Didier Stevens

Thursday 7 March 2013

Update: PDFiD Version 0.1.0

Filed under: My Software,PDF,Update — Didier Stevens @ 5:00

A month before my PDF training at HITB, it’s time to release new versions of my pdf tools.

I start with PDFiD. From version 0.1.0 on, you can also pass a URL or a ZIP file as argument to PDFiD:

pdfid.py http://example.com/doc.pdf
pdfid.py maldoc.zip

When you pass a URL as argument, PDFiD will download the PDF document and analyze it. The PDF document will not be written to disk. Supported protocols are http and https.

Passing a ZIP file as argument instructs PDFiD to open the ZIP file and analyze the first file it finds in the ZIP archive. If the ZIP file is password protected, PDFiD will try to access the compressed file with password infected. Same as with URLs, the PDF file in the ZIP container is not written to disk.

pdfid_v0_1_0.zip (https)
MD5: 6A5FF56C22EF2745C3D78C8FD8ACA01F
SHA256: D72FE8555DC89808EE7BFC9F791AD819A465106A95801C09C31B0FD2644B3977


  1. I see PDFid.py or PDF parser does not support XFA detections. Is there any plans for future update for XFA detections. Thanks,

    Comment by Shiva — Saturday 9 March 2013 @ 2:34

  2. @Shiva Can you be more specific, what kind of features are you looking for?

    Comment by Didier Stevens — Saturday 9 March 2013 @ 7:32

  3. “The urllib2 module has been split across several modules in Python 3 named urllib.request and urllib.error.” Since there is no “six” support for these renames you have to use the try/except technique for the Python 3 compatibility (ex. try: from urllib2 import urlopen; except ImportError: from urllib.request import urlopen).

    Comment by Filip — Monday 11 March 2013 @ 16:29

  4. @Filip I had this lingering feeling I forgot something. You found it. I forgot to test this with Python 3.

    Here’s a quick fix, but I’ve not fully tested it:

    Comment by Didier Stevens — Monday 11 March 2013 @ 22:49

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.