Commit 2939f491c23168d4238aa0d0601f779b92471809
1 parent
2575a66f
updated readme
Showing
1 changed file
with
28 additions
and
13 deletions
README.md
| @@ -2,7 +2,8 @@ python-oletools | @@ -2,7 +2,8 @@ python-oletools | ||
| 2 | =============== | 2 | =============== |
| 3 | 3 | ||
| 4 | [python-oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze | 4 | [python-oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze |
| 5 | -[Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), | 5 | +[Microsoft OLE2 files](http://en.wikipedia.org/wiki/Compound_File_Binary_Format) |
| 6 | +(also called Structured Storage, Compound File Binary Format or Compound Document File Format), | ||
| 6 | such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. | 7 | such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. |
| 7 | It is based on the [olefile](http://www.decalage.info/olefile) parser. | 8 | It is based on the [olefile](http://www.decalage.info/olefile) parser. |
| 8 | See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info. | 9 | See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info. |
| @@ -21,9 +22,13 @@ Note: python-oletools is not related to OLETools published by BeCubed Software. | @@ -21,9 +22,13 @@ Note: python-oletools is not related to OLETools published by BeCubed Software. | ||
| 21 | News | 22 | News |
| 22 | ---- | 23 | ---- |
| 23 | 24 | ||
| 24 | -- 2014-11-29 v0.07 alpha: upgraded OleFileIO_PL to olefile v0.41 | ||
| 25 | -- **2014-08-28 v0.06**: added [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba), a new tool to extract VBA Macro source code from MS Office documents (97-2003 and 2007+). Improved [documentation](https://bitbucket.org/decalage/oletools/wiki) | ||
| 26 | -- 2013-07-24 v0.05: added new tools [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta) and [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes) | 25 | +- **2015-01-03 v0.07**: improved [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) to detect suspicious |
| 26 | +keywords and IOCs in VBA macros, can now scan several files and open password-protected zip archives, added a Python API, | ||
| 27 | +upgraded OleFileIO_PL to olefile v0.41 | ||
| 28 | +- 2014-08-28 v0.06: added [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba), a new tool to extract VBA Macro | ||
| 29 | +source code from MS Office documents (97-2003 and 2007+). Improved [documentation](https://bitbucket.org/decalage/oletools/wiki) | ||
| 30 | +- 2013-07-24 v0.05: added new tools [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta) and | ||
| 31 | +[oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes) | ||
| 27 | - 2013-04-18 v0.04: fixed bug in rtfobj, added documentation for [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj) | 32 | - 2013-04-18 v0.04: fixed bug in rtfobj, added documentation for [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj) |
| 28 | - 2012-11-09 v0.03: Improved [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf) to extract Flash objects from RTF | 33 | - 2012-11-09 v0.03: Improved [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf) to extract Flash objects from RTF |
| 29 | - 2012-10-29 v0.02: Added [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid) | 34 | - 2012-10-29 v0.02: Added [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid) |
| @@ -39,7 +44,7 @@ Tools in python-oletools: | @@ -39,7 +44,7 @@ Tools in python-oletools: | ||
| 39 | - [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): a tool to analyze OLE files to detect specific characteristics usually found in malicious files. | 44 | - [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): a tool to analyze OLE files to detect specific characteristics usually found in malicious files. |
| 40 | - [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): a tool to extract all standard properties (metadata) from OLE files. | 45 | - [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): a tool to extract all standard properties (metadata) from OLE files. |
| 41 | - [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): a tool to extract creation and modification timestamps of all streams and storages. | 46 | - [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): a tool to extract creation and modification timestamps of all streams and storages. |
| 42 | -- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) (new): a tool to extract VBA Macro source code from MS Office documents (OLE and OpenXML). | 47 | +- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML). |
| 43 | - [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): a tool to detect, extract and analyze Flash objects (SWF) that may | 48 | - [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): a tool to detect, extract and analyze Flash objects (SWF) that may |
| 44 | be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, | 49 | be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, |
| 45 | which is especially useful for malware analysis. | 50 | which is especially useful for malware analysis. |
| @@ -49,33 +54,43 @@ Tools in python-oletools: | @@ -49,33 +54,43 @@ Tools in python-oletools: | ||
| 49 | Download and Install: | 54 | Download and Install: |
| 50 | --------------------- | 55 | --------------------- |
| 51 | 56 | ||
| 52 | -To use python-oletools from the command line as analysis tools, you may simply [download the zip archive](https://bitbucket.org/decalage/oletools/downloads) and extract the files in the directory of your choice. | 57 | +To use python-oletools from the command line as analysis tools, you may simply |
| 58 | +[download the zip archive](https://bitbucket.org/decalage/oletools/downloads) | ||
| 59 | +and extract the files in the directory of your choice. | ||
| 53 | 60 | ||
| 54 | -If you plan to use python-oletools with other Python applications or your own scripts, then the simplest solution is to use "**pip install oletools**" or "**easy_install oletools**" to download and install in one go. Otherwise you may download/extract the zip archive and run "**setup.py install**". | 61 | +If you plan to use python-oletools with other Python applications or your own scripts, then the simplest solution is to |
| 62 | +use "**pip install oletools**" or "**easy_install oletools**" to download and install in one go. Otherwise you may | ||
| 63 | +download/extract the zip archive and run "**setup.py install**". | ||
| 55 | 64 | ||
| 56 | Documentation: | 65 | Documentation: |
| 57 | -------------- | 66 | -------------- |
| 58 | 67 | ||
| 59 | -The latest version of the documentation can be found [online](https://bitbucket.org/decalage/oletools/wiki), otherwise a copy is provided in the doc subfolder of the package. | 68 | +The latest version of the documentation can be found [online](https://bitbucket.org/decalage/oletools/wiki), otherwise |
| 69 | +a copy is provided in the doc subfolder of the package. | ||
| 60 | 70 | ||
| 61 | 71 | ||
| 62 | How to Suggest Improvements, Report Issues or Contribute: | 72 | How to Suggest Improvements, Report Issues or Contribute: |
| 63 | --------------------------------------------------------- | 73 | --------------------------------------------------------- |
| 64 | 74 | ||
| 65 | -This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug report is welcome. | 75 | +This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug |
| 76 | +report is welcome. | ||
| 66 | 77 | ||
| 67 | -To suggest improvements, report a bug or any issue, please use the [issue reporting page](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open), providing all the information and files to reproduce the problem. | 78 | +To suggest improvements, report a bug or any issue, please use the |
| 79 | +[issue reporting page](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open), providing all the | ||
| 80 | +information and files to reproduce the problem. | ||
| 68 | 81 | ||
| 69 | You may also [contact the author](http://decalage.info/contact) directly to provide feedback. | 82 | You may also [contact the author](http://decalage.info/contact) directly to provide feedback. |
| 70 | 83 | ||
| 71 | -The code is available in [a Mercurial repository on Bitbucket](https://bitbucket.org/decalage/oletools). You may use it to submit enhancements using forks and pull requests. | 84 | +The code is available in [a Mercurial repository on Bitbucket](https://bitbucket.org/decalage/oletools). You may use it |
| 85 | +to submit enhancements using forks and pull requests. | ||
| 72 | 86 | ||
| 73 | License | 87 | License |
| 74 | ------- | 88 | ------- |
| 75 | 89 | ||
| 76 | -This license applies to the python-oletools package, apart from the thirdparty folder which contains third-party files published with their own license. | 90 | +This license applies to the python-oletools package, apart from the thirdparty folder which contains third-party files |
| 91 | +published with their own license. | ||
| 77 | 92 | ||
| 78 | -The python-oletools package is copyright (c) 2012-2014 Philippe Lagadec (http://www.decalage.info) | 93 | +The python-oletools package is copyright (c) 2012-2015 Philippe Lagadec (http://www.decalage.info) |
| 79 | 94 | ||
| 80 | All rights reserved. | 95 | All rights reserved. |
| 81 | 96 |