PDF sanitization

 PDFs account for 22% of malicious email attachments according to April 2025 Checkpoint data. Adobe Acrobat carries 91 documented vulnerabilities. Three days ago Matrix PDF toolkit hit cybercrime forums offering weaponized document generation that bypasses Gmail filters completely.

Danger Zone converts hostile documents into safe PDFs through aggressive Docker isolation developed by Freedom of the Press Foundation. Edward Snowden and Laura Poitras sit on their board. The tool renders every page as raw RGB pixel data, destroying JavaScript exploits, embedded executables, tracking beacons, and macros before reconstructing clean compressed output. Optional OCR through PyMuPDF adds searchable text after sanitization completes. Include Security ran a 12-day independent audit in December 2023 finding zero critical, high, or medium risk vulnerabilities. Processing happens in isolated containers with networking disabled and filesystems unmounted. Malicious code cannot reach your kernel, access files, or communicate with command and control infrastructure. QubesOS inspired the original First Look Media build. GPL v3 licensed, runs locally, costs nothing. Corporate IT blocks it because metadata destruction breaks their document surveillance. Government agencies lose tracking capability when embedded identifiers vanish. The feature that protects privacy threatens institutional control. Installation walkthrough on Debian/Ubuntu included. Covers container deployment, CLI and GUI operation, OCR configuration, and actual conversion demonstration using gvisor userspace kernel isolation.

https://dangerzone.rocks/#downloads