1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
metasploit-framework/tools/pdf2xdp.rb
Alexander Klink 8c06e0d46e Squashed commit of the following:
commit 5c82f0acade617d8314858170752c498eac4b4fb
Author: Alexander Klink <git@alech.de>
Date:   Thu Apr 19 20:57:21 2012 +0200

    pdf2xdp.rb script to convert PDF file to XDP format

    XDP is an equivalent format for PDF, but is pretty useful in evading AV
    software.

    See
    https://www.metasploit.com/redmine/issues/3679
    http://shiftordie.de/blog/2011/02/09/evading-avs-using-the-xml-data-package-xdp-format/

[Closes #345]
2012-04-19 18:27:18 -06:00

37 lines
854 B
Ruby
Executable File

#!/usr/bin/env ruby
# This script converts a PDF file to an equivalent XML Data Package file,
# which can be opened by Adobe Reader as well and typically escapes AV
# detection better than a "normal" PDF
#
# Alexander 'alech' Klink, 2011
# public domain / CC-0
require 'base64'
pdf = ARGV.shift
xdp = ARGV.shift
if ! xdp then
STDERR.puts " Usage: #{$0} input.pdf output.xdp"
exit 1
end
pdf_content = begin
File.read(pdf)
rescue
STDERR.puts "Could not read input PDF file: #{$!}"
exit 2
end
xdp_out = begin
open xdp, 'w'
rescue
STDERR.puts "Could not open output XDP file: #{$!}"
exit 3
end
xdp_out.print '<?xml version="1.0"?><?xfa ?><xdp:xdp xmlns:xdp="http://ns.adobe.com/xdp/"><pdf xmlns="http://ns.adobe.com/xdp/pdf/"><document><chunk>'
xdp_out.print Base64.encode64(pdf_content)
xdp_out.print '</chunk></document></pdf></xdp:xdp>'