last updated: | July 21, 2010 | |||
| Direct D/L link: | http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe | |||
| License type: | unknown | |||
| Description: | Full feature list supported filters: FlateDecode, RunLengthDecode, ASCIIHEXDecode, ASCII85Decode, LZWDecode Integrated shellcode tools: sclog gui (Shellcode Analysis tool I wrote at iDefense) scTest gui libemu based Shellcode analysis tool Shellcode_2_Exe functionality Export unescaped bytes to file supports filter chaining (ie multiple filters applied to same stream) supports unescaping encoded pdf headers scriptable interface to process multiple files and generate reports view all pdf objects view deflated streams view stream details such as file offsets, header, etc save raw and deflated data search streams for strings scan for functions which contain pdf exploits (dumb scan) format javascript using js beautifier (see credits in readme) view streams as hex dumps zlib compress/decompress arbitrary files replace/update pdf streams with your own data basic javascript interface so you can run parts of embedded scripts PdfDecryptor w/source - uses iTextSharp and requires .Net Framework 2.0 Basic Javascript de-obsfuscator can hide: header only streams, duplicate streams, selected streams js ui also has access to a toolbox class to simplify fragmented strings read/write files do hexdumps do unicode safe unescapes disassembler engine replicate some common Adobe API (new) Current Automation scripts include: csv_stats.vbs - Builds csv file with results from lower status bar for all files in a directory pdfbox_extract.vbs - use pdfbox to extract all images and text from current file string_scan.vbs - scan all decompressed streams in all files in a directory for a string you enter unsupported_filters.vbs - scan a directory and build list of all pdfs which have unsupported filters filter_chains.vbs - recursivly scans parent dir for pdfs that use multiple encoding filters on a stream. obsfuscated_headers.vbs - recursivly scans parent dir for pdfs that have obsfuscated object headers pdfbox_extract_text_page_by_page.vbs - uses pdfbox to extract page data into individual files Current Plugins include: Build_DB.dll - Search and sort data inside multiple samples, move and organize files obj_browser.dll - view layout and data inside pdf in text form |
|||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
You are welcome to add your own useful notes about this tool, for others to see!