Recover a forgotten PDF password by running a dictionary or PIN sweep entirely in the browser. No file is uploaded — all processing happens locally.
PDF File
Click or drag a password-protected PDF here
AES-128 · AES-256 · RC4
Attack Mode
Or paste passwords (one per line):
Attack modes
Wordlist — tests each candidate in order. Use the built-in list (~400 common passwords), upload a custom .txt file (one password per line), or paste candidates directly. Lists are deduplicated before running.
PIN Sweep — exhaustively tries every numeric PIN from 0 up to the selected maximum length, zero-padded. 4 digits = ~11K attempts, 5 digits = ~111K, 6 digits = ~1.1M. Speed depends on PDF size and encryption type — expect 10–50 attempts/sec.
How password checking works
Each attempt calls pdf.js to open the PDF with the candidate password. A wrong password throws a PasswordException immediately — the full document is never parsed. The file is processed entirely in your browser tab; no data is transmitted.
Multi-threading
The work is split across Web Workers — one per logical CPU reported by navigator.hardwareConcurrency (up to 8). Each worker runs its own pdf.js instance with an independent sub-worker for cryptographic operations. Workers operate truly in parallel, so speed scales roughly linearly with core count.
Limitations
Even with multiple threads, throughput is bounded by the pdf.js crypto layer (~10–50 attempts/sec per thread). Practical ceiling: wordlists up to ~50K candidates or PIN sweeps up to 5–6 digits. For longer or alphanumeric brute-force, a native tool such as hashcat or john is several orders of magnitude faster.