Tools: PDF Stream Dumper

PDF Stream Dumper es una herramienta gratuita que ayuda al análisis y deteccion de PDF maliciosos.

Full feature list

• - Supported filters: FlateDecode, RunLengthDecode, ASCIIHEXDecode, ASCII85Decode, LZWDecode
• - Integrated shellcode tools:
  • . sclog gui (Shellcode Analysis tool)
  • . scdbg libemu based Shellcode analysis tool
  • . Shellcode_2_Exe functionality
  • . Export unescaped bytes to file
• - Supports filter chaining (ie multiple filters applied to same stream)
• - Supports unescaping encoded pdf headers
• - Scriptable interface to process multiple files and generate reports
• - View all pdf objects
• - View deflated streams
• - View stream details such as file offsets, header, etc
• - Save raw and deflated data
• - Search streams for strings
•  - Scan for functions which contain pdf exploits (dumb scan)
• - Format javascript using js beautifier (see credits in readme)
• - View streams as hex dumps
• - Zlib compress/decompress arbitrary files
• - Replace/update pdf streams with your own data
• - Basic JavaScript interface so you can run parts of embedded scripts
• - PdfDecryptor w/source – uses iTextSharp and requires .Net Framework 2.0
• - Basic JavaScript de-obsfuscator
• - Can hide: header only streams, duplicate streams, selected streams
• - JS UI also has access to a toolbox class to
  • . simplify fragmented strings
  • . read/write files
  • . do hexdumps
  • . do unicode safe unescapes
  • . disassembler engine
  • . replicate some common Adobe API (new)

PDF Stream Dumper also supports unescaping/formatting manipulated PDF headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.) via plugins and adds automation features via various VBS scripts.

Download