Peter M. Groen / oletools

Commit 439edb248caf0e13020026a53960e8d69021a2d2

Authored by Philippe Lagadec
1 parent f3c42b85

Updated readme, license and comments

Inline Side-by-side
Showing 5 changed files with 42 additions and 32 deletions
README.md
  View file @439edb2
1 -oletools  
2 -======== 1 +python-oletools
  2 +===============
3 3
4 -[oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the [OleFileIO_PL](http://www.decalage.info/python/olefileio) parser. See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info. 4 +[python-oletools](http://www.decalage.info/python/oletools) is a package of python tools to analyze [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the [OleFileIO_PL](http://www.decalage.info/python/olefileio) parser. See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/oletools) for more info.
5 5
  6 +Note: python-oletools is not related to OLETools published by BeCubed Software.
6 7
7 -Tools in oletools:  
8 ------------------------------------ 8 +Tools in python-oletools:
  9 +-------------------------
9 10
10 - **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to 11 - **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
11 view and extract individual data streams. 12 view and extract individual data streams.
@@ -36,7 +37,7 @@ view and extract individual data streams. @@ -36,7 +37,7 @@ view and extract individual data streams.
36 37
37 If you provide a file it will be opened, else a dialog will allow you to browse folders to open a file. Then if it is a valid OLE file, the list of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis. 38 If you provide a file it will be opened, else a dialog will allow you to browse folders to open a file. Then if it is a valid OLE file, the list of data streams will be displayed. You can select a stream, and then either view its content in a builtin hexadecimal viewer, or save it to a file for further analysis.
38 39
39 -olebrowse project website: [http://www.decalage.info/python/olebrowse](http://www.decalage.info/python/olebrowse) 40 +For screenshots and other info, see [http://www.decalage.info/python/olebrowse](http://www.decalage.info/python/olebrowse)
40 41
41 pyxswf: 42 pyxswf:
42 -------- 43 --------
@@ -45,8 +46,7 @@ pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that @@ -45,8 +46,7 @@ pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that
45 be embedded in files such as MS Office documents (e.g. Word, Excel), 46 be embedded in files such as MS Office documents (e.g. Word, Excel),
46 which is especially useful for malware analysis. 47 which is especially useful for malware analysis.
47 48
48 -pyxswf is an improved version of xxxswf.py published by Alexander Hanel on  
49 -[http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html](http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html) 49 +pyxswf is an extension to [xxxswf.py](http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html) published by Alexander Hanel.
50 50
51 Compared to xxxswf, it can extract streams from MS Office documents by parsing 51 Compared to xxxswf, it can extract streams from MS Office documents by parsing
52 their OLE structure properly, which is necessary when streams are fragmented. 52 their OLE structure properly, which is necessary when streams are fragmented.
@@ -88,7 +88,7 @@ Example - detecting and extracting a SWF file from a Word document on Windows: @@ -88,7 +88,7 @@ Example - detecting and extracting a SWF file from a Word document on Windows:
88 [ADDR] SWF 1 at 0x8 - FWS Header 88 [ADDR] SWF 1 at 0x8 - FWS Header
89 [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf 89 [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf
90 90
91 -pyxswf project website: [http://www.decalage.info/python/pyxswf](http://www.decalage.info/python/pyxswf) 91 +For more info, see [http://www.decalage.info/python/pyxswf](http://www.decalage.info/python/pyxswf)
92 92
93 93
94 How to contribute: 94 How to contribute:
@@ -106,9 +106,9 @@ To report a bug or any issue, please use the [issue reporting page](https://bitb @@ -106,9 +106,9 @@ To report a bug or any issue, please use the [issue reporting page](https://bitb
106 License 106 License
107 ------- 107 -------
108 108
109 -This license applies to the oletools package, apart from the thirdparty folder which contains third-party files published with their own license. 109 +This license applies to the python-oletools package, apart from the thirdparty folder which contains third-party files published with their own license.
110 110
111 -The oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) 111 +The python-oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info)
112 All rights reserved. 112 All rights reserved.
113 113
114 Redistribution and use in source and binary forms, with or without modification, 114 Redistribution and use in source and binary forms, with or without modification,
oletools/LICENSE.txt
  View file @439edb2
1 -LICENSE for the oletools package: 1 +LICENSE for the python-oletools package:
2 2
3 -This license applies to the oletools package, apart from the thirdparty folder  
4 -which contains third-party files published with their own license. 3 +This license applies to the python-oletools package, apart from the thirdparty
  4 +folder which contains third-party files published with their own license.
5 5
6 -The oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) 6 +The python-oletools package is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info)
7 All rights reserved. 7 All rights reserved.
8 8
9 Redistribution and use in source and binary forms, with or without modification, 9 Redistribution and use in source and binary forms, with or without modification,
oletools/README.txt
  View file @439edb2
1 -oletools  
2 -======== 1 +python-oletools
  2 +===============
3 3
4 -`oletools <http://www.decalage.info/python/oletools>`_ is a package of  
5 -python tools to analyze `Microsoft OLE2 files (also called Structured  
6 -Storage, Compound File Binary Format or Compound Document File 4 +`python-oletools <http://www.decalage.info/python/oletools>`_ is a
  5 +package of python tools to analyze `Microsoft OLE2 files (also called
  6 +Structured Storage, Compound File Binary Format or Compound Document
  7 +File
7 Format) <http://en.wikipedia.org/wiki/Compound_File_Binary_Format>`_, 8 Format) <http://en.wikipedia.org/wiki/Compound_File_Binary_Format>`_,
8 such as Microsoft Office documents or Outlook messages, mainly for 9 such as Microsoft Office documents or Outlook messages, mainly for
9 malware analysis and debugging. It is based on the 10 malware analysis and debugging. It is based on the
@@ -11,8 +12,11 @@ malware analysis and debugging. It is based on the @@ -11,8 +12,11 @@ malware analysis and debugging. It is based on the
11 `http://www.decalage.info/python/oletools <http://www.decalage.info/python/oletools>`_ 12 `http://www.decalage.info/python/oletools <http://www.decalage.info/python/oletools>`_
12 for more info. 13 for more info.
13 14
14 -Tools in oletools:  
15 ------------------- 15 +Note: python-oletools is not related to OLETools published by BeCubed
  16 +Software.
  17 +
  18 +Tools in python-oletools:
  19 +-------------------------
16 20
17 - **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel, 21 - **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel,
18 Powerpoint documents), to view and extract individual data streams. 22 Powerpoint documents), to view and extract individual data streams.
@@ -49,7 +53,7 @@ of data streams will be displayed. You can select a stream, and then @@ -49,7 +53,7 @@ of data streams will be displayed. You can select a stream, and then
49 either view its content in a builtin hexadecimal viewer, or save it to a 53 either view its content in a builtin hexadecimal viewer, or save it to a
50 file for further analysis. 54 file for further analysis.
51 55
52 -olebrowse project website: 56 +For screenshots and other info, see
53 `http://www.decalage.info/python/olebrowse <http://www.decalage.info/python/olebrowse>`_ 57 `http://www.decalage.info/python/olebrowse <http://www.decalage.info/python/olebrowse>`_
54 58
55 pyxswf: 59 pyxswf:
@@ -59,9 +63,9 @@ pyxswf is a script to detect, extract and analyze Flash objects (SWF @@ -59,9 +63,9 @@ pyxswf is a script to detect, extract and analyze Flash objects (SWF
59 files) that may be embedded in files such as MS Office documents (e.g. 63 files) that may be embedded in files such as MS Office documents (e.g.
60 Word, Excel), which is especially useful for malware analysis. 64 Word, Excel), which is especially useful for malware analysis.
61 65
62 -pyxswf is an improved version of xxxswf.py published by Alexander Hanel  
63 -on  
64 -`http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html <http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html>`_ 66 +pyxswf is an extension to
  67 +`xxxswf.py <http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html>`_
  68 +published by Alexander Hanel.
65 69
66 Compared to xxxswf, it can extract streams from MS Office documents by 70 Compared to xxxswf, it can extract streams from MS Office documents by
67 parsing their OLE structure properly, which is necessary when streams 71 parsing their OLE structure properly, which is necessary when streams
@@ -110,7 +114,7 @@ Windows: @@ -110,7 +114,7 @@ Windows:
110 [ADDR] SWF 1 at 0x8 - FWS Header 114 [ADDR] SWF 1 at 0x8 - FWS Header
111 [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf 115 [FILE] Carved SWF MD5: 2498e9c0701dc0e461ab4358f9102bc5.swf
112 116
113 -pyxswf project website: 117 +For more info, see
114 `http://www.decalage.info/python/pyxswf <http://www.decalage.info/python/pyxswf>`_ 118 `http://www.decalage.info/python/pyxswf <http://www.decalage.info/python/pyxswf>`_
115 119
116 How to contribute: 120 How to contribute:
@@ -134,11 +138,11 @@ problem. @@ -134,11 +138,11 @@ problem.
134 License 138 License
135 ------- 139 -------
136 140
137 -This license applies to the oletools package, apart from the thirdparty  
138 -folder which contains third-party files published with their own  
139 -license. 141 +This license applies to the python-oletools package, apart from the
  142 +thirdparty folder which contains third-party files published with their
  143 +own license.
140 144
141 -The oletools package is copyright (c) 2012, Philippe Lagadec 145 +The python-oletools package is copyright (c) 2012, Philippe Lagadec
142 (http://www.decalage.info) All rights reserved. 146 (http://www.decalage.info) All rights reserved.
143 147
144 Redistribution and use in source and binary forms, with or without 148 Redistribution and use in source and binary forms, with or without
oletools/olebrowse.py
  View file @439edb2
@@ -9,6 +9,9 @@ Usage: olebrowse.py [file] @@ -9,6 +9,9 @@ Usage: olebrowse.py [file]
9 9
10 olebrowse project website: http://www.decalage.info/python/olebrowse 10 olebrowse project website: http://www.decalage.info/python/olebrowse
11 11
  12 +olebrowse is part of the python-oletools package:
  13 +http://www.decalage.info/python/oletools
  14 +
12 olebrowse is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) 15 olebrowse is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info)
13 All rights reserved. 16 All rights reserved.
14 17
oletools/pyxswf.py
  View file @439edb2
@@ -5,7 +5,7 @@ pyxswf.py - Philippe Lagadec 2012-09-17 @@ -5,7 +5,7 @@ pyxswf.py - Philippe Lagadec 2012-09-17
5 pyxswf is a script to detect, extract and analyze Flash objects (SWF) that may 5 pyxswf is a script to detect, extract and analyze Flash objects (SWF) that may
6 be embedded in files such as MS Office documents (e.g. Word, Excel), 6 be embedded in files such as MS Office documents (e.g. Word, Excel),
7 which is especially useful for malware analysis. 7 which is especially useful for malware analysis.
8 -pyxswf is an improved version of xxxswf.py published by Alexander Hanel on 8 +pyxswf is an extension to xxxswf.py published by Alexander Hanel on
9 http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html 9 http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html
10 Compared to xxxswf, it can extract streams from MS Office documents by parsing 10 Compared to xxxswf, it can extract streams from MS Office documents by parsing
11 their OLE structure properly, which is necessary when streams are fragmented. 11 their OLE structure properly, which is necessary when streams are fragmented.
@@ -14,6 +14,9 @@ http://www.breakingpointsystems.com/resources/blog/evasion-with-ole2-fragmentati @@ -14,6 +14,9 @@ http://www.breakingpointsystems.com/resources/blog/evasion-with-ole2-fragmentati
14 14
15 pyxswf project website: http://www.decalage.info/python/pyxswf 15 pyxswf project website: http://www.decalage.info/python/pyxswf
16 16
  17 +pyxswf is part of the python-oletools package:
  18 +http://www.decalage.info/python/oletools
  19 +
17 pyxswf is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) 20 pyxswf is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info)
18 All rights reserved. 21 All rights reserved.
19 22