From 439edb248caf0e13020026a53960e8d69021a2d2 Mon Sep 17 00:00:00 2001 From: Philippe Lagadec Date: Wed, 17 Oct 2012 07:02:31 +0200 Subject: [PATCH] Updated readme, license and comments --- README.md | 22 +++++++++++----------- oletools/LICENSE.txt | 8 ++++---- oletools/README.txt | 36 ++++++++++++++++++++---------------- oletools/olebrowse.py | 3 +++ oletools/pyxswf.py | 5 ++++- 5 files changed, 42 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index ea08118..48cc9d6 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,12 @@ -oletools -======== +python-oletools +=============== -[oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the [OleFileIO_PL](http://www.decalage.info/python/olefileio) parser. See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info. +[python-oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the [OleFileIO_PL](http://www.decalage.info/python/olefileio) parser. See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info. +Note: python-oletools is not related to OLETools published by BeCubed Software. -Tools in oletools: ------------------------------------ +Tools in python-oletools: +------------------------- - **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. @@ -36,7 +37,7 @@ view and extract individual data streams. If you provide a file it will be opened, else a dialog will allow you to browse folders to open a file. Then if it is a valid OLE file, the list of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis. -olebrowse project website: [http://www.decalage.info/python/olebrowse](http://www.decalage.info/python/olebrowse) +For screenshots and other info, see [http://www.decalage.info/python/olebrowse](http://www.decalage.info/python/olebrowse) pyxswf: -------- @@ -45,8 +46,7 @@ pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that be embedded in files such as MS Office documents (e.g. Word, Excel), which is especially useful for malware analysis. -pyxswf is an improved version of xxxswf.py published by Alexander Hanel on -[http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html](http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html) +pyxswf is an extension to [xxxswf.py](http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html) published by Alexander Hanel. Compared to xxxswf, it can extract streams from MS Office documents by parsing their OLE structure properly, which is necessary when streams are fragmented. @@ -88,7 +88,7 @@ Example - detecting and extracting a SWF file from a Word document on Windows: [ADDR] SWF 1 at 0x8 - FWS Header [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf -pyxswf project website: [http://www.decalage.info/python/pyxswf](http://www.decalage.info/python/pyxswf) +For more info, see [http://www.decalage.info/python/pyxswf](http://www.decalage.info/python/pyxswf) How to contribute: @@ -106,9 +106,9 @@ To report a bug or any issue, please use the [issue reporting page](https://bitb License ------- -This license applies to the oletools package, apart from the thirdparty folder which contains third-party files published with their own license. +This license applies to the python-oletools package, apart from the thirdparty folder which contains third-party files published with their own license. -The oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) +The python-oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/oletools/LICENSE.txt b/oletools/LICENSE.txt index 1f53719..1b62c4d 100644 --- a/oletools/LICENSE.txt +++ b/oletools/LICENSE.txt @@ -1,9 +1,9 @@ -LICENSE for the oletools package: +LICENSE for the python-oletools package: -This license applies to the oletools package, apart from the thirdparty folder -which contains third-party files published with their own license. +This license applies to the python-oletools package, apart from the thirdparty +folder which contains third-party files published with their own license. -The oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) +The python-oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/oletools/README.txt b/oletools/README.txt index 8a9441e..e0296d9 100644 --- a/oletools/README.txt +++ b/oletools/README.txt @@ -1,9 +1,10 @@ -oletools -======== +python-oletools +=============== -`oletools `_ is a package of -python tools to analyze `Microsoft OLE2 files (also called Structured -Storage, Compound File Binary Format or Compound Document File +`python-oletools `_ is a +package of python tools to analyze `Microsoft OLE2 files (also called +Structured Storage, Compound File Binary Format or Compound Document +File Format) `_, such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the @@ -11,8 +12,11 @@ malware analysis and debugging. It is based on the `http://www.decalage.info/python/oletools `_ for more info. -Tools in oletools: ------------------- +Note: python-oletools is not related to OLETools published by BeCubed +Software. + +Tools in python-oletools: +------------------------- - **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. @@ -49,7 +53,7 @@ of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis. -olebrowse project website: +For screenshots and other info, see `http://www.decalage.info/python/olebrowse `_ pyxswf: @@ -59,9 +63,9 @@ pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel), which is especially useful for malware analysis. -pyxswf is an improved version of xxxswf.py published by Alexander Hanel -on -`http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html `_ +pyxswf is an extension to +`xxxswf.py `_ +published by Alexander Hanel. Compared to xxxswf, it can extract streams from MS Office documents by parsing their OLE structure properly, which is necessary when streams @@ -110,7 +114,7 @@ Windows: [ADDR] SWF 1 at 0x8 - FWS Header [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf -pyxswf project website: +For more info, see `http://www.decalage.info/python/pyxswf `_ How to contribute: @@ -134,11 +138,11 @@ problem. License ------- -This license applies to the oletools package, apart from the thirdparty -folder which contains third-party files published with their own -license. +This license applies to the python-oletools package, apart from the +thirdparty folder which contains third-party files published with their +own license. -The oletools package is copyright (c) 2012, Philippe Lagadec +The python-oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/oletools/olebrowse.py b/oletools/olebrowse.py index 3bf6871..de61840 100644 --- a/oletools/olebrowse.py +++ b/oletools/olebrowse.py @@ -9,6 +9,9 @@ Usage: olebrowse.py [file] olebrowse project website: http://www.decalage.info/python/olebrowse +olebrowse is part of the python-oletools package: +http://www.decalage.info/python/oletools + olebrowse is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) All rights reserved. diff --git a/oletools/pyxswf.py b/oletools/pyxswf.py index 3aaca98..8076b52 100644 --- a/oletools/pyxswf.py +++ b/oletools/pyxswf.py @@ -5,7 +5,7 @@ pyxswf.py - Philippe Lagadec 2012-09-17 pyxswf is a script to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel), which is especially useful for malware analysis. -pyxswf is an improved version of xxxswf.py published by Alexander Hanel on +pyxswf is an extension to xxxswf.py published by Alexander Hanel on http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html Compared to xxxswf, it can extract streams from MS Office documents by parsing their OLE structure properly, which is necessary when streams are fragmented. @@ -14,6 +14,9 @@ http://www.breakingpointsystems.com/resources/blog/evasion-with-ole2-fragmentati pyxswf project website: http://www.decalage.info/python/pyxswf +pyxswf is part of the python-oletools package: +http://www.decalage.info/python/oletools + pyxswf is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) All rights reserved. -- libgit2 0.21.4