What is it?
origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
- Create PDF documents from scratch.
- Parse existing documents, modify them and recompile them.
- Explore documents at the object level, going deep into the document structure, uncompressing PDF object streams and desobfuscating names and strings.
- High-level operations, such as encryption/decryption, signature, file attachments...
- A GTK interface to quickly browse into the document contents.
# Create a simple PDF document. contents = ContentStream.new contents.write 'I AM EMPTY', :x => 350, :y => 750, :rendering => Text::Rendering::STROKE, :size => 15 PDF.new.append_page(Page.new.setContents(contents)).save('empty.pdf')
# Read a PDF document and add an action. pdf = PDF.read("foo.pdf") pdf.onDocumentOpen Action::URI.new('http://google.com') pdf.save('bar.pdf')
We provide some scripts helping to perform common actions on PDF files. Feel free to send us your own scripts at origami(at)security-labs.org.
- pdfcop: A PDF filtering engine, performing an automated analysis given a configured policy.
- pdfdecrypt:Decrypts a PDF file.
- pdfencrypt: Encrypts a PDF file.
- pdfdecompress: Removes any compression/encoding from a document.
- pdfcocoon: Embeds a document into another and makes it open at startup.
- pdfmetadata: Retrieves metadata out of a document.
- pdf2graph: Generates a DOT or GraphML file out of a document.
- pdf2ruby: Generates a Ruby script from a document, that Origami can recompile into the same original document.
More to come on next releases...
Current stable version in Rubygems:
gem install origami
Development version available on Google Code.
A mailing list is now hosted on Google Groups.