Giter Site home page Giter Site logo

pdf-attacker's Introduction

How to use this project?

VisualStudio Code + Docker (Recommended)

The easiest way to use this project is by opening this repo with VSCode and Docker.

Go to Extension by pressing ctrl+shift+x and search for Remote - Containers ms-vscode-remote.remote-containers. Install this extension. In the bottom left, you can click to reopen in container

If you are asked for a Python interpreter, choose python 3.8.

Please Note: If you are on Linux and use the flatpak version of VSCode, you are probably not having docker. See visualstudio.com for other installation methods.

Ubuntu/Debian

In addition to Python 3 (3.8 recommended), you need pip for installing requirements.txt. The following additional packages are necessary:

apt-get install ghostscript libmagick++-6.q16-dev swig

Since imagemagic does not allow to convert a pdf to a png, you need to adjust the policy.xml as follows:

# Debian fix for imagemagick
# https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion
sed -i '/disable ghostscript format types/,+6d' /etc/ImageMagick-6/policy.xml

How to create attacks?

Each attack is located in a subfolder of the shadow-attack directory. You will find three subdirectories:

  1. hide
  2. replace
  3. hide-and-replace

Each folder has one or more variants of the respective attack class.

You can simply open the contained *.ipynb Jupyter notebook and follow the instructions contained therein. Sometimes, VSCode does not show any content on the file. Please close and reopen the file in this case.

What is in the other directories?

resources

This directory contains ressources that are required for the shadow attacks. These include a pdf signing tools, a demo RSA key, malicious fonts, etc. You must not modify these files.

shadow-demo-exploits

This directory contains sample exploits generated with the scripts in shadow-attacks.

shadow-detector

This script detects malicious pdf files.

pdf-attacker's People

Contributors

chearix avatar s-ro avatar mladevbb avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.