Digital Forensics Tool: Dangerzone
Reading Time: 2 Minutes
Dangerzone
Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.
Dangerzone by freedomofpress works like this: You give it a document that you don’t know if you can trust (for example, an email attachment). Inside a sandbox, Dangerzone converts the document to a PDF (if it isn’t already one), and then converts the PDF into raw pixel data: a huge list of RGB color values for each page. Then, in a separate sandbox, Dangerzone takes this pixel data and converts it back into a PDF. A great tool to investigate various files for the red and blue team when conducting analysis.
Read more about Dangerzone in the blog post Dangerzone: Working With Suspicious Documents Without Getting Hacked.
See Also: So you want to be a hacker?
Offensive Security Courses
Getting started
- Download Dangerzone 0.4.0 for Mac
- Download Dangerzone 0.4.0 for Windows
- See installing Dangerzone for Linux repositories
You can also install Dangerzone for Mac using Homebrew: brew install --cask dangerzone
Trending: Recon Tool: MFASweep
Trending: Offensive Security Tool: OrbitalDump
Some features
- Sandboxes don’t have network access, so if a malicious document can compromise one, it can’t phone home
- Dangerzone can optionally OCR the safe PDFs it creates, so it will have a text layer again
- Dangerzone compresses the safe PDF to reduce file size
- After converting, Dangerzone lets you open the safe PDF in the PDF viewer of your choice, which allows you to open PDFs and office docs in Dangerzone by default so you never accidentally open a dangerous document
Dangerzone can convert these types of document into safe PDFs:
- PDF (.pdf)
- Microsoft Word (.docx, .doc)
- Microsoft Excel (.xlsx, .xls)
- Microsoft PowerPoint (.pptx, .ppt)
- ODF Text (.odt)
- ODF Spreadsheet (.ods)
- ODF Presentation (.odp)
- ODF Graphics (.odg)
- Jpeg (.jpg, .jpeg)
- GIF (.gif)
- PNG (.png)
Dangerzone was inspired by Qubes trusted PDF, but it works in non-Qubes operating systems. It uses containers as sandboxes instead of virtual machines (using Docker for macOS, Windows, and Debian/Ubuntu, and podman for Fedora).
Set up a development environment by following these instructions.
Clone the repo from here: GitHub Link
Recent Tools
Offensive Security Tool: emp3r0r
emp3r0r is a post-exploitation framework designed for both Linux and …Blue Team Tool: Ghostport
Ghostport is a sophisticated port spoofing tool designed to confuse …Red Teaming Tool: avred
Avred is a tool designed for Red Teamers to identify …Recon Tool: emailFinder
emailFinder is a web scraping tool that extracts email addresses …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
