![]() $global_yara_sig=/path/to/yarainclude.rar Yara include file with signatures to scan for. $global_yara_cmd=/path/to/yara Yara executable. The following options can be set in pdfex.php: $pdfdir = ‘’ Location where extracted objects can be saved. The naming convention used is / obj-gen-dup. $global_store_files = 1 Save objects of the PDF file in the $pdfdir directory of the named for the MD5 of the current file. The following PHP variables in pdfex-cli.php correspond to the following advanced capabilities: Returns a weighted severity of detected entities >10 is considered malware, however, one point is assigned per JavaScript containing object, potentially causing a false positive effect on complex JavaScript containing documents.īrackets should be omitted in the actual command line option.Ĭhain multiple queries together to create your own custom output. Returns a texual reporting of suspect PDF by object and generation 3 - Save the Recovered PDF file Check the preview of recovered PDF files and choose the location to save the PDF files. 3 - Select Recovery Mode Select the recovery mode from the given option as Advanced mode or Standard mode. Returns binary result of scan 0 for clean 1 for malware Now choose the option to select single or multiple PDF files and click on the Next button. Returns the number of positive signature hits y option to specify a Yara signature include file. p option to specify decrypting using a user password. Php pdfex.php file_to_process.pdf Command line options Use the pdfex.php to specify a PDF file or directory of PDF files to process: It is not necessary to make the files executable. Pdfex.php: command line script InstallationĬopy the PHP files to an accessible directory. Pdfex-cli.php: command line related functions NASM - to disassemble Windows shellcode - Package Contents PHP7 requires only php70-mcryptįor safe handling of MS Windows based exploits, Linux or Mac OSX is recommended. PHP 5 requires modules php5-hash, php5-ctype, php5-mcrypt and php5-zlib. The PDFExaminer command line scanner is a compact PHP library to process PDF documents for decompression, decryption, and deobfuscation, to scan for known exploits and identify suspicious elements of new threats. This document describes installation and usage of the PDF Examiner – command line version. PDFExaminer Tool - Analyse PDF Malware PDFExaminer Command Line Scanner
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |