Commit 877d7b343a1e8654b9f86307384080a14b868f65
1 parent
be0f0296
updated oleid to use olefile, improved usage display and comments
Showing
1 changed file
with
55 additions
and
39 deletions
oletools/oleid.py
| 1 | 1 | #!/usr/bin/env python |
| 2 | 2 | """ |
| 3 | -oleid.py - Philippe Lagadec 2012-10-18 | |
| 3 | +oleid.py | |
| 4 | 4 | |
| 5 | 5 | oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, |
| 6 | 6 | Excel), to detect specific characteristics that could potentially indicate that |
| ... | ... | @@ -14,36 +14,42 @@ oleid project website: http://www.decalage.info/python/oleid |
| 14 | 14 | |
| 15 | 15 | oleid is part of the python-oletools package: |
| 16 | 16 | http://www.decalage.info/python/oletools |
| 17 | - | |
| 18 | -oleid is copyright (c) 2012, Philippe Lagadec (http://www.decalage.info) | |
| 19 | -All rights reserved. | |
| 20 | - | |
| 21 | -Redistribution and use in source and binary forms, with or without modification, | |
| 22 | -are permitted provided that the following conditions are met: | |
| 23 | - | |
| 24 | - * Redistributions of source code must retain the above copyright notice, this | |
| 25 | - list of conditions and the following disclaimer. | |
| 26 | - * Redistributions in binary form must reproduce the above copyright notice, | |
| 27 | - this list of conditions and the following disclaimer in the documentation | |
| 28 | - and/or other materials provided with the distribution. | |
| 29 | - | |
| 30 | -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 31 | -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 32 | -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 33 | -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 34 | -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 35 | -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 36 | -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 37 | -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 38 | -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 39 | -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 40 | 17 | """ |
| 41 | 18 | |
| 42 | -__version__ = '0.01' | |
| 19 | +#=== LICENSE ================================================================= | |
| 20 | + | |
| 21 | +# oleid is copyright (c) 2012-2014, Philippe Lagadec (http://www.decalage.info) | |
| 22 | +# All rights reserved. | |
| 23 | +# | |
| 24 | +# Redistribution and use in source and binary forms, with or without modification, | |
| 25 | +# are permitted provided that the following conditions are met: | |
| 26 | +# | |
| 27 | +# * Redistributions of source code must retain the above copyright notice, this | |
| 28 | +# list of conditions and the following disclaimer. | |
| 29 | +# * Redistributions in binary form must reproduce the above copyright notice, | |
| 30 | +# this list of conditions and the following disclaimer in the documentation | |
| 31 | +# and/or other materials provided with the distribution. | |
| 32 | +# | |
| 33 | +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 34 | +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 35 | +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 36 | +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 37 | +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 38 | +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 39 | +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 40 | +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 41 | +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 42 | +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 43 | + | |
| 43 | 44 | |
| 44 | 45 | #------------------------------------------------------------------------------ |
| 45 | 46 | # CHANGELOG: |
| 46 | 47 | # 2012-10-29 v0.01 PL: - first version |
| 48 | +# 2014-11-29 v0.02 PL: - use olefile instead of OleFileIO_PL | |
| 49 | +# - improved usage display with -h | |
| 50 | + | |
| 51 | +__version__ = '0.02' | |
| 52 | + | |
| 47 | 53 | |
| 48 | 54 | #------------------------------------------------------------------------------ |
| 49 | 55 | # TODO: |
| ... | ... | @@ -60,21 +66,14 @@ __version__ = '0.01' |
| 60 | 66 | # - verbose option |
| 61 | 67 | # - csv, xml output |
| 62 | 68 | |
| 63 | -import optparse, sys, os, re, zlib, struct | |
| 64 | -from thirdparty.OleFileIO_PL import OleFileIO_PL | |
| 65 | 69 | |
| 70 | +#=== IMPORTS ================================================================= | |
| 66 | 71 | |
| 67 | -class Indicator (object): | |
| 72 | +import optparse, sys, os, re, zlib, struct | |
| 73 | +import thirdparty.olefile as olefile | |
| 68 | 74 | |
| 69 | - def __init__(self, _id, value=None, _type=bool, name=None, description=None): | |
| 70 | - self.id = _id | |
| 71 | - self.value = value | |
| 72 | - self.type = _type | |
| 73 | - self.name = name | |
| 74 | - if name == None: | |
| 75 | - self.name = _id | |
| 76 | - self.description = description | |
| 77 | 75 | |
| 76 | +#=== FUNCTIONS =============================================================== | |
| 78 | 77 | |
| 79 | 78 | def detect_flash (data): |
| 80 | 79 | """ |
| ... | ... | @@ -127,6 +126,20 @@ def detect_flash (data): |
| 127 | 126 | return found |
| 128 | 127 | |
| 129 | 128 | |
| 129 | +#=== CLASSES ================================================================= | |
| 130 | + | |
| 131 | +class Indicator (object): | |
| 132 | + | |
| 133 | + def __init__(self, _id, value=None, _type=bool, name=None, description=None): | |
| 134 | + self.id = _id | |
| 135 | + self.value = value | |
| 136 | + self.type = _type | |
| 137 | + self.name = name | |
| 138 | + if name == None: | |
| 139 | + self.name = _id | |
| 140 | + self.description = description | |
| 141 | + | |
| 142 | + | |
| 130 | 143 | class OleID: |
| 131 | 144 | |
| 132 | 145 | def __init__(self, filename): |
| ... | ... | @@ -137,11 +150,11 @@ class OleID: |
| 137 | 150 | # check if it is actually an OLE file: |
| 138 | 151 | oleformat = Indicator('ole_format', True, name='OLE format') |
| 139 | 152 | self.indicators.append(oleformat) |
| 140 | - if not OleFileIO_PL.isOleFile(self.filename): | |
| 153 | + if not olefile.isOleFile(self.filename): | |
| 141 | 154 | oleformat.value = False |
| 142 | 155 | return self.indicators |
| 143 | 156 | # parse file: |
| 144 | - self.ole = OleFileIO_PL.OleFileIO(self.filename) | |
| 157 | + self.ole = olefile.OleFileIO(self.filename) | |
| 145 | 158 | # checks: |
| 146 | 159 | self.check_properties() |
| 147 | 160 | self.check_encrypted() |
| ... | ... | @@ -244,9 +257,12 @@ class OleID: |
| 244 | 257 | flash.value += len(found) |
| 245 | 258 | #print stream, found |
| 246 | 259 | |
| 260 | + | |
| 261 | +#=== MAIN ================================================================= | |
| 262 | + | |
| 247 | 263 | def main(): |
| 248 | 264 | usage = 'usage: %prog [options] <file>' |
| 249 | - parser = optparse.OptionParser(usage=usage) | |
| 265 | + parser = optparse.OptionParser(usage=__doc__ + '\n' + usage) | |
| 250 | 266 | ## parser.add_option('-o', '--ole', action='store_true', dest='ole', help='Parse an OLE file (e.g. Word, Excel) to look for SWF in each stream') |
| 251 | 267 | |
| 252 | 268 | (options, args) = parser.parse_args() | ... | ... |