PDFiD/PeePDF/JSunpack-n --> shellcode analysis -pipeline
This pipeline polls a gitlab repo for changes, clones new PDF samples from the repo, analyses the documents and writes logs to another branch of the repo:
Poll for new files in git repository
job-show-files: List samples to be analysed
job-pdfid: Analyse the samples, classify to clean/malicious/more analysis needed, and save logs to repo. job-peepdf-virustotal-check: Analyse samples, query hashes from VirusTotal database
job-sctest: Use peepdf's sctest to analyse the shellcode binaries converted by jsunpack-n. Push results to repo.
Contains the scripts for the pipeline
The results will be written to
- Place the samples to
How to set up the pipeline
Setup concourse (tutorial)
Setup a git repository with branch:master, with the files included in the "results" folder.
Setup branch:pdf-source with folder "pdf" for the samples.
Edit the credentials.yml with the details of your git and your ssh key.
Login to concourse:
fly -t CONCOURSE_TARGET_NAME login -c http://127.0.0.1:8080 -u CONCOURSE_USERNAME -p CONCOURSE_PASSWORD
- Set up the pipeline:
fly -t CONCOURSE_TARGET_NAME sp -c pipeline.yml -p pdfjobs -l credentials.yml
- Unpause the pipeline:
fly -t CONCOURSE_TARGET_NAME unpause-pipeline -p pdfjobs
- Upload your samples to pdf-source/pdf
See demo video: pdfjobs-pipeline.mp4