Commit 61c29e8095982b048e8e8409abf3e68949aac060
1 parent
3ec4b066
mraptor3: updated to match mraptor
Showing
1 changed file
with
18 additions
and
5 deletions
oletools/mraptor3.py
| ... | ... | @@ -11,6 +11,7 @@ Supported formats: |
| 11 | 11 | - PowerPoint 97-2003 (.ppt), PowerPoint 2007+ (.pptm, .ppsm) |
| 12 | 12 | - Word 2003 XML (.xml) |
| 13 | 13 | - Word/Excel Single File Web Page / MHTML (.mht) |
| 14 | +- Publisher (.pub) | |
| 14 | 15 | |
| 15 | 16 | Author: Philippe Lagadec - http://www.decalage.info |
| 16 | 17 | License: BSD, see source code or documentation |
| ... | ... | @@ -21,7 +22,7 @@ http://www.decalage.info/python/oletools |
| 21 | 22 | |
| 22 | 23 | # === LICENSE ================================================================== |
| 23 | 24 | |
| 24 | -# MacroRaptor is copyright (c) 2016 Philippe Lagadec (http://www.decalage.info) | |
| 25 | +# MacroRaptor is copyright (c) 2016-2017 Philippe Lagadec (http://www.decalage.info) | |
| 25 | 26 | # All rights reserved. |
| 26 | 27 | # |
| 27 | 28 | # Redistribution and use in source and binary forms, with or without modification, |
| ... | ... | @@ -53,8 +54,9 @@ http://www.decalage.info/python/oletools |
| 53 | 54 | # 2016-07-19 v0.50 SL: - converted to Python 3 |
| 54 | 55 | # 2016-08-26 PL: - changed imports for Python 3 |
| 55 | 56 | # 2017-04-26 v0.51 PL: - fixed absolute imports (issue #141) |
| 57 | +# 2017-06-29 PL: - synced with mraptor.py 0.51 | |
| 56 | 58 | |
| 57 | -__version__ = '0.51dev6' | |
| 59 | +__version__ = '0.51' | |
| 58 | 60 | |
| 59 | 61 | #------------------------------------------------------------------------------ |
| 60 | 62 | # TODO: |
| ... | ... | @@ -97,15 +99,24 @@ MSG_ISSUES = 'Please report this issue on %s' % URL_ISSUES |
| 97 | 99 | |
| 98 | 100 | # 'AutoExec', 'AutoOpen', 'Auto_Open', 'AutoClose', 'Auto_Close', 'AutoNew', 'AutoExit', |
| 99 | 101 | # 'Document_Open', 'DocumentOpen', |
| 100 | -# 'Document_Close', 'DocumentBeforeClose', | |
| 102 | +# 'Document_Close', 'DocumentBeforeClose', 'Document_BeforeClose', | |
| 101 | 103 | # 'DocumentChange','Document_New', |
| 102 | 104 | # 'NewDocument' |
| 103 | 105 | # 'Workbook_Open', 'Workbook_Close', |
| 106 | +# *_Painted such as InkPicture1_Painted | |
| 107 | +# *_GotFocus|LostFocus|MouseHover for other ActiveX objects | |
| 108 | +# reference: http://www.greyhathacker.net/?p=948 | |
| 104 | 109 | |
| 105 | 110 | # TODO: check if line also contains Sub or Function |
| 106 | 111 | re_autoexec = re.compile(r'(?i)\b(?:Auto(?:Exec|_?Open|_?Close|Exit|New)' + |
| 107 | - r'|Document(?:_?Open|_Close|BeforeClose|Change|_New)' + | |
| 108 | - r'|NewDocument|Workbook(?:_Open|_Activate|_Close))\b') | |
| 112 | + r'|Document(?:_?Open|_Close|_?BeforeClose|Change|_New)' + | |
| 113 | + r'|NewDocument|Workbook(?:_Open|_Activate|_Close)' + | |
| 114 | + r'|\w+_(?:Painted|Painting|GotFocus|LostFocus|MouseHover' + | |
| 115 | + r'|Layout|Click|Change|Resize|BeforeNavigate2|BeforeScriptExecute' + | |
| 116 | + r'|DocumentComplete|DownloadBegin|DownloadComplete|FileDownload' + | |
| 117 | + r'|NavigateComplete2|NavigateError|ProgressChange|PropertyChange' + | |
| 118 | + r'|SetSecureLockIcon|StatusTextChange|TitleChange|MouseMove' + | |
| 119 | + r'|MouseEnter|MouseLeave|))\b') | |
| 109 | 120 | |
| 110 | 121 | # MS-VBAL 5.4.5.1 Open Statement: |
| 111 | 122 | RE_OPEN_WRITE = r'(?:\bOpen\b[^\n]+\b(?:Write|Append|Binary|Output|Random)\b)' |
| ... | ... | @@ -249,6 +260,8 @@ def main(): |
| 249 | 260 | |
| 250 | 261 | # Print help if no arguments are passed |
| 251 | 262 | if len(args) == 0: |
| 263 | + print('MacroRaptor %s - http://decalage.info/python/oletools' % __version__) | |
| 264 | + print('This is work in progress, please report issues at %s' % URL_ISSUES) | |
| 252 | 265 | print(__doc__) |
| 253 | 266 | parser.print_help() |
| 254 | 267 | print('\nAn exit code is returned based on the analysis result:') | ... | ... |