Peter M. Groen / oletools

Commit d251039a3b66c20b991c9d36e0b68d2e9942424d

Authored by decalage2
1 parent f9086ed4

mraptor/mraptor3: added support for Word/PowerPoint 2007+ XML (aka Flat OPC) - issue #283

Inline Side-by-side
Showing 3 changed files with 11 additions and 23 deletions
oletools/mraptor.py
  View file @d251039
... ... @@ -9,6 +9,7 @@ Supported formats:
9 9 - Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm)
10 10 - Excel 97-2003 (.xls), Excel 2007+ (.xlsm, .xlsb)
11 11 - PowerPoint 97-2003 (.ppt), PowerPoint 2007+ (.pptm, .ppsm)
  12 +- Word/PowerPoint 2007+ XML (aka Flat OPC)
12 13 - Word 2003 XML (.xml)
13 14 - Word/Excel Single File Web Page / MHTML (.mht)
14 15 - Publisher (.pub)
... ... @@ -22,7 +23,7 @@ http://www.decalage.info/python/oletools
22 23  
23 24 # === LICENSE ==================================================================
24 25  
25   -# MacroRaptor is copyright (c) 2016-2017 Philippe Lagadec (http://www.decalage.info)
  26 +# MacroRaptor is copyright (c) 2016-2018 Philippe Lagadec (http://www.decalage.info)
26 27 # All rights reserved.
27 28 #
28 29 # Redistribution and use in source and binary forms, with or without modification,
... ... @@ -56,8 +57,9 @@ http://www.decalage.info/python/oletools
56 57 # 2016-10-25 PL: - fixed print for Python 3
57 58 # 2016-12-21 v0.51 PL: - added more ActiveX macro triggers
58 59 # 2017-03-08 PL: - fixed absolute imports
  60 +# 2018-05-25 v0.53 PL: - added Word/PowerPoint 2007+ XML (aka Flat OPC) issue #283
59 61  
60   -__version__ = '0.51'
  62 +__version__ = '0.53dev12'
61 63  
62 64 #------------------------------------------------------------------------------
63 65 # TODO:
... ... @@ -83,6 +85,7 @@ from oletools.thirdparty.xglob import xglob
83 85 from oletools.thirdparty.tablestream import tablestream
84 86  
85 87 from oletools import olevba
  88 +from oletools.olevba import TYPE2TAG
86 89  
87 90 # === LOGGING =================================================================
88 91  
... ... @@ -131,15 +134,6 @@ RE_DECLARE_LIB = r'(?:\bDeclare\b[^\n]+\bLib\b)'
131 134 re_execute = re.compile(r'(?i)\b(?:Shell|CreateObject|GetObject|SendKeys|'
132 135 + r'MacScript|FollowHyperlink|CreateThread|ShellExecute)\b|' + RE_DECLARE_LIB)
133 136  
134   -# short tag to display file types in triage mode:
135   -TYPE2TAG = {
136   - olevba.TYPE_OLE: 'OLE',
137   - olevba.TYPE_OpenXML: 'OpX',
138   - olevba.TYPE_Word2003_XML: 'XML',
139   - olevba.TYPE_MHTML: 'MHT',
140   - olevba.TYPE_TEXT: 'TXT',
141   -}
142   -
143 137  
144 138 # === CLASSES =================================================================
145 139  
... ...
oletools/mraptor3.py
  View file @d251039
... ... @@ -9,6 +9,7 @@ Supported formats:
9 9 - Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm)
10 10 - Excel 97-2003 (.xls), Excel 2007+ (.xlsm, .xlsb)
11 11 - PowerPoint 97-2003 (.ppt), PowerPoint 2007+ (.pptm, .ppsm)
  12 +- Word/PowerPoint 2007+ XML (aka Flat OPC)
12 13 - Word 2003 XML (.xml)
13 14 - Word/Excel Single File Web Page / MHTML (.mht)
14 15 - Publisher (.pub)
... ... @@ -22,7 +23,7 @@ http://www.decalage.info/python/oletools
22 23  
23 24 # === LICENSE ==================================================================
24 25  
25   -# MacroRaptor is copyright (c) 2016-2017 Philippe Lagadec (http://www.decalage.info)
  26 +# MacroRaptor is copyright (c) 2016-2018 Philippe Lagadec (http://www.decalage.info)
26 27 # All rights reserved.
27 28 #
28 29 # Redistribution and use in source and binary forms, with or without modification,
... ... @@ -55,8 +56,9 @@ http://www.decalage.info/python/oletools
55 56 # 2016-08-26 PL: - changed imports for Python 3
56 57 # 2017-04-26 v0.51 PL: - fixed absolute imports (issue #141)
57 58 # 2017-06-29 PL: - synced with mraptor.py 0.51
  59 +# 2018-05-25 v0.53 PL: - added Word/PowerPoint 2007+ XML (aka Flat OPC) issue #283
58 60  
59   -__version__ = '0.51'
  61 +__version__ = '0.53dev12'
60 62  
61 63 #------------------------------------------------------------------------------
62 64 # TODO:
... ... @@ -83,6 +85,7 @@ from oletools.thirdparty.tablestream import tablestream
83 85  
84 86 # import the python 3 version of olevba
85 87 from oletools import olevba3 as olevba
  88 +from oletools.olevba3 import TYPE2TAG
86 89  
87 90 # === LOGGING =================================================================
88 91  
... ... @@ -131,15 +134,6 @@ RE_DECLARE_LIB = r'(?:\bDeclare\b[^\n]+\bLib\b)'
131 134 re_execute = re.compile(r'(?i)\b(?:Shell|CreateObject|GetObject|SendKeys|'
132 135 + r'MacScript|FollowHyperlink|CreateThread|ShellExecute)\b|' + RE_DECLARE_LIB)
133 136  
134   -# short tag to display file types in triage mode:
135   -TYPE2TAG = {
136   - olevba.TYPE_OLE: 'OLE',
137   - olevba.TYPE_OpenXML: 'OpX',
138   - olevba.TYPE_Word2003_XML: 'XML',
139   - olevba.TYPE_MHTML: 'MHT',
140   - olevba.TYPE_TEXT: 'TXT',
141   -}
142   -
143 137  
144 138 # === CLASSES =================================================================
145 139  
... ...
setup.py
  View file @d251039
... ... @@ -43,7 +43,7 @@ import os, fnmatch
43 43 #--- METADATA -----------------------------------------------------------------
44 44  
45 45 name = "oletools"
46   -version = '0.53dev11'
  46 +version = '0.53dev12'
47 47 desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
48 48 long_desc = open('oletools/README.rst').read()
49 49 author = "Philippe Lagadec"
... ...