irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
docker_file_analysis/cheatsheets/pdf-analysis.cheat
Tobias Kessels 6bfcfd7935 Add comprehensive offline help system with fuzzy search 
🎯 Enhanced Features:
- Integrated navi, cheat, tldr, and fzf for interactive help
- Custom cheat sheets for PDF analysis, malware analysis, and system utilities
- find-tool command for fuzzy searching through all REMnux tools
- Comprehensive help command with workflows and examples
- Complete offline documentation system

📚 Help System Components:
- help                    - Main help system
- help tools [term]       - Search for tools (fuzzy matching)
- help cheat <tool>       - Show command examples
- help examples           - Browse examples interactively (navi + fzf)
- help pdf/malware/forensics - Analysis workflows
- help --offline          - Verify offline capabilities

🛠️ Tools Added:
- navi: Interactive cheat sheet browser
- cheat: Command-line cheat sheets
- tldr: Quick command examples
- fzf: Fuzzy finder (already included)

All documentation works completely offline with local REMnux docs database
and custom cheat sheets for analysis workflows.
2025-09-30 13:01:03 +02:00

63 lines
1.4 KiB
Plaintext
Raw Permalink Blame History

# PDF Analysis Tools
# Quick reference for analyzing PDF files for malware
% pdf, malware, analysis
# Quick PDF overview - shows suspicious elements
pdfid.py <pdf_file>
# Detailed PDF structure analysis
pdf-parser.py <pdf_file>
# Interactive PDF analysis with JavaScript detection
peepdf -i <pdf_file>
# Force processing of potentially corrupted PDF
peepdf -f -i <pdf_file>
# Extract specific PDF object
pdf-parser.py -o <object_id> <pdf_file>
# Hash PDF elements for comparison
pdf-parser.py -H <pdf_file>
# Export embedded object from PDF
pdf-parser.py -d <output_file> -f -o <object_id> <pdf_file>
# Flatten PDF (remove JavaScript and active elements)
pdftk <pdf_file> cat output flattened_<pdf_file>
# Extract embedded files from PDF
pdftk <pdf_file> unpack_files
# Extract from password-protected PDF
pdftk <pdf_file> input_pw <password> unpack_files
# Convert PDF to TIFF (safe rendering)
convert <pdf_file> <output_file>.tiff
# Analyze PDF metadata with Origami
pdfmetadata <pdf_file>
# Extract PDF streams and objects
pdfextract <pdf_file>
# Validate PDF structure
pdfcop <pdf_file>
# Decrypt PDF file
pdfdecrypt <pdf_file> <output_file>
# Merge multiple PDFs
qpdf --empty --pages <pdf1> <pdf2> -- <output_file>
# Extract previous versions from PDF
pdfresurrect <pdf_file>
# Analyze incremental updates in PDF
pdftool.py <pdf_file>
$ pdf_file: ls *.pdf
$ object_id: echo "1 2 3 4 5 6 7 8 9 10"
$ output_file: echo "output"
$ password: echo "password123"
Reference in New Issue View Git Blame Copy Permalink