pdfid Package Description

This tool is not a PDF parser, but it will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened. PDFiD will also handle name obfuscation.

The idea is to use this tool first to triage PDF documents, and then analyze the suspicious ones with my pdf-parser.

An important design criterium for this program is simplicity. Parsing a PDF document completely requires a very complex program, and hence it is bound to contain many (security) bugs. To avoid the risk of getting exploited, I decided to keep this program very simple (it is even simpler than pdf-parser.py).

Source: http://blog.didierstevens.com/programs/pdf-tools/
pdfid Homepage | Kali pdfid Repo

  • Author: Didier Stevens
  • License: None

Tools included in the pdfid package

pdfid – Scans PDF files for certain PDF keywords
root@kali:~# pdfid -h
Usage: pdfid [options] [pdf-file]
Tool to test a PDF file

Options:
  --version     show program's version number and exit
  -h, --help    show this help message and exit
  -s, --scan    scan the given directory
  -a, --all     display all the names
  -e, --extra   display extra data, like dates
  -f, --force   force the scan of the file, even without proper %PDF header
  -d, --disarm  disable JavaScript and auto launch

pdfid Usage Example

root@kali:~# pdfid /usr/share/doc/texmf/fonts/lm/lm-info.pdf
PDFiD 0.0.12 /usr/share/doc/texmf/fonts/lm/lm-info.pdf
 PDF Header: %PDF-1.4
 obj                  526
 endobj               526
 stream               151
 endstream            151
 xref                   1
 trailer                1
 startxref              1
 /Page                 26
 /Encrypt               0
 /ObjStm                0
 /JS                    0
 /JavaScript            0
 /AA                    0
 /OpenAction            0
 /AcroForm              0
 /JBIG2Decode           0
 /RichMedia             0
 /Launch                0
 /EmbeddedFile          0
 /Colors > 2^24         0
Menu