pdfalyzer 1.16.11__py3-none-any.whl → 1.16.13__py3-none-any.whl

CHANGELOG.md

@@ -1,5 +1,11 @@
 # NEXT RELEASE
 
+### 1.16.13
+* Bump `yaralyzer` to v1.0.7 and fix reference to yaralyzer's renamed `prefix_with_style()` method
+
+### 1.16.12
+* Bump `PyPDF` to v6.0.0
+
 ### 1.16.11
 * Fix typo in `combine_pdfs` help
 * Add some more PyPi classifiers

pdfalyzer/__init__.py

@@ -19,7 +19,7 @@ if not environ.get('INVOKED_BY_PYTEST', False):
 from rich.columns import Columns
 from rich.panel import Panel
 from rich.text import Text
-from yaralyzer.helpers.rich_text_helper import prefix_with_plain_text_obj
+from yaralyzer.helpers.rich_text_helper import prefix_with_style
 from yaralyzer.output.file_export import invoke_rich_export
 from yaralyzer.output.rich_console import console
 from yaralyzer.util.logging import log_and_print
@@ -83,7 +83,7 @@ def pdfalyzer_show_color_theme() -> None:
     console.print(Panel('The Pdfalyzer Color Theme', style='reverse'))
 
     colors = [
-        prefix_with_plain_text_obj(name[:MAX_THEME_COL_SIZE], style=str(style)).append(' ')
+        prefix_with_style(name[:MAX_THEME_COL_SIZE], style=str(style)).append(' ')
         for name, style in PDFALYZER_THEME_DICT.items()
         if name not in ['reset', 'repr_url']
     ]
@@ -93,7 +93,7 @@ def pdfalyzer_show_color_theme() -> None:
 
 def combine_pdfs():
     """
-    Utility method to combine multiple PDFs into one. Invocable with 'combine_pdfs PDF1 [PDF2...]'.
+    Script method to combine multiple PDFs into one. Invocable with 'combine_pdfs PDF1 [PDF2...]'.
     Example: https://github.com/py-pdf/pypdf/blob/main/docs/user/merging-pdfs.md
     """
     args = parse_combine_pdfs_args()
@@ -130,3 +130,9 @@ def combine_pdfs():
     txt = Text('').append(f"  -> Wrote ")
     txt.append(str(file_size_in_mb(args.output_file)), style='cyan').append(" megabytes\n")
     print_highlighted(txt)
+
+
+# TODO: migrate this functionality from clown_sort
+# def extract_pages_from_pdf() -> None:
+#     args = parse_pdf_page_extraction_args()
+#     PdfFile(args.pdf_file).extract_page_range(args.page_range, destination_dir=args.destination_dir)

pdfalyzer/helpers/pdf_object_helper.py

@@ -8,19 +8,14 @@ from pypdf.generic import IndirectObject, PdfObject
 from pdfalyzer.pdf_object_relationship import PdfObjectRelationship
 
 
-def pdf_object_id(pdf_object) -> Optional[int]:
-    """Return the ID of an IndirectObject and None for everything else"""
-    return pdf_object.idnum if isinstance(pdf_object, IndirectObject) else None
-
-
 def does_list_have_any_references(_list) -> bool:
     """Return true if any element of _list is an IndirectObject."""
     return any(isinstance(item, IndirectObject) for item in _list)
 
 
-def _sort_pdf_object_refs(refs: List[PdfObjectRelationship]) -> List[PdfObjectRelationship]:
-    """Sort a list of PdfObjectRelationship objects by their to_obj's idnum. Only used by pytest."""
-    return sorted(refs, key=lambda ref: ref.to_obj.idnum)
+def pdf_object_id(pdf_object) -> Optional[int]:
+    """Return the ID of an IndirectObject and None for everything else"""
+    return pdf_object.idnum if isinstance(pdf_object, IndirectObject) else None
 
 
 def pypdf_class_name(obj: PdfObject) -> str:
@@ -28,3 +23,8 @@ def pypdf_class_name(obj: PdfObject) -> str:
     class_pkgs = type(obj).__name__.split('.')
     class_pkgs.reverse()
     return class_pkgs[0].removesuffix('Object')
+
+
+def _sort_pdf_object_refs(refs: List[PdfObjectRelationship]) -> List[PdfObjectRelationship]:
+    """Sort a list of PdfObjectRelationship objects by their to_obj's idnum. Only used by pytest."""
+    return sorted(refs, key=lambda ref: ref.to_obj.idnum)

pdfalyzer/output/tables/decoding_stats_table.py

@@ -5,7 +5,7 @@ from numbers import Number
 
 from rich.table import Table
 from rich.text import Text
-from yaralyzer.helpers.rich_text_helper import CENTER, na_txt, prefix_with_plain_text_obj
+from yaralyzer.helpers.rich_text_helper import CENTER, na_txt, prefix_with_style
 
 from pdfalyzer.binary.binary_scanner import BinaryScanner
 from pdfalyzer.helpers.rich_text_helper import pct_txt
@@ -60,7 +60,7 @@ def build_decoding_stats_table(scanner: BinaryScanner) -> Table:
 
 def _new_decoding_stats_table(title) -> Table:
     """Build an empty table for displaying decoding stats"""
-    title = prefix_with_plain_text_obj(title, style='blue underline')
+    title = prefix_with_style(title, style='blue underline')
     title.append(": Decoding Attempts Summary Statistics", style='bright_white bold')
 
     table = Table(

{pdfalyzer-1.16.11.dist-info → pdfalyzer-1.16.13.dist-info}/METADATA

@@ -1,13 +1,13 @@
 Metadata-Version: 2.1
 Name: pdfalyzer
-Version: 1.16.11
+Version: 1.16.13
 Summary: PDF analysis tool. Scan a PDF with YARA rules, visualize its inner tree-like data structure in living color (lots of colors), force decodes of suspicious font binaries, and more.
 Home-page: https://github.com/michelcrypt4d4mus/pdfalyzer
 License: GPL-3.0-or-later
-Keywords: ascii art,binary,color,cybersecurity,DFIR,encoding,font,infosec,maldoc,malicious pdf,malware,malware analysis,pdf,pdfs,pdf analysis,pypdf,threat assessment,visualization,yara
+Keywords: ascii art,binary,color,cybersecurity,DFIR,encoding,font,infosec,maldoc,malicious pdf,malware,malware analysis,pdf,pdfs,pdf analysis,pypdf,threat assessment,threat hunting,threat intelligence,threat research,threatintel,visualization,yara
 Author: Michel de Cryptadamus
 Author-email: michel@cryptadamus.com
-Requires-Python: >=3.9.2,<4.0.0
+Requires-Python: >=3.9.2,<4.0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Information Technology
@@ -23,8 +23,8 @@ Classifier: Topic :: Artistic Software
 Classifier: Topic :: Scientific/Engineering :: Visualization
 Classifier: Topic :: Security
 Requires-Dist: anytree (>=2.13,<3.0)
-Requires-Dist: pypdf (>=5.9.0,<6.0.0)
-Requires-Dist: yaralyzer (>=1.0.4,<2.0.0)
+Requires-Dist: pypdf (>=6.0.0,<7.0.0)
+Requires-Dist: yaralyzer (>=1.0.7,<2.0.0)
 Project-URL: Changelog, https://github.com/michelcrypt4d4mus/pdfalyzer/blob/master/CHANGELOG.md
 Project-URL: Documentation, https://github.com/michelcrypt4d4mus/pdfalyzer
 Project-URL: Repository, https://github.com/michelcrypt4d4mus/pdfalyzer
@@ -65,10 +65,12 @@ If you're looking for one of these things this may be the tool for you.
 ### What It Don't Do
 This tool is mostly for examining/working with a PDF's data and logical structure. As such it doesn't have much to offer as far as extracting text, rendering[^3], writing, etc. etc.
 
+If you suspect you are dealing with a malcious PDF you can safely run `pdfalyze` on it; embedded javascript etc. will not be executed. If you want to actually look at the contents of a suspect PDF you can use [`dangerzone`](https://dangerzone.rocks/) to sanitize the contents with extreme prejudice before opening it.
+
 -------------
 
 # Installation
-
+#### All Platforms
 Installation with [pipx](https://pypa.github.io/pipx/)[^4] is preferred though `pip3` / `pip` should also work.
 ```sh
 pipx install pdfalyzer
@@ -76,7 +78,12 @@ pipx install pdfalyzer
 
 See [PyPDF installation notes](https://github.com/py-pdf/pypdf#installation) about `PyCryptodome` if you plan to `pdfalyze` any files that use AES encryption.
 
-If you are on macOS someone out there was kind enough to make [The Pdfalyzer available via homebrew](https://formulae.brew.sh/formula/pdfalyzer) so `brew install pdfalyzer` should work.
+#### macOS Homebrew
+If you are on macOS and use `homebrew` someone out there was kind enough to make [The Pdfalyzer available via homebrew](https://formulae.brew.sh/formula/pdfalyzer) so this should work:
+
+```sh
+brew install pdfalyzer
+```
 
 ### Troubleshooting
 1. If you used `pip3` instead of `pipx` and have an issue you should try to install with `pipx`.

{pdfalyzer-1.16.11.dist-info → pdfalyzer-1.16.13.dist-info}/RECORD

@@ -1,7 +1,7 @@
 .pdfalyzer.example,sha256=sh_qkUBw4hfJia_Dx2wB-fsqJInhx2sSgA7WJz3MHYo,3917
-CHANGELOG.md,sha256=ueR9OA8xj4EBFYitrcAJ6yGs1MXw7rnsCcpOdxrog0Q,12588
+CHANGELOG.md,sha256=U5N1_L62GbjwYRp3j1_gWDh_N6ycse0pmsk4FnXetBU,12738
 LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-pdfalyzer/__init__.py,sha256=Z7KzZamL44xFAE9_t6jX1-KhWAIn5f-voTo5BK8tlg8,5394
+pdfalyzer/__init__.py,sha256=ODRuicmuPQ2dUP05n1Wkstl43rAI_0jn5_R48-OQXAM,5617
 pdfalyzer/__main__.py,sha256=Ko_AoAyYMLIe_cmhiUSl6twheLZrGyT8aOSJ2CP7EZY,43
 pdfalyzer/binary/binary_scanner.py,sha256=h_qcflLWn4pu5NH9F84BuVSYemWQjA3kNxsmXVdz3fk,10211
 pdfalyzer/config.py,sha256=4YMDZu3-t5RSGckjN9bT5LzXyhwHXcxi4QjzVQ4-N6U,2097
@@ -18,7 +18,7 @@ pdfalyzer/font_info.py,sha256=2R85iETY_1eKCeRrkqeIxfPDqXZyWfCNcHx_-aTyF0s,6682
 pdfalyzer/helpers/dict_helper.py,sha256=2TP0_EJBouaWD6jfnAekrEZ4M5eHKL8Tm61FgXZtBAg,303
 pdfalyzer/helpers/filesystem_helper.py,sha256=yAeZ8VllSdO9eudGllwd_7odUHsfoM9SseQHDGvU59k,4117
 pdfalyzer/helpers/number_helper.py,sha256=8IlRmaOVLJsUV18VLvWRZU8SzRxL0XZjrY3sjmk2Ro4,292
-pdfalyzer/helpers/pdf_object_helper.py,sha256=Ab4gKhhuEO-nKYdMYlFVo2g0ygebJsN_ZZ1tCFkVdhM,1160
+pdfalyzer/helpers/pdf_object_helper.py,sha256=65BlUgnDM9brxJFw_WF8QLomWHaNh-pj88NWoxcMkoQ,1160
 pdfalyzer/helpers/rich_text_helper.py,sha256=wTucWbrf8OuS2wVuudIH4v078NTUPQbCqU9ZJ4bDzdE,2122
 pdfalyzer/helpers/string_helper.py,sha256=75EDEFw3UWHvWF32WtvZVBbqYY3ozO4y30dtH2qVMX0,2278
 pdfalyzer/output/character_mapping.py,sha256=RWqIu1kGnB4bQS1E4ZcjMWtUqR9ehvTth7U9Nq99_zk,2189
@@ -26,7 +26,7 @@ pdfalyzer/output/layout.py,sha256=lAJQiu76E-_5MRghpRK7zuXqkhWI7ZjsptfadXXZQF8,21
 pdfalyzer/output/pdfalyzer_presenter.py,sha256=TUsMc2GTUDjFzIGk7Ep5ZASfXcKX_WNtZzZKbQTHcfY,8580
 pdfalyzer/output/styles/node_colors.py,sha256=rfsTAUF43K_buw21SZoP6L5c_cLy7S-xA4GUiWJsDkc,3986
 pdfalyzer/output/styles/rich_theme.py,sha256=Y8QmuINlyZNIHvf3oD0CV3w2dC49NNKtvOChvudDCT8,1983
-pdfalyzer/output/tables/decoding_stats_table.py,sha256=LJAqbaL4nUlbQD0tB65SRaTUAhF86n0QqBMYWK2-sxU,3623
+pdfalyzer/output/tables/decoding_stats_table.py,sha256=HuSpTD1mwmNqNWuMlMQdOsLIislplAexNWADVgb_ckQ,3605
 pdfalyzer/output/tables/font_summary_table.py,sha256=xfTqC7BlQd0agQf6nDDhkcJno7hru6mf9_xY1f5IDcw,2065
 pdfalyzer/output/tables/pdf_node_rich_table.py,sha256=7G-FLb_EUP50kZmYCTbo8Q6taU4xKp2QIGNOnQtYbNg,5908
 pdfalyzer/output/tables/stream_objects_table.py,sha256=PgQj8oTtW5_X8SMQb3FvCWDS-d4Zl6QiE44Qhiv7lTY,706
@@ -43,8 +43,8 @@ pdfalyzer/yara_rules/__init.py__,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hS
 pdfalyzer/yara_rules/didier_stevens.yara,sha256=4XhqafU09xzYUP7LCygHHBXOpAXUblJf6Tkn37MUy0w,7253
 pdfalyzer/yara_rules/lprat.static_file_analysis.yara,sha256=i0CwRH8pBx_QshKFTQtr1CP5n378EZelsF2FxMY2y5A,21859
 pdfalyzer/yara_rules/pdf_malware.yara,sha256=jDqSTP5BQSi2I_1xZiFZdy68I4oVWDat2j08-qdfbto,91063
-pdfalyzer-1.16.11.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-pdfalyzer-1.16.11.dist-info/METADATA,sha256=Xa0oDRfBu_NyzjAiI4cG2tqrDxJZRx0mPErknDQcceA,26187
-pdfalyzer-1.16.11.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
-pdfalyzer-1.16.11.dist-info/entry_points.txt,sha256=aZurgt-Xg3pojS7oTRI4hNLpK1hO4kTfChf0x2eQoD8,147
-pdfalyzer-1.16.11.dist-info/RECORD,,
+pdfalyzer-1.16.13.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+pdfalyzer-1.16.13.dist-info/METADATA,sha256=MUgEcOKSKXr4l7BQfz_Cb_PAbgiNJKspBW0Ud_GsVWk,26638
+pdfalyzer-1.16.13.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
+pdfalyzer-1.16.13.dist-info/entry_points.txt,sha256=aZurgt-Xg3pojS7oTRI4hNLpK1hO4kTfChf0x2eQoD8,147
+pdfalyzer-1.16.13.dist-info/RECORD,,