pdfalyzer 1.16.6__py3-none-any.whl → 1.16.8__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pdfalyzer might be problematic. Click here for more details.

Files changed (11) hide show
  1. CHANGELOG.md +10 -0
  2. pdfalyzer/detection/yaralyzer_helper.py +19 -15
  3. pdfalyzer/yara_rules/PDF.yara +1263 -489
  4. pdfalyzer/yara_rules/PDF_binary_stream.yara +6 -8
  5. pdfalyzer/yara_rules/didier_stevens.yara +248 -0
  6. pdfalyzer/yara_rules/pdf_malware.yara +3072 -0
  7. {pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/METADATA +7 -11
  8. {pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/RECORD +11 -9
  9. {pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/LICENSE +0 -0
  10. {pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/WHEEL +0 -0
  11. {pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/entry_points.txt +0 -0
{pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/METADATA RENAMED
@@ -1,28 +1,23 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: pdfalyzer
3
- Version: 1.16.6
3
+ Version: 1.16.8
4
4
  Summary: A PDF analysis toolkit. Scan a PDF with relevant YARA rules, visualize its inner tree-like data structure in living color (lots of colors), force decodes of suspicious font binaries, and more.
5
5
  Home-page: https://github.com/michelcrypt4d4mus/pdfalyzer
6
6
  License: GPL-3.0-or-later
7
- Keywords: ascii art,binary,color,font,encoding,maldoc,malicious pdf,malware,malware analysis,pdf,pdfs,pdf analysis,threat assessment,visualization,yara
7
+ Keywords: ascii art,binary,color,cybersecurity,DFIR,encoding,font,infosec,maldoc,malicious pdf,malware,malware analysis,pdf,pdfs,pdf analysis,threat assessment,visualization,yara
8
8
  Author: Michel de Cryptadamus
9
9
  Author-email: michel@cryptadamus.com
10
- Requires-Python: >=3.9,<4.0
10
+ Requires-Python: >=3.9.2,<4.0.0
11
11
  Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
12
12
  Classifier: Programming Language :: Python :: 3
13
- Classifier: Programming Language :: Python :: 3.9
14
13
  Classifier: Programming Language :: Python :: 3.10
15
14
  Classifier: Programming Language :: Python :: 3.11
16
15
  Classifier: Topic :: Artistic Software
17
16
  Classifier: Topic :: Scientific/Engineering :: Visualization
18
17
  Classifier: Topic :: Security
19
- Requires-Dist: anytree (>=2.8,<3.0)
20
- Requires-Dist: chardet (>=5.0.0,<6.0.0)
21
- Requires-Dist: pypdf (>=5.0.1,<6.0.0)
22
- Requires-Dist: python-dotenv (>=0.21.0,<0.22.0)
23
- Requires-Dist: rich (>=12.5.1,<13.0.0)
24
- Requires-Dist: rich-argparse-plus (>=0.3.1,<0.4.0)
25
- Requires-Dist: yaralyzer (>=0.9.4,<0.10.0)
18
+ Requires-Dist: anytree (>=2.13,<3.0)
19
+ Requires-Dist: pypdf (>=5.9.0,<6.0.0)
20
+ Requires-Dist: yaralyzer (>=1.0.4,<2.0.0)
26
21
  Project-URL: Changelog, https://github.com/michelcrypt4d4mus/pdfalyzer/blob/master/CHANGELOG.md
27
22
  Project-URL: Documentation, https://github.com/michelcrypt4d4mus/pdfalyzer
28
23
  Project-URL: Repository, https://github.com/michelcrypt4d4mus/pdfalyzer
@@ -263,6 +258,7 @@ scripts/install_t1utils.sh
263
258
  * [Adobe Type 2 Charstring Format](https://adobe-type-tools.github.io/font-tech-notes/pdfs/5177.Type2.pdf) - Describes the newer Type 2 font operators which are also used in some multiple-master Type 1 fonts.
264
259
 
265
260
  ### Other Stuff
261
+ * [Didier Stevens's PDF tools](http://blog.didierstevens.com/programs/pdf-tools/)
266
262
  * [Didier Stevens's free book about malicious PDFs](https://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/) - The master of the malicious PDFs wrote a whole book about how to analyze them. It's an old book but the PDF spec was last changed in 2008 so it's still relevant.
267
263
  * [Analyzing Malicious PDFs Cheat Sheet](https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf) - Like it says on the tin. If that link fails there's a copy [here in the repo](doc/analyzing-malicious-document-files.pdf).
268
264
  * [T1Utils Github Repo](https://github.com/kohler/t1utils) - Suite of tools for manipulating Type1 fonts.
{pdfalyzer-1.16.6.dist-info → pdfalyzer-1.16.8.dist-info}/RECORD RENAMED
@@ -1,4 +1,4 @@
1
- CHANGELOG.md,sha256=3O4zIRTkJW6p49c7qcN7K5SzDzqPRbVb2Kw6DQHYXGU,12008
1
+ CHANGELOG.md,sha256=Lyjec6NRl1_8A2YrhR0XgBhqMjtPCYl9ojkgnIR-Ylc,12223
2
2
  LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
3
3
  pdfalyzer/__init__.py,sha256=q8qSdGdyUYmTYGOp_d2bRCCFASnlVt4wa-DlBikD5-M,5362
4
4
  pdfalyzer/__main__.py,sha256=Ko_AoAyYMLIe_cmhiUSl6twheLZrGyT8aOSJ2CP7EZY,43
@@ -12,7 +12,7 @@ pdfalyzer/decorators/pdf_tree_verifier.py,sha256=YC56SQxp5o2zMYgsBPCzX89pCkUHdZ-
12
12
  pdfalyzer/detection/constants/binary_regexes.py,sha256=eFx1VVAOzxKmlacbGgicDCp1fcKgOkQkkzeduGjqLBQ,1594
13
13
  pdfalyzer/detection/constants/javascript_reserved_keywords.py,sha256=CXXdWskdQa0Hs5wCci2RBVvipgZg34_cLfmkWG4Xcmg,991
14
14
  pdfalyzer/detection/javascript_hunter.py,sha256=_wT2vkKTMlm_RGCjYsmwcmV-ag1qep3EpkHmUw0nWcQ,711
15
- pdfalyzer/detection/yaralyzer_helper.py,sha256=_l9eJQUtMlo9RhY5h8Xq9gBLxzn1VgJsCA1nCsFDGvo,1999
15
+ pdfalyzer/detection/yaralyzer_helper.py,sha256=KLGhX9qDB7eeuBbdl6mPRP1GivKkMZa79DPMTzq7b1c,2342
16
16
  pdfalyzer/font_info.py,sha256=0NQ6g4q3pTdirwGjJhur8HkXQlC732cR7IhilO33g2A,6663
17
17
  pdfalyzer/helpers/dict_helper.py,sha256=2TP0_EJBouaWD6jfnAekrEZ4M5eHKL8Tm61FgXZtBAg,303
18
18
  pdfalyzer/helpers/filesystem_helper.py,sha256=1clV0mqKFJUJC4xU2q_ApklpHCqCclxJAVJwRp93OF0,4110
@@ -36,12 +36,14 @@ pdfalyzer/util/argument_parser.py,sha256=hC0CLZPIXerP9Z0WZYE4Vj8wEPLwo3KpA-iRio6
36
36
  pdfalyzer/util/debugging.py,sha256=nE64VUQbdu2OQRC8w8-AJkMtBOy8Kf3mjozuFslfWsw,156
37
37
  pdfalyzer/util/exceptions.py,sha256=XLFFTdx1n6i_VCmvuzvIOCa-djJvGEitfo9lhy3zq0k,98
38
38
  pdfalyzer/util/pdf_parser_manager.py,sha256=FVRYAYsCd0y5MAm--qvXnwCZnDtB3x85FdJtb-gpyw4,3109
39
- pdfalyzer/yara_rules/PDF.yara,sha256=H5rbhqKfCeiQZWNuhzVAsAsAo2KKt3ZqIwSKnZyzOSw,40189
40
- pdfalyzer/yara_rules/PDF_binary_stream.yara,sha256=oWRPLe5yQiRFMvi3BTHNTlB6T7NcAuxKn0C9OSvgJSM,804
39
+ pdfalyzer/yara_rules/PDF.yara,sha256=70JzPq5F6AS8F46Seu6u0j5GS1JHxkS42r7g7PVSpRg,81489
40
+ pdfalyzer/yara_rules/PDF_binary_stream.yara,sha256=Qt0Wd7RFXYiHaT9YxTCrhC68ccmFcEG1XMNC3p5IwcI,821
41
41
  pdfalyzer/yara_rules/__init.py__,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
42
+ pdfalyzer/yara_rules/didier_stevens.yara,sha256=4XhqafU09xzYUP7LCygHHBXOpAXUblJf6Tkn37MUy0w,7253
42
43
  pdfalyzer/yara_rules/lprat.static_file_analysis.yara,sha256=i0CwRH8pBx_QshKFTQtr1CP5n378EZelsF2FxMY2y5A,21859
43
- pdfalyzer-1.16.6.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
44
- pdfalyzer-1.16.6.dist-info/METADATA,sha256=yk4PH8L1Ys1lYjTYf0E24nirnrCa3Pb5ivg7-AVRMAM,26231
45
- pdfalyzer-1.16.6.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
46
- pdfalyzer-1.16.6.dist-info/entry_points.txt,sha256=aZurgt-Xg3pojS7oTRI4hNLpK1hO4kTfChf0x2eQoD8,147
47
- pdfalyzer-1.16.6.dist-info/RECORD,,
44
+ pdfalyzer/yara_rules/pdf_malware.yara,sha256=jDqSTP5BQSi2I_1xZiFZdy68I4oVWDat2j08-qdfbto,91063
45
+ pdfalyzer-1.16.8.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
46
+ pdfalyzer-1.16.8.dist-info/METADATA,sha256=kqWl1cQ33AdNBRzWySlAX2tDnFl-lvNIVaOApCgueQM,26116
47
+ pdfalyzer-1.16.8.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
48
+ pdfalyzer-1.16.8.dist-info/entry_points.txt,sha256=aZurgt-Xg3pojS7oTRI4hNLpK1hO4kTfChf0x2eQoD8,147
49
+ pdfalyzer-1.16.8.dist-info/RECORD,,