Interactive PDF Analysis (also called IPA) allows any researcher to explore the inner details of any PDF file. PDF files may be used to carry malicious payloads that exploit vulnerabilities, and issues of PDF viewer, or may be used in phishing campaigns as social engineering artefacts.
The goal of this software is to let any analyst go deep on its own the PDF file. Via IPA, you may extract important payload from PDF files, understand the relationship across objects, and infer elements that may be helpful for triage of malicious or untrusted payloads.
The main inspiration goes to the fantastic people behind Zynamics, and their excellent product, called PDF dissector.
When I started reverse engineering malware, the main tool available for analysing malicious payloads consisted of Didier Stevens‘s excellent tools.
Having become a de facto standard, one of the main problems with these tools was the fact that they could be used from the command line, having to remember a very large combination of flags, reporting the numbers of the various objects.
Although analysis and developers have to contend with all kinds of command-line tools on a daily basis, this does not mean that we cannot create a new graphical file inspection tool.
In fact, part of static analysis and reverse engineering fields also focuse on how to display the most salient information to the analyst from the point of view of user experience.
Didier Stevens’ tools, as well as peepdf, are already used and well broken in.
However, the analyst could use something graphical in order to be able to understand the relationship between the various objects, to understand which pages they refer to and which object types (images, fonts, colours, metadata), to export stream content in a simple way and to see the content of dictionaries in table form.
The main source of inspiration comes from the tool developed by Zynamics called PDF-dissector: the excellent feedback from some former users and the constant requests to release it open source spurred me to spend a few days creating this tool.
For more information click here.
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…
AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…
Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…