Peter M. Groen / oletools

Commit e707b49efabf34e0f8e805a84b2eb61104190015

Authored by Philippe Lagadec
1 parent 64f57029

updated readme

Inline Side-by-side
Showing 3 changed files with 60 additions and 31 deletions
README.md
  View file @e707b49
@@ -22,7 +22,11 @@ Note: python-oletools is not related to OLETools published by BeCubed Software. @@ -22,7 +22,11 @@ Note: python-oletools is not related to OLETools published by BeCubed Software.
22 News 22 News
23 ---- 23 ----
24 24
25 -- **2016-02-07 v0.42**: added two new tools oledir and olemap, better handling of malformed 25 +- **2016-03-11 v0.44**: improved [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba)
  26 +to extract and analyse strings from VBA Forms.
  27 +- 2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect malicious macros, bugfix
  28 +and slight improvements in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba).
  29 +- 2016-02-07 v0.42: added two new tools oledir and olemap, better handling of malformed
26 files and several bugfixes in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba), 30 files and several bugfixes in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba),
27 improved display for [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta). 31 improved display for [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta).
28 - 2015-09-22 v0.41: added new --reveal option to [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba), 32 - 2015-09-22 v0.41: added new --reveal option to [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba),
@@ -64,14 +68,18 @@ Tools in python-oletools: @@ -64,14 +68,18 @@ Tools in python-oletools:
64 68
65 - [olebrowse](https://bitbucket.org/decalage/oletools/wiki/olebrowse): A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to 69 - [olebrowse](https://bitbucket.org/decalage/oletools/wiki/olebrowse): A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
66 view and extract individual data streams. 70 view and extract individual data streams.
67 -- [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): a tool to analyze OLE files to detect specific characteristics usually found in malicious files.  
68 -- [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): a tool to extract all standard properties (metadata) from OLE files.  
69 -- [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): a tool to extract creation and modification timestamps of all streams and storages.  
70 -- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).  
71 -- [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): a tool to detect, extract and analyze Flash objects (SWF) that may 71 +- [oleid](https://bitbucket.org/decalage/oletools/wiki/oleid): to analyze OLE files to detect specific characteristics usually found in malicious files.
  72 +- [olemeta](https://bitbucket.org/decalage/oletools/wiki/olemeta): to extract all standard properties (metadata) from OLE files.
  73 +- [oletimes](https://bitbucket.org/decalage/oletools/wiki/oletimes): to extract creation and modification timestamps of all streams and storages.
  74 +- [oledir](https://bitbucket.org/decalage/oletools/wiki/oledir): to display all the directory entries of an OLE file, including free and orphaned entries.
  75 +- [olemap](https://bitbucket.org/decalage/oletools/wiki/olemap): to display a map of all the sectors in an OLE file.
  76 +- [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba): to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
  77 +- [MacroRaptor](https://bitbucket.org/decalage/oletools/wiki/mraptor): to detect malicious VBA Macros
  78 +- [pyxswf](https://bitbucket.org/decalage/oletools/wiki/pyxswf): to detect, extract and analyze Flash objects (SWF) that may
72 be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, 79 be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF,
73 which is especially useful for malware analysis. 80 which is especially useful for malware analysis.
74 -- [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj): a tool and python module to extract embedded objects from RTF files. 81 +- [oleobj](https://bitbucket.org/decalage/oletools/wiki/oleobj): to extract embedded objects from OLE files.
  82 +- [rtfobj](https://bitbucket.org/decalage/oletools/wiki/rtfobj): to extract embedded objects from RTF files.
75 - and a few others (coming soon) 83 - and a few others (coming soon)
76 84
77 Download and Install: 85 Download and Install:
oletools/README.html
  View file @e707b49
@@ -4,7 +4,9 @@ @@ -4,7 +4,9 @@
4 <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p> 4 <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p>
5 <h2 id="news">News</h2> 5 <h2 id="news">News</h2>
6 <ul> 6 <ul>
7 -<li><strong>2016-02-07 v0.42</strong>: added two new tools oledir and olemap, better handling of malformed files and several bugfixes in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, improved display for <a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>.</li> 7 +<li><strong>2016-03-11 v0.44</strong>: improved <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> to extract and analyse strings from VBA Forms.</li>
  8 +<li>2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect malicious macros, bugfix and slight improvements in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>.</li>
  9 +<li>2016-02-07 v0.42: added two new tools oledir and olemap, better handling of malformed files and several bugfixes in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, improved display for <a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>.</li>
8 <li>2015-09-22 v0.41: added new --reveal option to <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to show the macro code with VBA strings deobfuscated.</li> 10 <li>2015-09-22 v0.41: added new --reveal option to <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to show the macro code with VBA strings deobfuscated.</li>
9 <li>2015-09-17 v0.40: Improved macro deobfuscation in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to decode Hex and Base64 within VBA expressions. Display printable deobfuscated strings by default. Improved the VBA_Parser API. Improved performance. Fixed <a href="https://bitbucket.org/decalage/oletools/issue/23">issue #23</a> with sys.stderr.</li> 11 <li>2015-09-17 v0.40: Improved macro deobfuscation in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to decode Hex and Base64 within VBA expressions. Display printable deobfuscated strings by default. Improved the VBA_Parser API. Improved performance. Fixed <a href="https://bitbucket.org/decalage/oletools/issue/23">issue #23</a> with sys.stderr.</li>
10 <li>2015-06-19 v0.12: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now deobfuscate VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &amp;, using a VBA parser built with <a href="http://pyparsing.wikispaces.com">pyparsing</a>. New options to display only the analysis results or only the macros source code. The analysis is now done on all the VBA modules at once.</li> 12 <li>2015-06-19 v0.12: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now deobfuscate VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &amp;, using a VBA parser built with <a href="http://pyparsing.wikispaces.com">pyparsing</a>. New options to display only the analysis results or only the macros source code. The analysis is now done on all the VBA modules at once.</li>
@@ -24,12 +26,16 @@ @@ -24,12 +26,16 @@
24 <h2 id="tools-in-python-oletools">Tools in python-oletools:</h2> 26 <h2 id="tools-in-python-oletools">Tools in python-oletools:</h2>
25 <ul> 27 <ul>
26 <li><a href="https://bitbucket.org/decalage/oletools/wiki/olebrowse">olebrowse</a>: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.</li> 28 <li><a href="https://bitbucket.org/decalage/oletools/wiki/olebrowse">olebrowse</a>: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.</li>
27 -<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleid">oleid</a>: a tool to analyze OLE files to detect specific characteristics usually found in malicious files.</li>  
28 -<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>: a tool to extract all standard properties (metadata) from OLE files.</li>  
29 -<li><a href="https://bitbucket.org/decalage/oletools/wiki/oletimes">oletimes</a>: a tool to extract creation and modification timestamps of all streams and storages.</li>  
30 -<li><a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>: a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).</li>  
31 -<li><a href="https://bitbucket.org/decalage/oletools/wiki/pyxswf">pyxswf</a>: a tool to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.</li>  
32 -<li><a href="https://bitbucket.org/decalage/oletools/wiki/rtfobj">rtfobj</a>: a tool and python module to extract embedded objects from RTF files.</li> 29 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleid">oleid</a>: to analyze OLE files to detect specific characteristics usually found in malicious files.</li>
  30 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemeta">olemeta</a>: to extract all standard properties (metadata) from OLE files.</li>
  31 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oletimes">oletimes</a>: to extract creation and modification timestamps of all streams and storages.</li>
  32 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oledir">oledir</a>: to display all the directory entries of an OLE file, including free and orphaned entries.</li>
  33 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/olemap">olemap</a>: to display a map of all the sectors in an OLE file.</li>
  34 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>: to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).</li>
  35 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/mraptor">MacroRaptor</a>: to detect malicious VBA Macros</li>
  36 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/pyxswf">pyxswf</a>: to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.</li>
  37 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/oleobj">oleobj</a>: to extract embedded objects from OLE files.</li>
  38 +<li><a href="https://bitbucket.org/decalage/oletools/wiki/rtfobj">rtfobj</a>: to extract embedded objects from RTF files.</li>
33 <li>and a few others (coming soon)</li> 39 <li>and a few others (coming soon)</li>
34 </ul> 40 </ul>
35 <h2 id="download-and-install">Download and Install:</h2> 41 <h2 id="download-and-install">Download and Install:</h2>
oletools/README.rst
  View file @e707b49
@@ -26,7 +26,13 @@ Software. @@ -26,7 +26,13 @@ Software.
26 News 26 News
27 ---- 27 ----
28 28
29 -- **2016-02-07 v0.42**: added two new tools oledir and olemap, better 29 +- **2016-03-11 v0.44**: improved
  30 + `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ to
  31 + extract and analyse strings from VBA Forms.
  32 +- 2016-03-04 v0.43: added new tool MacroRaptor (mraptor) to detect
  33 + malicious macros, bugfix and slight improvements in
  34 + `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__.
  35 +- 2016-02-07 v0.42: added two new tools oledir and olemap, better
30 handling of malformed files and several bugfixes in 36 handling of malformed files and several bugfixes in
31 `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__, 37 `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__,
32 improved display for 38 improved display for
@@ -99,23 +105,32 @@ Tools in python-oletools: @@ -99,23 +105,32 @@ Tools in python-oletools:
99 - `olebrowse <https://bitbucket.org/decalage/oletools/wiki/olebrowse>`__: 105 - `olebrowse <https://bitbucket.org/decalage/oletools/wiki/olebrowse>`__:
100 A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint 106 A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint
101 documents), to view and extract individual data streams. 107 documents), to view and extract individual data streams.
102 -- `oleid <https://bitbucket.org/decalage/oletools/wiki/oleid>`__: a  
103 - tool to analyze OLE files to detect specific characteristics usually  
104 - found in malicious files.  
105 -- `olemeta <https://bitbucket.org/decalage/oletools/wiki/olemeta>`__: a  
106 - tool to extract all standard properties (metadata) from OLE files. 108 +- `oleid <https://bitbucket.org/decalage/oletools/wiki/oleid>`__: to
  109 + analyze OLE files to detect specific characteristics usually found in
  110 + malicious files.
  111 +- `olemeta <https://bitbucket.org/decalage/oletools/wiki/olemeta>`__:
  112 + to extract all standard properties (metadata) from OLE files.
107 - `oletimes <https://bitbucket.org/decalage/oletools/wiki/oletimes>`__: 113 - `oletimes <https://bitbucket.org/decalage/oletools/wiki/oletimes>`__:
108 - a tool to extract creation and modification timestamps of all streams  
109 - and storages.  
110 -- `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__: a  
111 - tool to extract and analyze VBA Macro source code from MS Office  
112 - documents (OLE and OpenXML).  
113 -- `pyxswf <https://bitbucket.org/decalage/oletools/wiki/pyxswf>`__: a  
114 - tool to detect, extract and analyze Flash objects (SWF) that may be  
115 - embedded in files such as MS Office documents (e.g. Word, Excel) and  
116 - RTF, which is especially useful for malware analysis.  
117 -- `rtfobj <https://bitbucket.org/decalage/oletools/wiki/rtfobj>`__: a  
118 - tool and python module to extract embedded objects from RTF files. 114 + to extract creation and modification timestamps of all streams and
  115 + storages.
  116 +- `oledir <https://bitbucket.org/decalage/oletools/wiki/oledir>`__: to
  117 + display all the directory entries of an OLE file, including free and
  118 + orphaned entries.
  119 +- `olemap <https://bitbucket.org/decalage/oletools/wiki/olemap>`__: to
  120 + display a map of all the sectors in an OLE file.
  121 +- `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__: to
  122 + extract and analyze VBA Macro source code from MS Office documents
  123 + (OLE and OpenXML).
  124 +- `MacroRaptor <https://bitbucket.org/decalage/oletools/wiki/mraptor>`__:
  125 + to detect malicious VBA Macros
  126 +- `pyxswf <https://bitbucket.org/decalage/oletools/wiki/pyxswf>`__: to
  127 + detect, extract and analyze Flash objects (SWF) that may be embedded
  128 + in files such as MS Office documents (e.g. Word, Excel) and RTF,
  129 + which is especially useful for malware analysis.
  130 +- `oleobj <https://bitbucket.org/decalage/oletools/wiki/oleobj>`__: to
  131 + extract embedded objects from OLE files.
  132 +- `rtfobj <https://bitbucket.org/decalage/oletools/wiki/rtfobj>`__: to
  133 + extract embedded objects from RTF files.
119 - and a few others (coming soon) 134 - and a few others (coming soon)
120 135
121 Download and Install: 136 Download and Install: