# pdfid.py
> Scan PDF files for suspicious keywords like /JavaScript, /OpenAction, /Launch without parsing

**Category:** [[categories/analyze-documents-pdf|Analyze Documents > PDF]] | **Tier:** Rich (FOR610) | **Author:** Didier Stevens
**Docs:** [https://docs.remnux.org/discover-the-tools/analyze+documents/pdf](https://docs.remnux.org/discover-the-tools/analyze+documents/pdf)

## Usage
```bash
pdfid.py document.pdf
pdfid.py -n document.pdf
```

## Recipes
- [[recipes/pdf-object-extraction|Extract Embedded Object from PDF]]
- [[recipes/pdf-javascript-extraction|Extract JavaScript from PDF]]

## Workflows
- [[workflows/document-analysis-workflow|Malicious Document Analysis]] — Step 2: Structure Analysis

## Related Tools
- [[tools/origamindee|origamindee]] — Parse, modify, generate PDF files.
- [[tools/pdf-parser|pdf-parser.py]] — Parse PDF structure, locate objects, extract content, and se
- [[tools/pdfresurrect|pdfresurrect]] — Extract and analyze previous versions from PDF files
- [[tools/pdftk|pdftk]] — Manipulate PDF files — merge, split, flatten, encrypt, and e
- [[tools/pdftool|pdftool.py]] — Analyze PDF incremental updates

## FOR610
**Labs:** 3.1
**Sections:** 1, 3

#pdf #static-analysis #triage #didier-stevens