[분석툴]Malicious Document Analysis Tools(Microsoft Office or PDF)

악의적인 문서 파일들을 분석하기 좋은 툴들이 있어서 소개한다.

아직 다 써보진 못했지만, 꽤 편리한 툴들이 많다.

원문 : http://www.mysectools.com/MySecTools/The_Tools/Entries/2010/5/23_Malicious_Document_Analysis_Tools.html

The Malicious Document Analysis section contains tools that will definitely turn the task to analyze and determine if one document (Microsoft Office or PDF) is malicious or not and even extract the malicious code from there.

iScanner - “iScanner is a free open source tool lets you detect and remove malicious codes and web pages malwares from your website easily and automatically.”

http://iscanner.isecur1ty.org/

SWFScan - “HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.”

www.hp.com/go/swfscan

SWFTools - “SWFTools is a collection of utilities for working with Adobe Flash files (SWF files). “

http://www.swftools.org/

OfficeCat - "OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file."

http://www.snort.org/vrt/vrt-resources/officecat

OfficeMalScanner - "OfficeMalScanner v0.5 is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams"

http://reconstructer.org/code/OfficeMalScanner.zip

Offviz - "...about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called “OffVis”."

http://go.microsoft.com/fwlink/?LinkId=158791

PDF ID - "PDFiD will scan a PDF document for a given list of strings and count the occurrences"

http://www.didierstevens.com/files/software/pdfid_v0_0_10.zip

PDF Parser - "This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. "

http://www.didierstevens.com/files/software/pdf-parser_V0_3_7.zip

PDF Structazer - "This tool enables to analyze PDF documents at the PDF code level and to manipulate every single PDF object in the document."

http://www.esiea-recherche.eu/data/PDF%20Structazer.exe

PDF Toolkit - “If PDF is electronic paper, then pdftk is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses.”

http://www.accesspdf.com/pdftk/

PDF Inflater - “PDF_streams_inflater is a tool for extracting and decompressing zlib compressed streams from PDF documents.”

Mac Version:

http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=7&lid=27

Linux Version:

http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=5&lid=26

Windows Version:

http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=6&lid=25

저작자표시 비영리 변경금지

'Tools' 카테고리의 다른 글

[시스템툴]Sysinternals Tools Update - Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 (0)	2010.06.09
[분석툴]PDF Scanner: detecting malicious PDFs - Malware Diaries (0)	2010.06.09
[시스템툴]Sysinternals Tools Update - Coreinfo v2.1, Process Monitor v2.91, Disk Usage v1.34 (4)	2010.05.20
[시스템툴]Sysinternals New Tool - RAMMap v1.0 (0)	2010.05.20
[시스템툴]Sysinternals Tools Update - LogonSessions v1.21 and an article on the usage of VMMAP (0)	2010.05.07