PyPI - pdfalyzer - Versions diffs - 1.16.6__tar.gz → 1.16.8__tar.gz - Mend

pdfalyzer 1.16.6tar.gz → 1.16.8tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pdfalyzer might be problematic. Click here for more details.

Files changed (48) hide show

{pdfalyzer-1.16.6 → pdfalyzer-1.16.8}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,15 @@
 # NEXT RELEASE
+### 1.16.8
+* Even more PDF related YARA rules
+* Upgrade `anytree` to 2.13.0
+* Upgrade `yaralyzer` to 1.0.4
+### 1.16.7
+* Lots of new PDF related YARA rules
+* Upgrade `yaralyzer` to 1.0.3
+* Upgrade `pypdf` to 5.9.0
 ### 1.16.6
 * Add the creator hash to GIFTEDCROOK rule

{pdfalyzer-1.16.6 → pdfalyzer-1.16.8}/PKG-INFO RENAMED Viewed

@@ -1,28 +1,23 @@
 Metadata-Version: 2.1
 Name: pdfalyzer
-Version: 1.16.6
+Version: 1.16.8
 Summary: A PDF analysis toolkit. Scan a PDF with relevant YARA rules, visualize its inner tree-like data structure in living color (lots of colors), force decodes of suspicious font binaries, and more.
 Home-page: https://github.com/michelcrypt4d4mus/pdfalyzer
 License: GPL-3.0-or-later
-Keywords: ascii art,binary,color,font,encoding,maldoc,malicious pdf,malware,malware analysis,pdf,pdfs,pdf analysis,threat assessment,visualization,yara
+Keywords: ascii art,binary,color,cybersecurity,DFIR,encoding,font,infosec,maldoc,malicious pdf,malware,malware analysis,pdf,pdfs,pdf analysis,threat assessment,visualization,yara
 Author: Michel de Cryptadamus
 Author-email: michel@cryptadamus.com
-Requires-Python: >=3.9,<4.0
+Requires-Python: >=3.9.2,<4.0.0
 Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Topic :: Artistic Software
 Classifier: Topic :: Scientific/Engineering :: Visualization
 Classifier: Topic :: Security
-Requires-Dist: anytree (>=2.8,<3.0)
-Requires-Dist: chardet (>=5.0.0,<6.0.0)
-Requires-Dist: pypdf (>=5.0.1,<6.0.0)
-Requires-Dist: python-dotenv (>=0.21.0,<0.22.0)
-Requires-Dist: rich (>=12.5.1,<13.0.0)
-Requires-Dist: rich-argparse-plus (>=0.3.1,<0.4.0)
-Requires-Dist: yaralyzer (>=0.9.4,<0.10.0)
+Requires-Dist: anytree (>=2.13,<3.0)
+Requires-Dist: pypdf (>=5.9.0,<6.0.0)
+Requires-Dist: yaralyzer (>=1.0.4,<2.0.0)
 Project-URL: Changelog, https://github.com/michelcrypt4d4mus/pdfalyzer/blob/master/CHANGELOG.md
 Project-URL: Documentation, https://github.com/michelcrypt4d4mus/pdfalyzer
 Project-URL: Repository, https://github.com/michelcrypt4d4mus/pdfalyzer
@@ -263,6 +258,7 @@ scripts/install_t1utils.sh
 * [Adobe Type 2 Charstring Format](https://adobe-type-tools.github.io/font-tech-notes/pdfs/5177.Type2.pdf) - Describes the newer Type 2 font operators which are also used in some multiple-master Type 1 fonts.
 ### Other Stuff
+* [Didier Stevens's PDF tools](http://blog.didierstevens.com/programs/pdf-tools/)
 * [Didier Stevens's free book about malicious PDFs](https://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/) - The master of the malicious PDFs wrote a whole book about how to analyze them. It's an old book but the PDF spec was last changed in 2008 so it's still relevant.
 * [Analyzing Malicious PDFs Cheat Sheet](https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf) - Like it says on the tin. If that link fails there's a copy [here in the repo](doc/analyzing-malicious-document-files.pdf).
 * [T1Utils Github Repo](https://github.com/kohler/t1utils) - Suite of tools for manipulating Type1 fonts.

{pdfalyzer-1.16.6 → pdfalyzer-1.16.8}/README.md RENAMED Viewed

@@ -233,6 +233,7 @@ scripts/install_t1utils.sh
 * [Adobe Type 2 Charstring Format](https://adobe-type-tools.github.io/font-tech-notes/pdfs/5177.Type2.pdf) - Describes the newer Type 2 font operators which are also used in some multiple-master Type 1 fonts.
 ### Other Stuff
+* [Didier Stevens's PDF tools](http://blog.didierstevens.com/programs/pdf-tools/)
 * [Didier Stevens's free book about malicious PDFs](https://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/) - The master of the malicious PDFs wrote a whole book about how to analyze them. It's an old book but the PDF spec was last changed in 2008 so it's still relevant.
 * [Analyzing Malicious PDFs Cheat Sheet](https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf) - Like it says on the tin. If that link fails there's a copy [here in the repo](doc/analyzing-malicious-document-files.pdf).
 * [T1Utils Github Repo](https://github.com/kohler/t1utils) - Suite of tools for manipulating Type1 fonts.

{pdfalyzer-1.16.6 → pdfalyzer-1.16.8}/pdfalyzer/detection/yaralyzer_helper.py RENAMED Viewed

@@ -13,9 +13,11 @@ from pdfalyzer.config import PdfalyzerConfig
 YARA_RULES_DIR = files('pdfalyzer').joinpath('yara_rules')
 YARA_RULES_FILES = [
+    'didier_stevens.yara',
     'lprat.static_file_analysis.yara',
     'PDF.yara',
     'PDF_binary_stream.yara',
+    'pdf_malware.yara',
 ]
@@ -34,18 +36,20 @@ def _build_yaralyzer(scannable: Union[bytes, str], label: Optional[str] = None)
     with as_file(YARA_RULES_DIR.joinpath(YARA_RULES_FILES[0])) as yara0:
         with as_file(YARA_RULES_DIR.joinpath(YARA_RULES_FILES[1])) as yara1:
             with as_file(YARA_RULES_DIR.joinpath(YARA_RULES_FILES[2])) as yara2:
-                # If there is a custom yara_rules argument file use that instead of the files in the yara_rules/ dir
-                rules_paths = YaralyzerConfig.args.yara_rules_files or []
-                if not YaralyzerConfig.args.no_default_yara_rules:
-                    rules_paths += [str(y) for y in [yara0, yara1, yara2]]
-                try:
-                    return Yaralyzer.for_rules_files(rules_paths, scannable, label)
-                except ValueError as e:
-                    # TODO: use YARA_FILE_DOES_NOT_EXIST_ERROR_MSG variable
-                    if "it doesn't exist" in str(e):
-                        print(str(e))
-                        exit(1)
-                    else:
-                        raise e
+                with as_file(YARA_RULES_DIR.joinpath(YARA_RULES_FILES[3])) as yara3:
+                    with as_file(YARA_RULES_DIR.joinpath(YARA_RULES_FILES[4])) as yara4:
+                        # If there is a custom yara_rules argument file use that instead of the files in the yara_rules/ dir
+                        rules_paths = YaralyzerConfig.args.yara_rules_files or []
+                        if not YaralyzerConfig.args.no_default_yara_rules:
+                            rules_paths += [str(y) for y in [yara0, yara1, yara2, yara3, yara4]]
+                        try:
+                            return Yaralyzer.for_rules_files(rules_paths, scannable, label)
+                        except ValueError as e:
+                            # TODO: use YARA_FILE_DOES_NOT_EXIST_ERROR_MSG variable
+                            if "it doesn't exist" in str(e):
+                                print(str(e))
+                                exit(1)
+                            else:
+                                raise e

pdfalyzer 1.16.6__tar.gz → 1.16.8__tar.gz

Potentially problematic release.

pdfalyzer 1.16.6tar.gz → 1.16.8tar.gz