From e707b49efabf34e0f8e805a84b2eb61104190015 Mon Sep 17 00:00:00 2001
From: Philippe Lagadec <decalage2@users.noreply.github.com>
Date: Fri, 11 Mar 2016 21:57:17 +0100
Subject: [PATCH] updated readme

---
 README.md            | 22 +++++++++++++++-------
 oletools/README.html | 20 +++++++++++++-------
 oletools/README.rst  | 49 ++++++++++++++++++++++++++++++++-----------------
 3 files changed, 60 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index 1fb1ac6..b601ba4 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,11 @@ Note: python-oletools is not related to OLETools published by BeCubed Software.
 News
 ----
 
-- **2016-02-07 v0.42**: added two new tools oledir and olemap, better handling of malformed
+- **2016-03-11 v0.44**: improved [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba)
+to extract and analyse strings from VBA Forms.
+- 2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect malicious macros, bugfix
+and slight improvements in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba).
+- 2016-02-07 v0.42: added two new tools oledir and olemap, better handling of malformed
 files and several bugfixes in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba),
 improved display for [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta).
 - 2015-09-22 v0.41: added new --reveal option to [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba),
@@ -64,14 +68,18 @@ Tools in python-oletools:
 
 - [olebrowse](https://bitbucket.org/decalage/oletools/wiki/olebrowse): A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
   view and extract individual data streams.
-- [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): a tool to analyze OLE files to detect specific characteristics usually found in malicious files.
-- [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): a tool to extract all standard properties (metadata) from OLE files.
-- [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): a tool to extract creation and modification timestamps of all streams and storages.
-- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
-- [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): a tool to detect, extract and analyze Flash objects (SWF) that may
+- [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): to analyze OLE files to detect specific characteristics usually found in malicious files.
+- [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): to extract all standard properties (metadata) from OLE files.
+- [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): to extract creation and modification timestamps of all streams and storages.
+- [oledir](https://bitbucket.org/decalage/oletools/wiki/oledir): to display all the directory entries of an OLE file, including free and orphaned entries.
+- [olemap](https://bitbucket.org/decalage/oletools/wiki/olemap): to display a map of all the sectors in an OLE file.
+- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
+- [MacroRaptor](https://bitbucket.org/decalage/oletools/wiki/mraptor): to detect malicious VBA Macros
+- [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): to detect, extract and analyze Flash objects (SWF) that may
   be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF,
   which is especially useful for malware analysis.
-- [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj): a tool and python module to extract embedded objects from RTF files.
+- [oleobj](https://bitbucket.org/decalage/oletools/wiki/oleobj): to extract embedded objects from OLE files.
+- [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj): to extract embedded objects from RTF files.
 - and a few others (coming soon)
 
 Download and Install:
diff --git a/oletools/README.html b/oletools/README.html
index 45324d2..5033e58 100644
--- a/oletools/README.html
+++ b/oletools/README.html
@@ -4,7 +4,9 @@
 <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p>
 <h2 id="news">News</h2>
 <ul>
-<li><strong>2016-02-07 v0.42</strong>: added two new tools oledir and olemap, better handling of malformed files and several bugfixes in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, improved display for <a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>.</li>
+<li><strong>2016-03-11 v0.44</strong>: improved <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> to extract and analyse strings from VBA Forms.</li>
+<li>2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect malicious macros, bugfix and slight improvements in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>.</li>
+<li>2016-02-07 v0.42: added two new tools oledir and olemap, better handling of malformed files and several bugfixes in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, improved display for <a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>.</li>
 <li>2015-09-22 v0.41: added new --reveal option to <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to show the macro code with VBA strings deobfuscated.</li>
 <li>2015-09-17 v0.40: Improved macro deobfuscation in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to decode Hex and Base64 within VBA expressions. Display printable deobfuscated strings by default. Improved the VBA_Parser API. Improved performance. Fixed <a href="https://bitbucket.org/decalage/oletools/issue/23">issue #23</a> with sys.stderr.</li>
 <li>2015-06-19 v0.12: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now deobfuscate VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &amp;, using a VBA parser built with <a href="http://pyparsing.wikispaces.com">pyparsing</a>. New options to display only the analysis results or only the macros source code. The analysis is now done on all the VBA modules at once.</li>
@@ -24,12 +26,16 @@
 <h2 id="tools-in-python-oletools">Tools in python-oletools:</h2>
 <ul>
 <li><a href="https://bitbucket.org/decalage/oletools/wiki/olebrowse">olebrowse</a>: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.</li>
-<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleid">oleid</a>: a tool to analyze OLE files to detect specific characteristics usually found in malicious files.</li>
-<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>: a tool to extract all standard properties (metadata) from OLE files.</li>
-<li><a href="https://bitbucket.org/decalage/oletools/wiki/oletimes">oletimes</a>: a tool to extract creation and modification timestamps of all streams and storages.</li>
-<li><a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>: a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).</li>
-<li><a href="https://bitbucket.org/decalage/oletools/wiki/pyxswf">pyxswf</a>: a tool to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.</li>
-<li><a href="https://bitbucket.org/decalage/oletools/wiki/rtfobj">rtfobj</a>: a tool and python module to extract embedded objects from RTF files.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleid">oleid</a>: to analyze OLE files to detect specific characteristics usually found in malicious files.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>: to extract all standard properties (metadata) from OLE files.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/oletimes">oletimes</a>: to extract creation and modification timestamps of all streams and storages.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/oledir">oledir</a>: to display all the directory entries of an OLE file, including free and orphaned entries.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemap">olemap</a>: to display a map of all the sectors in an OLE file.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>: to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/mraptor">MacroRaptor</a>: to detect malicious VBA Macros</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/pyxswf">pyxswf</a>: to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleobj">oleobj</a>: to extract embedded objects from OLE files.</li>
+<li><a href="https://bitbucket.org/decalage/oletools/wiki/rtfobj">rtfobj</a>: to extract embedded objects from RTF files.</li>
 <li>and a few others (coming soon)</li>
 </ul>
 <h2 id="download-and-install">Download and Install:</h2>
diff --git a/oletools/README.rst b/oletools/README.rst
index 8a5023b..06fefab 100644
--- a/oletools/README.rst
+++ b/oletools/README.rst
@@ -26,7 +26,13 @@ Software.
 News
 ----
 
--  **2016-02-07 v0.42**: added two new tools oledir and olemap, better
+-  **2016-03-11 v0.44**: improved
+   `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ to
+   extract and analyse strings from VBA Forms.
+-  2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect
+   malicious macros, bugfix and slight improvements in
+   `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__.
+-  2016-02-07 v0.42: added two new tools oledir and olemap, better
    handling of malformed files and several bugfixes in
    `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__,
    improved display for
@@ -99,23 +105,32 @@ Tools in python-oletools:
 -  `olebrowse <https://bitbucket.org/decalage/oletools/wiki/olebrowse>`__:
    A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint
    documents), to view and extract individual data streams.
--  `oleid <https://bitbucket.org/decalage/oletools/wiki/oleid>`__: a
-   tool to analyze OLE files to detect specific characteristics usually
-   found in malicious files.
--  `olemeta <https://bitbucket.org/decalage/oletools/wiki/olemeta>`__: a
-   tool to extract all standard properties (metadata) from OLE files.
+-  `oleid <https://bitbucket.org/decalage/oletools/wiki/oleid>`__: to
+   analyze OLE files to detect specific characteristics usually found in
+   malicious files.
+-  `olemeta <https://bitbucket.org/decalage/oletools/wiki/olemeta>`__:
+   to extract all standard properties (metadata) from OLE files.
 -  `oletimes <https://bitbucket.org/decalage/oletools/wiki/oletimes>`__:
-   a tool to extract creation and modification timestamps of all streams
-   and storages.
--  `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__: a
-   tool to extract and analyze VBA Macro source code from MS Office
-   documents (OLE and OpenXML).
--  `pyxswf <https://bitbucket.org/decalage/oletools/wiki/pyxswf>`__: a
-   tool to detect, extract and analyze Flash objects (SWF) that may be
-   embedded in files such as MS Office documents (e.g. Word, Excel) and
-   RTF, which is especially useful for malware analysis.
--  `rtfobj <https://bitbucket.org/decalage/oletools/wiki/rtfobj>`__: a
-   tool and python module to extract embedded objects from RTF files.
+   to extract creation and modification timestamps of all streams and
+   storages.
+-  `oledir <https://bitbucket.org/decalage/oletools/wiki/oledir>`__: to
+   display all the directory entries of an OLE file, including free and
+   orphaned entries.
+-  `olemap <https://bitbucket.org/decalage/oletools/wiki/olemap>`__: to
+   display a map of all the sectors in an OLE file.
+-  `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__: to
+   extract and analyze VBA Macro source code from MS Office documents
+   (OLE and OpenXML).
+-  `MacroRaptor <https://bitbucket.org/decalage/oletools/wiki/mraptor>`__:
+   to detect malicious VBA Macros
+-  `pyxswf <https://bitbucket.org/decalage/oletools/wiki/pyxswf>`__: to
+   detect, extract and analyze Flash objects (SWF) that may be embedded
+   in files such as MS Office documents (e.g. Word, Excel) and RTF,
+   which is especially useful for malware analysis.
+-  `oleobj <https://bitbucket.org/decalage/oletools/wiki/oleobj>`__: to
+   extract embedded objects from OLE files.
+-  `rtfobj <https://bitbucket.org/decalage/oletools/wiki/rtfobj>`__: to
+   extract embedded objects from RTF files.
 -  and a few others (coming soon)
 
 Download and Install:
--
libgit2 0.21.4