Skip navigation.
Home

New Jsunpack Release

A new version of jsunpack has been released with some very cool features. Jsunpack now includes pdf decoding and even includes signatures for known PDF attacks. It is able to deobfuscate javascript within a PDF file, or on the network and match the function call to a known malicious signature. You can check out the blog here.

This example is given on his blog site.

$ ./jsunpack-n.py sample-pdf.pcap
decoded 25275 bytes in pdf
[0] decoded 25275 trughtsa.com/img/pfqa.php
[1] decoded 7627 trughtsa.com/img/pfqa.php
Match signature [CVE-2007-5659] Collab.collectEmailInfo
Match signature [CVE-2007-5659] Collab.getIcon
Match signature [CVE-2008-2992] util.printf
Match signature [CVE-2009-1493] spell.customDictionaryOpen
Match signature [CVE-2009-1492] getAnnots