Commit cb596a8ad43996b6c65db491cce298a9dd3197b0
1 parent
33e52c57
olevba: replaced prettytable by tablestream (+colors)
Showing
2 changed files
with
14 additions
and
10 deletions
oletools/olevba.py
| @@ -210,8 +210,9 @@ from __future__ import print_function | @@ -210,8 +210,9 @@ from __future__ import print_function | ||
| 210 | # 2018-09-11 v0.54 PL: - olefile is now a dependency | 210 | # 2018-09-11 v0.54 PL: - olefile is now a dependency |
| 211 | # 2018-10-08 PL: - replace backspace before printing to console (issue #358) | 211 | # 2018-10-08 PL: - replace backspace before printing to console (issue #358) |
| 212 | # 2018-10-25 CH: - detect encryption and raise error if detected | 212 | # 2018-10-25 CH: - detect encryption and raise error if detected |
| 213 | +# 2018-12-03 PL: - uses tablestream (+colors) instead of prettytable | ||
| 213 | 214 | ||
| 214 | -__version__ = '0.54dev4' | 215 | +__version__ = '0.54dev5' |
| 215 | 216 | ||
| 216 | #------------------------------------------------------------------------------ | 217 | #------------------------------------------------------------------------------ |
| 217 | # TODO: | 218 | # TODO: |
| @@ -301,7 +302,7 @@ if not _parent_dir in sys.path: | @@ -301,7 +302,7 @@ if not _parent_dir in sys.path: | ||
| 301 | sys.path.insert(0, _parent_dir) | 302 | sys.path.insert(0, _parent_dir) |
| 302 | 303 | ||
| 303 | import olefile | 304 | import olefile |
| 304 | -from oletools.thirdparty.prettytable import prettytable | 305 | +from oletools.thirdparty.tablestream import tablestream |
| 305 | from oletools.thirdparty.xglob import xglob, PathNotFoundException | 306 | from oletools.thirdparty.xglob import xglob, PathNotFoundException |
| 306 | from pyparsing import \ | 307 | from pyparsing import \ |
| 307 | CaselessKeyword, CaselessLiteral, Combine, Forward, Literal, \ | 308 | CaselessKeyword, CaselessLiteral, Combine, Forward, Literal, \ |
| @@ -3171,19 +3172,22 @@ class VBA_Parser_CLI(VBA_Parser): | @@ -3171,19 +3172,22 @@ class VBA_Parser_CLI(VBA_Parser): | ||
| 3171 | sys.stdout.flush() | 3172 | sys.stdout.flush() |
| 3172 | results = self.analyze_macros(show_decoded_strings, deobfuscate) | 3173 | results = self.analyze_macros(show_decoded_strings, deobfuscate) |
| 3173 | if results: | 3174 | if results: |
| 3174 | - t = prettytable.PrettyTable(('Type', 'Keyword', 'Description')) | ||
| 3175 | - t.align = 'l' | ||
| 3176 | - t.max_width['Type'] = 10 | ||
| 3177 | - t.max_width['Keyword'] = 20 | ||
| 3178 | - t.max_width['Description'] = 39 | 3175 | + t = tablestream.TableStream(column_width=(10, 20, 45), |
| 3176 | + header_row=('Type', 'Keyword', 'Description')) | ||
| 3177 | + COLOR_TYPE = { | ||
| 3178 | + 'AutoExec': 'yellow', | ||
| 3179 | + 'Suspicious': 'red', | ||
| 3180 | + 'IOC': 'cyan', | ||
| 3181 | + } | ||
| 3179 | for kw_type, keyword, description in results: | 3182 | for kw_type, keyword, description in results: |
| 3180 | # handle non printable strings: | 3183 | # handle non printable strings: |
| 3181 | if not is_printable(keyword): | 3184 | if not is_printable(keyword): |
| 3182 | keyword = repr(keyword) | 3185 | keyword = repr(keyword) |
| 3183 | if not is_printable(description): | 3186 | if not is_printable(description): |
| 3184 | description = repr(description) | 3187 | description = repr(description) |
| 3185 | - t.add_row((kw_type, keyword, description)) | ||
| 3186 | - print(t) | 3188 | + color_type = COLOR_TYPE.get(kw_type, None) |
| 3189 | + t.write_row((kw_type, keyword, description), colors=(color_type, None, None)) | ||
| 3190 | + t.close() | ||
| 3187 | else: | 3191 | else: |
| 3188 | print('No suspicious keyword or IOC found.') | 3192 | print('No suspicious keyword or IOC found.') |
| 3189 | 3193 |
setup.py
| @@ -47,7 +47,7 @@ import os, fnmatch | @@ -47,7 +47,7 @@ import os, fnmatch | ||
| 47 | #--- METADATA ----------------------------------------------------------------- | 47 | #--- METADATA ----------------------------------------------------------------- |
| 48 | 48 | ||
| 49 | name = "oletools" | 49 | name = "oletools" |
| 50 | -version = '0.54dev4' | 50 | +version = '0.54dev5' |
| 51 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" | 51 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" |
| 52 | long_desc = open('oletools/README.rst').read() | 52 | long_desc = open('oletools/README.rst').read() |
| 53 | author = "Philippe Lagadec" | 53 | author = "Philippe Lagadec" |