Python App #08

PDF Analyzer

PDF Analyzer performs comprehensive domain research by combining WHOIS lookups with RDAP fallback for maximum coverage. Discover registrar details, nameservers, creation and expiration dates, registrant information (when available), and domain status codes. Optionally integrate with VirusTotal (API key) for reputation scoring and malware detection. The tool also generates direct links to additional domain intelligence services.

whoisrdapvirustotalregistrar

Last updated:

Features

  • WHOIS lookup with parsed results
  • RDAP fallback for additional data
  • Registrar identification
  • Nameserver discovery
  • Domain creation/expiration dates
  • Registrant info (when public)
  • Domain status codes
  • Optional VirusTotal API integration
  • Reputation and malware scoring
  • HTML session export

Quick Start

# 1. Extract the zip and enter the folder
cd 08-Domain-Intel

# 2. Install dependencies
python install_requirements.py

# 3. Launch the tool
python pdf_analyzer.py

Download

Tool: PDF Analyzer
File: 08-Domain-Intel.zip
Python: 3.8+
OS: Windows, macOS, Linux
Dependencies: customtkinter, requests, python-whois

Downloads are free — clicking the link below opens a short ad that helps support Max Intel. Thank you! Wait 15 seconds after clicking to unlock.

Click here for an ad
15
seconds remaining…
✓ Unlocked — thank you!
← All Python OSINT Apps

Why Is PDF Forensic Analysis Important?

PDFs are a common attack vector — the Verizon 2024 DBIR identifies malicious attachments as a top initial access method. This tool performs metadata extraction, JavaScript threat detection, URL analysis, form inspection, and risk assessment aligned with SANS DFIR malicious document methodology.

Metadata Intelligence

PDF metadata (per the XMP standard by Adobe) reveals author names, software versions, creation timestamps, and revision history. According to a 2023 University of Twente study, over 60% of PDFs on government websites contained metadata exposing employee names and internal software not intended for disclosure.

Threat Detection

The tool scans for embedded JavaScript (primary PDF exploit mechanism per MITRE ATT&CK T1203), suspicious URLs, auto-action triggers, and credential harvesting forms. For deeper analysis, pivot to Threat Intelligence for sandbox analysis.

🔒 PDF Analyzer — Frequently Asked Questions

What forensic data can be found in PDFs?

PDFs contain rich metadata including author name, creation and modification dates, software used to create them, embedded fonts, JavaScript, form fields, and sometimes hidden layers or redacted content that can be recovered.

Does the PDF analysis tool require installation?

No. The tool runs entirely in your browser using client-side Python via Pyodide. No installation, API keys, or server-side processing required. Your queries are executed locally for maximum privacy.

What can I do with the PDF analysis tool?

You can extract metadata, embedded text, links, and hidden content from PDF files. The tool provides a clean interface with exportable results and cross-links to related Max Intel tools for deeper investigation.

Web Scraper

Extract web content.

Metadata Extractor

Extract file metadata.

Document Search

Search paste sites and code repos.

Dork Generator

Find PDF files with search queries.