Peter M. Groen / oletools

Commit e707b49efabf34e0f8e805a84b2eb61104190015

Authored by Philippe Lagadec
1 parent 64f57029

updated readme

Inline Side-by-side
Showing 3 changed files with 60 additions and 31 deletions
README.md
  View file @e707b49
... ... @@ -22,7 +22,11 @@ Note: python-oletools is not related to OLETools published by BeCubed Software.
22 22 News
23 23 ----
24 24  
25   -- **2016-02-07 v0.42**: added two new tools oledir and olemap, better handling of malformed
  25 +- **2016-03-11 v0.44**: improved [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba)
  26 +to extract and analyse strings from VBA Forms.
  27 +- 2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect malicious macros, bugfix
  28 +and slight improvements in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba).
  29 +- 2016-02-07 v0.42: added two new tools oledir and olemap, better handling of malformed
26 30 files and several bugfixes in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba),
27 31 improved display for [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta).
28 32 - 2015-09-22 v0.41: added new --reveal option to [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba),
... ... @@ -64,14 +68,18 @@ Tools in python-oletools:
64 68  
65 69 - [olebrowse](https://bitbucket.org/decalage/oletools/wiki/olebrowse): A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
66 70 view and extract individual data streams.
67   -- [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): a tool to analyze OLE files to detect specific characteristics usually found in malicious files.
68   -- [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): a tool to extract all standard properties (metadata) from OLE files.
69   -- [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): a tool to extract creation and modification timestamps of all streams and storages.
70   -- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
71   -- [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): a tool to detect, extract and analyze Flash objects (SWF) that may
  71 +- [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): to analyze OLE files to detect specific characteristics usually found in malicious files.
  72 +- [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): to extract all standard properties (metadata) from OLE files.
  73 +- [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): to extract creation and modification timestamps of all streams and storages.
  74 +- [oledir](https://bitbucket.org/decalage/oletools/wiki/oledir): to display all the directory entries of an OLE file, including free and orphaned entries.
  75 +- [olemap](https://bitbucket.org/decalage/oletools/wiki/olemap): to display a map of all the sectors in an OLE file.
  76 +- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
  77 +- [MacroRaptor](https://bitbucket.org/decalage/oletools/wiki/mraptor): to detect malicious VBA Macros
  78 +- [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): to detect, extract and analyze Flash objects (SWF) that may
72 79 be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF,
73 80 which is especially useful for malware analysis.
74   -- [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj): a tool and python module to extract embedded objects from RTF files.
  81 +- [oleobj](https://bitbucket.org/decalage/oletools/wiki/oleobj): to extract embedded objects from OLE files.
  82 +- [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj): to extract embedded objects from RTF files.
75 83 - and a few others (coming soon)
76 84  
77 85 Download and Install:
... ...
oletools/README.html
  View file @e707b49
... ... @@ -4,7 +4,9 @@
4 4 <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p>
5 5 <h2 id="news">News</h2>
6 6 <ul>
7   -<li><strong>2016-02-07 v0.42</strong>: added two new tools oledir and olemap, better handling of malformed files and several bugfixes in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, improved display for <a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>.</li>
  7 +<li><strong>2016-03-11 v0.44</strong>: improved <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> to extract and analyse strings from VBA Forms.</li>
  8 +<li>2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect malicious macros, bugfix and slight improvements in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>.</li>
  9 +<li>2016-02-07 v0.42: added two new tools oledir and olemap, better handling of malformed files and several bugfixes in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, improved display for <a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>.</li>
8 10 <li>2015-09-22 v0.41: added new --reveal option to <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to show the macro code with VBA strings deobfuscated.</li>
9 11 <li>2015-09-17 v0.40: Improved macro deobfuscation in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to decode Hex and Base64 within VBA expressions. Display printable deobfuscated strings by default. Improved the VBA_Parser API. Improved performance. Fixed <a href="https://bitbucket.org/decalage/oletools/issue/23">issue #23</a> with sys.stderr.</li>
10 12 <li>2015-06-19 v0.12: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now deobfuscate VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &amp;, using a VBA parser built with <a href="http://pyparsing.wikispaces.com">pyparsing</a>. New options to display only the analysis results or only the macros source code. The analysis is now done on all the VBA modules at once.</li>
... ... @@ -24,12 +26,16 @@
24 26 <h2 id="tools-in-python-oletools">Tools in python-oletools:</h2>
25 27 <ul>
26 28 <li><a href="https://bitbucket.org/decalage/oletools/wiki/olebrowse">olebrowse</a>: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.</li>
27   -<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleid">oleid</a>: a tool to analyze OLE files to detect specific characteristics usually found in malicious files.</li>
28   -<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>: a tool to extract all standard properties (metadata) from OLE files.</li>
29   -<li><a href="https://bitbucket.org/decalage/oletools/wiki/oletimes">oletimes</a>: a tool to extract creation and modification timestamps of all streams and storages.</li>
30   -<li><a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>: a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).</li>
31   -<li><a href="https://bitbucket.org/decalage/oletools/wiki/pyxswf">pyxswf</a>: a tool to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.</li>
32   -<li><a href="https://bitbucket.org/decalage/oletools/wiki/rtfobj">rtfobj</a>: a tool and python module to extract embedded objects from RTF files.</li>
  29 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleid">oleid</a>: to analyze OLE files to detect specific characteristics usually found in malicious files.</li>
  30 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>: to extract all standard properties (metadata) from OLE files.</li>
  31 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oletimes">oletimes</a>: to extract creation and modification timestamps of all streams and storages.</li>
  32 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oledir">oledir</a>: to display all the directory entries of an OLE file, including free and orphaned entries.</li>
  33 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemap">olemap</a>: to display a map of all the sectors in an OLE file.</li>
  34 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>: to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).</li>
  35 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/mraptor">MacroRaptor</a>: to detect malicious VBA Macros</li>
  36 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/pyxswf">pyxswf</a>: to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.</li>
  37 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleobj">oleobj</a>: to extract embedded objects from OLE files.</li>
  38 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/rtfobj">rtfobj</a>: to extract embedded objects from RTF files.</li>
33 39 <li>and a few others (coming soon)</li>
34 40 </ul>
35 41 <h2 id="download-and-install">Download and Install:</h2>
... ...
oletools/README.rst
  View file @e707b49
... ... @@ -26,7 +26,13 @@ Software.
26 26 News
27 27 ----
28 28  
29   -- **2016-02-07 v0.42**: added two new tools oledir and olemap, better
  29 +- **2016-03-11 v0.44**: improved
  30 + `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ to
  31 + extract and analyse strings from VBA Forms.
  32 +- 2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect
  33 + malicious macros, bugfix and slight improvements in
  34 + `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__.
  35 +- 2016-02-07 v0.42: added two new tools oledir and olemap, better
30 36 handling of malformed files and several bugfixes in
31 37 `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__,
32 38 improved display for
... ... @@ -99,23 +105,32 @@ Tools in python-oletools:
99 105 - `olebrowse <https://bitbucket.org/decalage/oletools/wiki/olebrowse>`__:
100 106 A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint
101 107 documents), to view and extract individual data streams.
102   -- `oleid <https://bitbucket.org/decalage/oletools/wiki/oleid>`__: a
103   - tool to analyze OLE files to detect specific characteristics usually
104   - found in malicious files.
105   -- `olemeta <https://bitbucket.org/decalage/oletools/wiki/olemeta>`__: a
106   - tool to extract all standard properties (metadata) from OLE files.
  108 +- `oleid <https://bitbucket.org/decalage/oletools/wiki/oleid>`__: to
  109 + analyze OLE files to detect specific characteristics usually found in
  110 + malicious files.
  111 +- `olemeta <https://bitbucket.org/decalage/oletools/wiki/olemeta>`__:
  112 + to extract all standard properties (metadata) from OLE files.
107 113 - `oletimes <https://bitbucket.org/decalage/oletools/wiki/oletimes>`__:
108   - a tool to extract creation and modification timestamps of all streams
109   - and storages.
110   -- `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__: a
111   - tool to extract and analyze VBA Macro source code from MS Office
112   - documents (OLE and OpenXML).
113   -- `pyxswf <https://bitbucket.org/decalage/oletools/wiki/pyxswf>`__: a
114   - tool to detect, extract and analyze Flash objects (SWF) that may be
115   - embedded in files such as MS Office documents (e.g. Word, Excel) and
116   - RTF, which is especially useful for malware analysis.
117   -- `rtfobj <https://bitbucket.org/decalage/oletools/wiki/rtfobj>`__: a
118   - tool and python module to extract embedded objects from RTF files.
  114 + to extract creation and modification timestamps of all streams and
  115 + storages.
  116 +- `oledir <https://bitbucket.org/decalage/oletools/wiki/oledir>`__: to
  117 + display all the directory entries of an OLE file, including free and
  118 + orphaned entries.
  119 +- `olemap <https://bitbucket.org/decalage/oletools/wiki/olemap>`__: to
  120 + display a map of all the sectors in an OLE file.
  121 +- `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__: to
  122 + extract and analyze VBA Macro source code from MS Office documents
  123 + (OLE and OpenXML).
  124 +- `MacroRaptor <https://bitbucket.org/decalage/oletools/wiki/mraptor>`__:
  125 + to detect malicious VBA Macros
  126 +- `pyxswf <https://bitbucket.org/decalage/oletools/wiki/pyxswf>`__: to
  127 + detect, extract and analyze Flash objects (SWF) that may be embedded
  128 + in files such as MS Office documents (e.g. Word, Excel) and RTF,
  129 + which is especially useful for malware analysis.
  130 +- `oleobj <https://bitbucket.org/decalage/oletools/wiki/oleobj>`__: to
  131 + extract embedded objects from OLE files.
  132 +- `rtfobj <https://bitbucket.org/decalage/oletools/wiki/rtfobj>`__: to
  133 + extract embedded objects from RTF files.
119 134 - and a few others (coming soon)
120 135  
121 136 Download and Install:
... ...