Instant PDF Password Protector - Password Protect PDF file

Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system.

With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES (40-bit, 128-bit, 256-bit) based upon the desired security level.

In addition to this, it also helps you set advanced restrictions to prevent Printing, Copying or Modification of target PDF file. To further secure it, you can also set 'Owner Password' (also called Permissions Password) to stop anyone from removing these restrictions.

'PDF Password Protector' includes Installer for quick installation/un-installation. It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Features

• Instantly Password Protect PDF document with a click of button
• Supports all versions of PDF documents
• Lock PDF file with Password (User/Document Open Password)
• Supports all the standard Encryption methods - RC4/AES (40-bit,128-bit, 256-bit)
• [Advanced] Protect PDF file by adding following Restrictions
• Copying
• Printing
• Signing
• Commenting
• Changing the Document
• Document Assembly
• Page Extraction
• Filling of Form Fields
• [Advanced] Set the Permission Password (Owner Password) to prevent removal of above restrictions
• Advanced Settings Dialog to quickly alter above permissions/restrictions
• Drag & Drop support for easier selection of PDF file
• Very easy to use with simple & attractive GUI screen
• Support for local Installation and uninstallation of the software

Download Instant PDF Password Protector

Read More

ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com.

Features

Interactive Console: Type "help" to get a list of commands. Type "help [command]" to get a description/usage on specific command.

• crackpw This executes Nacho Barrientos Arias's PDFCrack tool by performing an OS call. The command allows the user to input a custom dictionary, perform a benchmark or continue from a saved state file. If no custom dictionary is input, this command will attempt to brute force a password using a modifiable charset text file in directory "ParanoiDF/pdfcrack". (http://pdfcrack.sourceforge.net/)
• decrypt This uses an OS call to Jay Berkenbilt's "QPDF" which decrypts the PDF document and outputs the decrypted file. This requires the user-password. (http://qpdf.sourceforge.net/)
• encrypt Encrypts an input PDF document with any password you specify. Uses 128-bit RC4 encryption.
• embedf Create a blank PDF document with an embedded file. This is for research purposes to show how files can be embedded in PDFs. This command imports Didier Stevens Make-pdf-embedded.py script as a module. (http://blog.didierstevens.com/programs/pdf-tools/)
• embedjs Similiar to "embedf", but embeds custom JavaScript file inside a new blank PDF document. If no custom JavaScript file is input, a default app.alert messagebox is embedded (http://blog.didierstevens.com/programs/pdf-tools/)
• extractJS This attempts to extract any embedded JavaScript in a PDF document. It does this by importing Blake Hartstein's Jsunpackn's "pdf.py" JavaScript tool as a module, then executing it on the file. (https://code.google.com/p/jsunpack-n/)
• redact Generate a list of words that will fit inside a redaction box in a PDF document. The words (with a custom sentence) can then be parsed in a grammar parser and a custom amount can be displayed depending on their score. This command requires a tutorial to use. Please read "redactTutorial.pdf" in directory "ParanoiDF/docs".
• removeDRM Remove DRM (editing, copying etc.) restrictions from PDF document and output to a new file. This does not need the owner-password and there is a possibility the document will lose some formatting. This command works by calling Kovid Goyal's Calibre's "ebook-convert" tool. (http://calibre-ebook.com/)

Download ParanoiDF

Read More

Instant PDF Password Remover v3.5 - Free PDF Password & Restrictions Removal Tool

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc.

Often we receive password protected PDF documents in the form of mobile bills, bank statements or other financial reports. It is highly inconvenient to remember or type these complex and long passwords.

'Instant PDF Password Remover' helps you to quickly remove the Password from these PDF documents. Thus preventing the need to type these complex/long password every time you open such protected PDF documents.

Note that it cannot help you to remove the unknown password. It will only help you to remove the KNOWN password so that you don't have to enter the password everytime while opening the PDF file.

It makes it even easier with the 'Right Click Context Menu' integration. This allows you to simply right click on the PDF file and launch the tool. Also you can Drag & Drop PDF file directly onto the GUI window to start the password removal operation instantly.

It can unlock PDF document protected with all versions of Adobe Acrobat Reader using different (RC4, AES) encryption methods.

It comes with Installer for quick installation/un-installation. It works on wide range of Operating systems starting from Windows XP to Windows 8.

Download Instant PDF Password Remover v3.5

Read More

[Peepdf] PDF Analysis and Creation/Modification Tool

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones.

The main functionalities of peepdf are the following:

Analysis:

• Decodings: hexadecimal, octal, name objects
• More used filters
• References in objects and where an object is referenced
• Strings search (including streams)
• Physical structure (offsets)
• Logical tree structure
• Metadata
• Modifications between versions (changelog)
• Compressed objects (object streams)
• Analysis and modification of Javascript (PyV8): unescape, replace, join
• Shellcode analysis (Libemu python wrapper, pylibemu)
• Variables (set command)
• Extraction of old versions of the document
• Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>)
• Checking hashes on VirusTotal

Creation/Modification:

• Basic PDF creation
• Creation of PDF with Javascript executed wen the document is opened
• Creation of object streams to compress objects
• Embedded PDFs
• Strings and names obfuscation
• Malformed PDF output: without endobj, garbage in the header, bad header...
• Filters modification
• Objects modification

Execution modes:

• Simple command line execution
• Powerful interactive console (colorized or not)
• Batch mode

TODO:

• Embedded PDFs analysis
• Improving automatic Javascript analysis
• GUI 

Download Peepdf

Read More

[PDFMiner] Python PDF parser and analyzer

PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF converter that can transform PDF files into other text formats (such as HTML). It has an extensible PDF parser that can be used for other purposes than text analysis.

Features

• Written entirely in Python. (for version 2.4 or newer)
• Parse, analyze, and convert PDF documents.
• PDF-1.7 specification support. (well, almost)
• CJK languages and vertical writing scripts support.
• Various font types (Type1, TrueType, Type3, and CID) support.
• Basic encryption (RC4) support.
• PDF to HTML conversion (with a sample converter web app).
• Outline (TOC) extraction.
• Tagged contents extraction.
• Reconstruct the original layout by grouping text chunks.

PDFMiner is about 20 times slower than other C/C++-based counterparts such as XPdf.

Online Demo: (pdf -> html conversion webapp)

http://pdf2html.tabesugi.net:8080/

Download PDFMiner

Read More

[XSS Cheat Sheet] Bypassing Modern Web Application Firewall XSS Filters

While we doing web application penetration testing for our clients, we may some time have to face the Web application Firewall that blocks every malicious request/payload.

There are some Cheat sheets available on internet that helped to bypass WAF in the past. However, those cheats won't work with the modern WAFs and latest browsers.  

So, here is need for creating new Cheat sheet.

One of the top security researcher Rafay Baloch has done an excellent job by organizing his own techniques to bypass modern WAFs and published a white paper on that.

The paper titled "Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters" covers only the techniques needed for bypassing XSS filters.

Rafay promised to write other vulnerabilities' bypassing techniques in his next paper.

Download XSS Cheat Sheet

Read More

[Instant PDF Password Remover] Free PDF Password & Restrictions Removal Tool

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc.

Often we receive password protected PDF documents in the form of mobile bills, bank statements or other financial reports. It is highly inconvenient to remember or type these complex and long passwords.

'Instant PDF Password Remover' helps you to quickly remove the Password from these PDF documents. Thus preventing the need to type these complex/long password every time you open such protected PDF documents.

Note that it cannot help you to remove the unknown password. It will only help you to remove the KNOWN password so that you don't have to enter the password everytime while opening the PDF file.

It makes it even easier with the 'Right Click Context Menu' integration. This allows you to simply right click on the PDF file and launch the tool. Also you can Drag & Drop PDF file directly onto the GUI window to start the password removal operation instantly.

It can unlock PDF document protected with all versions of Adobe Acrobat Reader using different (RC4, AES) encryption methods. 

Download Instant PDF Password Remover v3.0 

Read More

Nmap CheatSheet

Download [PDF] Nmap CheatSheet By SANS

Read More

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation.

Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to install that exe and other side you will get the meterpreter session. Very easy to perform but very good for social-engineering.

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

BeEF : - http://beefproject.com/

PDF : - http://adf.ly/146Bj3

Read More