Commit 140e36081cb2f3dff39d7b9b03716476db3ac836
1 parent
d9d47215
ftguess: added XLSB format, fixes #758
Showing
2 changed files
with
13 additions
and
5 deletions
oletools/ftguess.py
| @@ -13,7 +13,7 @@ http://www.decalage.info/python/oletools | @@ -13,7 +13,7 @@ http://www.decalage.info/python/oletools | ||
| 13 | 13 | ||
| 14 | #=== LICENSE ================================================================= | 14 | #=== LICENSE ================================================================= |
| 15 | 15 | ||
| 16 | -# ftguess is copyright (c) 2018-2021, Philippe Lagadec (http://www.decalage.info) | 16 | +# ftguess is copyright (c) 2018-2022, Philippe Lagadec (http://www.decalage.info) |
| 17 | # All rights reserved. | 17 | # All rights reserved. |
| 18 | # | 18 | # |
| 19 | # Redistribution and use in source and binary forms, with or without modification, | 19 | # Redistribution and use in source and binary forms, with or without modification, |
| @@ -43,7 +43,7 @@ from __future__ import print_function | @@ -43,7 +43,7 @@ from __future__ import print_function | ||
| 43 | # 2018-07-04 v0.54 PL: - first version | 43 | # 2018-07-04 v0.54 PL: - first version |
| 44 | # 2021-05-09 v0.60 PL: - | 44 | # 2021-05-09 v0.60 PL: - |
| 45 | 45 | ||
| 46 | -__version__ = '0.60.1.dev4' | 46 | +__version__ = '0.60.1.dev8' |
| 47 | 47 | ||
| 48 | # ------------------------------------------------------------------------------ | 48 | # ------------------------------------------------------------------------------ |
| 49 | # TODO: | 49 | # TODO: |
| @@ -172,7 +172,7 @@ class FTYPE(object): | @@ -172,7 +172,7 @@ class FTYPE(object): | ||
| 172 | POWERPOINT2007_PPSX = 'Powerpoint2007_PPSX' | 172 | POWERPOINT2007_PPSX = 'Powerpoint2007_PPSX' |
| 173 | POWERPOINT2007_PPTM = 'Powerpoint2007_PPTM' | 173 | POWERPOINT2007_PPTM = 'Powerpoint2007_PPTM' |
| 174 | POWERPOINT2007_PPSM = 'Powerpoint2007_PPSM' | 174 | POWERPOINT2007_PPSM = 'Powerpoint2007_PPSM' |
| 175 | - # TODO: XLSB, DOCM, PPTM, PPSX, PPSM, ... | 175 | + # TODO: DOCM, PPTM, PPSX, PPSM, ... |
| 176 | XPS = 'XPS' | 176 | XPS = 'XPS' |
| 177 | RTF = 'RTF' | 177 | RTF = 'RTF' |
| 178 | HTML = 'HTML' | 178 | HTML = 'HTML' |
| @@ -582,6 +582,14 @@ class FType_Excel2007_XLSM (FType_Excel2007): | @@ -582,6 +582,14 @@ class FType_Excel2007_XLSM (FType_Excel2007): | ||
| 582 | content_types = ('application/vnd.ms-excel.sheet.macroEnabled.12',) | 582 | content_types = ('application/vnd.ms-excel.sheet.macroEnabled.12',) |
| 583 | PUID = 'fmt/445' | 583 | PUID = 'fmt/445' |
| 584 | 584 | ||
| 585 | +class FType_Excel2007_XLSB (FType_Excel2007): | ||
| 586 | + filetype = FTYPE.EXCEL2007_XLSB | ||
| 587 | + name = 'MS Excel 2007+ Binary Workbook' | ||
| 588 | + longname = 'MS Excel 2007+ Binary Workbook (.xlsb)' | ||
| 589 | + extensions = ['xlsb'] | ||
| 590 | + content_types = ('application/vnd.ms-excel.sheet.binary.macroEnabled.12',) | ||
| 591 | + PUID = 'fmt/595' | ||
| 592 | + | ||
| 585 | class FType_Excel2007_Template(FType_Excel2007): | 593 | class FType_Excel2007_Template(FType_Excel2007): |
| 586 | filetype = FTYPE.EXCEL2007_XLTX | 594 | filetype = FTYPE.EXCEL2007_XLTX |
| 587 | name = 'MS Excel 2007+ Template' | 595 | name = 'MS Excel 2007+ Template' |
| @@ -682,7 +690,7 @@ openxml_ftypes = { | @@ -682,7 +690,7 @@ openxml_ftypes = { | ||
| 682 | # EXCEL | 690 | # EXCEL |
| 683 | 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml': FType_Excel2007_XLSX, | 691 | 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml': FType_Excel2007_XLSX, |
| 684 | 'application/vnd.ms-excel.sheet.macroEnabled.main+xml': FType_Excel2007_XLSM, | 692 | 'application/vnd.ms-excel.sheet.macroEnabled.main+xml': FType_Excel2007_XLSM, |
| 685 | - 'application/vnd.ms-excel.sheet.binary.macroEnabled.main': None, | 693 | + 'application/vnd.ms-excel.sheet.binary.macroEnabled.main': FType_Excel2007_XLSB, |
| 686 | 'application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml': FType_Excel2007_Template, | 694 | 'application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml': FType_Excel2007_Template, |
| 687 | 'application/vnd.ms-excel.template.macroEnabled.main+xml': FType_Excel2007_Template_Macro, | 695 | 'application/vnd.ms-excel.template.macroEnabled.main+xml': FType_Excel2007_Template_Macro, |
| 688 | 'application/vnd.ms-excel.addin.macroEnabled.main+xml': FType_Excel2007_Addin_Macro, | 696 | 'application/vnd.ms-excel.addin.macroEnabled.main+xml': FType_Excel2007_Addin_Macro, |
setup.py
| @@ -55,7 +55,7 @@ import os, fnmatch | @@ -55,7 +55,7 @@ import os, fnmatch | ||
| 55 | #--- METADATA ----------------------------------------------------------------- | 55 | #--- METADATA ----------------------------------------------------------------- |
| 56 | 56 | ||
| 57 | name = "oletools" | 57 | name = "oletools" |
| 58 | -version = '0.60.1.dev7' | 58 | +version = '0.60.1.dev8' |
| 59 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" | 59 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" |
| 60 | long_desc = open('oletools/README.rst').read() | 60 | long_desc = open('oletools/README.rst').read() |
| 61 | author = "Philippe Lagadec" | 61 | author = "Philippe Lagadec" |