About DocScan

DocScan is a free, browser-based document security scanner that helps you check files for hidden threats before opening them. It's part of the NullKit suite of developer tools.

Why Document Scanning Matters

Malicious documents are one of the most common attack vectors. PDFs can contain hidden JavaScript that executes when opened. Office files can carry VBA macros, DDE fields, and ActiveX controls that run arbitrary code. DocScan lets you inspect files before they can do harm.

How It Works

• PDF files are parsed as text to detect dangerous patterns like /JS, /OpenAction, /Launch, and embedded files. FlateDecode streams are decompressed with pako to scan hidden content.
• Office files (DOCX, XLSX, PPTX) are ZIP archives. DocScan uses JSZip to inspect internal structure, checking for vbaProject.bin (macros), ActiveX controls, DDE fields, external relationships, and OLE objects.
• A risk scoring engine assigns points by severity: CRITICAL findings (40 pts), WARNING (15 pts). The total determines a verdict: CLEAN, SUSPICIOUS, or DANGEROUS.

100% Client-Side

All processing happens in your browser. Files are never uploaded to any server. Your documents stay on your device.

Supported Formats

• PDF (.pdf) — JavaScript, auto-open actions, launch actions, embedded files, XFA forms, JBIG2
• DOCX (.docx) — VBA macros, DDE, ActiveX, template injection, external relationships
• XLSX (.xlsx) — VBA macros, ActiveX, hidden sheets, external links
• PPTX (.pptx) — VBA macros, ActiveX, embedded objects

Contact

Questions or feedback? Email nullkit.dev@outlook.com