Releasing PDF X-RAY
For the past few months I have been doing research on PDF analysis and how it could be better improved. While doing the research I found myself writing tools and scripts to help me get the job done and decided it was time to put something more useful together. PDF X-RAY is a static analysis tool that allows you to analyze PDF files through a web interface or API. The tool uses multiple open source tools and custom code to take a PDF and turn it into a sharable format. The goal with this tool is to centralize PDF analysis and begin sharing comments on files that are seen.
PDF X-RAY differs from all other tools because it doesn't focus on the single file. Instead it compares the file you upload against thousands of malicious PDF files in our repository. These checks look for similar data structures within the PDF you upload and ones that have been reviewed by analysts. Using this feature we can begin to see shared coded samples among malicious files or trends due to malicious author coding styles. The tool is still in beta, but I wanted to release it to the public to see what users thought. In my opinion the API is the most useful as you can begin to integrate rich PDF analysis into other tools and services with little or no cost.
Current features include:
- Summary report
- Interactive report (includes all the information I have)
- Related through characteristics
- Account access and features
- Full API (submit, report, full object, etc.)
- Searching (not all implemented, but all hashing aspects work)
- Sandbox dump of JS code
- Flagging of streams (malicious or not malicious) for logged in users (anonymous users can see how many people marked something as malicious)
- Reports (last 50 ran among others (some not yet released) )
- Social network hooks (causes some slowness, so I may replace this)
- Basic help documentation
- Image preview generation