Commit 2575a66ff6a1f008bedaab847b66846a92c229e0
1 parent
1f318944
olevba: added comments about executable filenames regex
Showing
1 changed file
with
3 additions
and
0 deletions
oletools/olevba.py
| ... | ... | @@ -93,6 +93,7 @@ https://github.com/unixfreak0037/officeparser |
| 93 | 93 | # 2015-01-02 v0.11 PL: - improved filter_vba to detect colons |
| 94 | 94 | # 2015-01-03 v0.12 PL: - fixed detect_patterns to detect all patterns |
| 95 | 95 | # - process_file: improved display, shows container file |
| 96 | +# - improved list of executable file extensions | |
| 96 | 97 | |
| 97 | 98 | __version__ = '0.12' |
| 98 | 99 | |
| ... | ... | @@ -206,6 +207,8 @@ RE_PATTERNS = ( |
| 206 | 207 | ('E-mail address', re.compile(r'(?i)\b[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+(?:[A-Z]{2,12}|XN--[A-Z0-9]{4,18})\b')), |
| 207 | 208 | ('Domain name', re.compile(r'(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)')), |
| 208 | 209 | ("Executable file name", re.compile(r"(?i)\b\w+\.(EXE|COM|PIF|APPLICATION|GADGET|MSI|MSP|MSC|VB|VBS|JS|VBE|JSE|WS|WSF|WSC|WSH|BAT|CMD|DLL|SCR|HTA|CPL|CLASS|JAR|PS1|PS1XML|PS2|PS2XML|PSC1|PSC2|SCF|LNK|INF|REG)\b")), |
| 210 | + # Sources: http://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/ | |
| 211 | + #TODO: https://support.office.com/en-us/article/Blocked-attachments-in-Outlook-3811cddc-17c3-4279-a30c-060ba0207372#__attachment_file_types | |
| 209 | 212 | ) |
| 210 | 213 | |
| 211 | 214 | ... | ... |