# PDF Analysis Tools
# Quick reference for analyzing PDF files for malware

% pdf, malware, analysis

# Quick PDF overview - shows suspicious elements
pdfid.py <pdf_file>

# Detailed PDF structure analysis
pdf-parser.py <pdf_file>

# Interactive PDF analysis with JavaScript detection
peepdf -i <pdf_file>

# Force processing of potentially corrupted PDF
peepdf -f -i <pdf_file>

# Extract specific PDF object
pdf-parser.py -o <object_id> <pdf_file>

# Hash PDF elements for comparison
pdf-parser.py -H <pdf_file>

# Export embedded object from PDF
pdf-parser.py -d <output_file> -f -o <object_id> <pdf_file>

# Flatten PDF (remove JavaScript and active elements)
pdftk <pdf_file> cat output flattened_<pdf_file>

# Extract embedded files from PDF
pdftk <pdf_file> unpack_files

# Extract from password-protected PDF
pdftk <pdf_file> input_pw <password> unpack_files

# Convert PDF to TIFF (safe rendering)
convert <pdf_file> <output_file>.tiff

# Analyze PDF metadata with Origami
pdfmetadata <pdf_file>

# Extract PDF streams and objects
pdfextract <pdf_file>

# Validate PDF structure
pdfcop <pdf_file>

# Decrypt PDF file
pdfdecrypt <pdf_file> <output_file>

# Merge multiple PDFs
qpdf --empty --pages <pdf1> <pdf2> -- <output_file>

# Extract previous versions from PDF
pdfresurrect <pdf_file>

# Analyze incremental updates in PDF
pdftool.py <pdf_file>

$ pdf_file: ls *.pdf
$ object_id: echo "1 2 3 4 5 6 7 8 9 10"
$ output_file: echo "output"
$ password: echo "password123"