pdfalyzer
Analyze PDFs. With colors. And Yara. (by michelcrypt4d4mus)
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF (by swisskyrepo)
| pdfalyzer | PayloadsAllTheThings | |
|---|---|---|
| 8 | 34 | |
| 221 | 56,965 | |
| - | - | |
| 8.3 | 8.5 | |
| about 1 month ago | 6 days ago | |
| Python | Python | |
| GNU General Public License v3.0 only | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pdfalyzer
Posts with mentions or reviews of pdfalyzer.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-10-10.
-
Are there any PDF specific YARA rules you know of that are not collected in The Pdfalyzer repo yet?
Direct link to the folder with 3 .yara files compiling a bunch of YARA rule sources. Looking for anything not represented here, or even ideas for such.
-
The Pdfalyzer is a tool for visualizing the inner tree structure of a PDF in large and colorful diagrams as well as scanning its internals for suspicious content
The Pdfalyzer is a command line tool (paralyze) as well as a library for working with, visualizing, and scanning the contents of a PDF. Motivation for the project was personal: I got hacked by a PDF that turned out to be hiding its maleficent instructions inside the font binary where it was missed by modern malware scanners (twitter thread) (more details)
-
The Yaralyzer is a new tool for visualizing / force decoding YARA and regular expression matches in binary and text
A few weeks ago I made a post here about a PDF that evaded all malware detection and caused a security breach, almost certainly through PDF instructions hidden inside of an Adobe Type1 Font binary stream embedded within a PDF. At the time I posted a link to a tool I wrote called The Pdfalyzer that diagrams a PDF's internal and scans for various suspect content.
- Any useful cybersecurity software under $5k?
-
Novel PDF malware: injecting JavaScript into the encrypted section of Adobe Type 1 font binaries is not detectable by malware scanners and doesn't interfere with decryption/decompilation of the font (along with a new tool for malicious PDF analysis)
I dramatically scaled up the binary data scouring and visualization in the pdfalyzer... can rip through every backtick/frontslash/single or double quoted/etc etc set of bytes in the binaries and try a bunch of aggressive approaches to force decode them.
-
Novel (?) PDF attack (and a new PDF visualization/threat assessment tool): injecting JavaScript into the encrypted section of Adobe Type 1 font binaries is not detectable by malware scanners (nor does it interfere with the decryption of the font)
The tool is the the pdfalyzer; I just open sourced it. Meant to fill in some gaps around pdf-parser.py and the rest of Didier Stevens's malicious PDF toolkit. Makes pretty charts, previews binary data, and (most importantly) digs through PDF font binaries for potentially executable stuff. Example output can be seen at the GitHub link.
PayloadsAllTheThings
Posts with mentions or reviews of PayloadsAllTheThings.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-25.
-
php shell not executed in wordpress
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
-
XXE-XML External Entities Attacks
An alternative display version is available at PayloadsAllTheThingsWeb.
-
Becoming a security researcher. Help with a realistic timeline?
- https://github.com/swisskyrepo/PayloadsAllTheThings - https://book.hacktricks.xyz/welcome/readme
-
Want to hack school laptop? Any tips or applications that I can download?
If it's windows - oofta-may. Start here: https://github.com/swisskyrepo/PayloadsAllTheThings
- Where do I start on this journey?
-
How important is webtesting in the exam?
It is a method for initial access so it is possible that it could appear in one of the exam machines Payload all the things has a lot of useful resources for sql injection https://swisskyrepo.github.io/PayloadsAllTheThings/
- GitHub (or any website) page with good scripts for social media tools
- cómo empezar en seguridad informática
-
It's official: BlackLotus malware can bypass secure boot
> If you run as a user who doesn't have admin access you should be protected,
That's not very reassuring. Privilege escalation on Windows is a well studied subject:
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/mas...
-
you think that hack the box is the best way to start a career in CiberSecurity speaking about hacking?
Payloadallthethings github
What are some alternatives?
When comparing pdfalyzer and PayloadsAllTheThings you can also consider the following projects:
peepdf - Powerful Python tool to analyze PDF documents
sql-injection-payload-list - 🎯 SQL Injection Payload List
pypdfium2 - Python bindings to PDFium
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
Malware-IOCs
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
DidierStevensSuite - Please no pull requests for this repository. Thanks!
OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
SysmonForLinux
IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
CyberPipe - An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
web-pentesting-checklist - checklist for testing the web applications
pdfalyzer vs peepdf
PayloadsAllTheThings vs sql-injection-payload-list
pdfalyzer vs pypdfium2
PayloadsAllTheThings vs nuclei-templates
pdfalyzer vs Malware-IOCs
PayloadsAllTheThings vs CVE-2021-44228-PoC-log4j-bypass-words
pdfalyzer vs DidierStevensSuite
PayloadsAllTheThings vs OWASP-Testing-Checklist
pdfalyzer vs SysmonForLinux
PayloadsAllTheThings vs IPRotate_Burp_Extension
pdfalyzer vs CyberPipe
PayloadsAllTheThings vs web-pentesting-checklist