Commit cb596a8ad43996b6c65db491cce298a9dd3197b0
1 parent
33e52c57
olevba: replaced prettytable by tablestream (+colors)
Showing
2 changed files
with
14 additions
and
10 deletions
oletools/olevba.py
| ... | ... | @@ -210,8 +210,9 @@ from __future__ import print_function |
| 210 | 210 | # 2018-09-11 v0.54 PL: - olefile is now a dependency |
| 211 | 211 | # 2018-10-08 PL: - replace backspace before printing to console (issue #358) |
| 212 | 212 | # 2018-10-25 CH: - detect encryption and raise error if detected |
| 213 | +# 2018-12-03 PL: - uses tablestream (+colors) instead of prettytable | |
| 213 | 214 | |
| 214 | -__version__ = '0.54dev4' | |
| 215 | +__version__ = '0.54dev5' | |
| 215 | 216 | |
| 216 | 217 | #------------------------------------------------------------------------------ |
| 217 | 218 | # TODO: |
| ... | ... | @@ -301,7 +302,7 @@ if not _parent_dir in sys.path: |
| 301 | 302 | sys.path.insert(0, _parent_dir) |
| 302 | 303 | |
| 303 | 304 | import olefile |
| 304 | -from oletools.thirdparty.prettytable import prettytable | |
| 305 | +from oletools.thirdparty.tablestream import tablestream | |
| 305 | 306 | from oletools.thirdparty.xglob import xglob, PathNotFoundException |
| 306 | 307 | from pyparsing import \ |
| 307 | 308 | CaselessKeyword, CaselessLiteral, Combine, Forward, Literal, \ |
| ... | ... | @@ -3171,19 +3172,22 @@ class VBA_Parser_CLI(VBA_Parser): |
| 3171 | 3172 | sys.stdout.flush() |
| 3172 | 3173 | results = self.analyze_macros(show_decoded_strings, deobfuscate) |
| 3173 | 3174 | if results: |
| 3174 | - t = prettytable.PrettyTable(('Type', 'Keyword', 'Description')) | |
| 3175 | - t.align = 'l' | |
| 3176 | - t.max_width['Type'] = 10 | |
| 3177 | - t.max_width['Keyword'] = 20 | |
| 3178 | - t.max_width['Description'] = 39 | |
| 3175 | + t = tablestream.TableStream(column_width=(10, 20, 45), | |
| 3176 | + header_row=('Type', 'Keyword', 'Description')) | |
| 3177 | + COLOR_TYPE = { | |
| 3178 | + 'AutoExec': 'yellow', | |
| 3179 | + 'Suspicious': 'red', | |
| 3180 | + 'IOC': 'cyan', | |
| 3181 | + } | |
| 3179 | 3182 | for kw_type, keyword, description in results: |
| 3180 | 3183 | # handle non printable strings: |
| 3181 | 3184 | if not is_printable(keyword): |
| 3182 | 3185 | keyword = repr(keyword) |
| 3183 | 3186 | if not is_printable(description): |
| 3184 | 3187 | description = repr(description) |
| 3185 | - t.add_row((kw_type, keyword, description)) | |
| 3186 | - print(t) | |
| 3188 | + color_type = COLOR_TYPE.get(kw_type, None) | |
| 3189 | + t.write_row((kw_type, keyword, description), colors=(color_type, None, None)) | |
| 3190 | + t.close() | |
| 3187 | 3191 | else: |
| 3188 | 3192 | print('No suspicious keyword or IOC found.') |
| 3189 | 3193 | ... | ... |
setup.py
| ... | ... | @@ -47,7 +47,7 @@ import os, fnmatch |
| 47 | 47 | #--- METADATA ----------------------------------------------------------------- |
| 48 | 48 | |
| 49 | 49 | name = "oletools" |
| 50 | -version = '0.54dev4' | |
| 50 | +version = '0.54dev5' | |
| 51 | 51 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" |
| 52 | 52 | long_desc = open('oletools/README.rst').read() |
| 53 | 53 | author = "Philippe Lagadec" | ... | ... |