peepdf Package Description

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it is able to create new PDF files, modify existent ones and obfuscate them.

peepdf Homepage | Kali peepdf Repo

  • Author: Jose Miguel Esparza
  • License: GPLv3

Tools included in the peepdf package

peepdf – PDF analysis tool
root@kali:~# peepdf -h
Usage: /usr/bin/peepdf [options] PDF_file

Version: peepdf 0.2 r183

  -h, --help            show this help message and exit
  -i, --interactive     Sets console mode.
  -s SCRIPTFILE, --load-script=SCRIPTFILE
                        Loads the commands stored in the specified file and
                        execute them.
  -f, --force-mode      Sets force parsing mode to ignore errors.
  -l, --loose-mode      Sets loose parsing mode to catch malformed objects.
  -u, --update          Updates peepdf with the latest files from the
  -g, --grinch-mode     Avoids colorized output in the interactive console.
  -v, --version         Shows program's version number.
  -x, --xml             Shows the document information in XML format.

peepdf Usage Example

Use XML format (-x) to display information about the PDF file (/usr/share/doc/texmf/fonts/lm/lm-info.pdf):

root@kali:~# peepdf -x /usr/share/doc/texmf/fonts/lm/lm-info.pdf
<peepdf_analysis url="" version="0.2 r183" author="Jose Miguel Esparza">
  <date>2014-05-16 12:22</date>
    <binary status="true"/>
    <linearized status="false"/>
    <encrypted status="false"/>
    <errors num="0"/>
    <version num="0" type="original">
      <catalog object_id="1"/>
      <info object_id="2"/>
      <objects num="526">