PDF files are everywhere. If you have downloaded a PDF file from an authentic source then you can open it on your computer right-away. But if the file is coming from dubious sources then you have to first examine the file for possible harmful exploit codes in it. With the help of an open-source command line tool PDFExaminer, we can check a PDF file for hidden malicious codes. This tool is designed in the PHP programming language.
Here is how you can use PDFExaminer to scan any PDF file for exploits, hidden code and malicious objects:
- First of all download download PHP for Windows build from https://windows.php.net/download. Extract the contents of the downloaded ZIP file to a folder, for example, D:\PHP. At this point you should have php.exe in this folder.
- Download PDFExaminer from https://github.com/tylabs/pdfexaminer and copy all the PHP files (such as pdfex.php, pdfex-cli.php, pdfex-sig.php, pdfex-lib.php) in the in the same folder (for example in D:\PHP).
- Copy the PDF file that you want to scan in the same folder, for example, sample.pdf.
- Now open a command prompt or terminal and give the following command:
d:\php d:\pdfex.php d:\php\sample.pdf
- You will be shown the results of the scan in just a few seconds.
In the results, it will show you how many exploits were found in the scanned PDF file, whether the scanned PDF file contains malware and show you the severity level. It will also display the summary of the scan which basically gives the reason why it thinks the PDF file is malicious.
One advantage of this tool is that it can also be used to scan multiple PDF files in one go. For this, we have to put all the PDF files in a folder and then use the path of that folder as the target for scan. For example,
D:\php D:\pdfex.php D:\pdf-files-in-this-folder
If the PDF files are password protected then you can specify the username for decrypting the PDF file. When scanning an entire folder, it will display all the information on your screen quickly. We can choose to save this information to a text file for later reference.