← 返回命令列表

Linux command

pdfid 命令

文件

复制后可按需替换文件名、目录或参数。

常用示例

Analyze PDF structure

pdfid.py [file.pdf]

Scan multiple files

pdfid.py [file1.pdf] [file2.pdf]

Report entropy and EOF statistics (extra analysis)

pdfid.py --extra [file.pdf]

Recursively scan a directory for PDFs

pdfid.py --scan [path/to/directory]

Show only non-zero keyword counts

pdfid.py --nozero [file.pdf]

Create a disarmed copy (neutralize /JS, /JavaScript, /AA, /OpenAction, /Launch)

pdfid.py --disarm [file.pdf]

Report all names, not just the default keyword list

pdfid.py --all [file.pdf]

说明

pdfid scans PDF files for keywords that indicate potentially malicious content. It counts occurrences of JavaScript, embedded files, launch actions, and other suspicious elements.

参数

--all
Detect all names in the PDF, not only the predefined keyword list.
--extra
Calculate entropy and EOF statistics.
--disarm
Write a disarmed copy of the PDF with dangerous elements neutralized.
--force
Process the file even if it lacks a valid %PDF header.
--nozero
Suppress keywords with zero counts in the output.
--output _FILE_
Write results to the specified file.
--scan
Recursively scan a directory for PDF files.
--plugins _PLUGINS_
Load one or more plugin modules (comma-separated) for extended analysis.
--pluginoptions _OPTIONS_
Pass options to the loaded plugins.
--select _EXPR_
Filter results using a Python expression.
--csv
Format output as comma-separated values.
--literalfilenames
Treat filenames literally without wildcard expansion.
--verbose
Show detailed error messages and stack traces.

FAQ

What is the pdfid command used for?

pdfid scans PDF files for keywords that indicate potentially malicious content. It counts occurrences of JavaScript, embedded files, launch actions, and other suspicious elements.

How do I run a basic pdfid example?

Run `pdfid.py [file.pdf]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does --all do in pdfid?

Detect all names in the PDF, not only the predefined keyword list.