Peter M. Groen / oletools

Commit eb2b93eb7357a7f2f3defeb4c87b3eb2ebe1de7c

Authored by decalage2
1 parent 99148905

oledir: added table displaying storage tree and CLSIDs

Inline Side-by-side
Showing 2 changed files with 18 additions and 4 deletions
oletools/oledir.py
  View file @eb2b93e
@@ -14,7 +14,7 @@ http://www.decalage.info/python/oletools @@ -14,7 +14,7 @@ http://www.decalage.info/python/oletools
14 14
15 #=== LICENSE ================================================================== 15 #=== LICENSE ==================================================================
16 16
17 -# oledir is copyright (c) 2015-2017 Philippe Lagadec (http://www.decalage.info) 17 +# oledir is copyright (c) 2015-2018 Philippe Lagadec (http://www.decalage.info)
18 # All rights reserved. 18 # All rights reserved.
19 # 19 #
20 # Redistribution and use in source and binary forms, with or without modification, 20 # Redistribution and use in source and binary forms, with or without modification,
@@ -48,8 +48,9 @@ from __future__ import print_function @@ -48,8 +48,9 @@ from __future__ import print_function
48 # 2016-08-09 PL: - fixed issue #77 (imports from thirdparty dir) 48 # 2016-08-09 PL: - fixed issue #77 (imports from thirdparty dir)
49 # 2017-03-08 v0.51 PL: - fixed absolute imports, added optparse 49 # 2017-03-08 v0.51 PL: - fixed absolute imports, added optparse
50 # - added support for zip files and wildcards 50 # - added support for zip files and wildcards
  51 +# 2018-04-11 v0.53 PL: - added table displaying storage tree and CLSIDs
51 52
52 -__version__ = '0.51' 53 +__version__ = '0.53dev1'
53 54
54 #------------------------------------------------------------------------------ 55 #------------------------------------------------------------------------------
55 # TODO: 56 # TODO:
@@ -105,7 +106,7 @@ STORAGE_NAMES = { @@ -105,7 +106,7 @@ STORAGE_NAMES = {
105 106
106 STORAGE_COLORS = { 107 STORAGE_COLORS = {
107 olefile.STGTY_EMPTY: 'green', 108 olefile.STGTY_EMPTY: 'green',
108 - olefile.STGTY_STORAGE: 'blue', 109 + olefile.STGTY_STORAGE: 'cyan',
109 olefile.STGTY_STREAM: 'yellow', 110 olefile.STGTY_STREAM: 'yellow',
110 olefile.STGTY_LOCKBYTES: 'magenta', 111 olefile.STGTY_LOCKBYTES: 'magenta',
111 olefile.STGTY_PROPERTY: 'magenta', 112 olefile.STGTY_PROPERTY: 'magenta',
@@ -118,6 +119,12 @@ STATUS_COLORS = { @@ -118,6 +119,12 @@ STATUS_COLORS = {
118 'ORPHAN': 'red', 119 'ORPHAN': 'red',
119 } 120 }
120 121
  122 +KNOWN_CLSIDS = {
  123 + '00020906-0000-0000-C000-000000000046': 'MS Word',
  124 + '0002CE02-0000-0000-C000-000000000046': 'MS Equation Editor (may trigger CVE-2017-11882)',
  125 + '00000300-0000-0000-C000-000000000046': 'StdOleLink (embedded OLE object)',
  126 +}
  127 +
121 128
122 # === FUNCTIONS ============================================================== 129 # === FUNCTIONS ==============================================================
123 130
@@ -127,6 +134,13 @@ def sid_display(sid): @@ -127,6 +134,13 @@ def sid_display(sid):
127 else: 134 else:
128 return sid 135 return sid
129 136
  137 +def clsid_display(clsid):
  138 + if clsid in KNOWN_CLSIDS:
  139 + clsid += '\n%s' % KNOWN_CLSIDS[clsid]
  140 + color = 'yellow'
  141 + if 'CVE-' in clsid:
  142 + color = 'red'
  143 + return (clsid, color)
130 144
131 # === MAIN =================================================================== 145 # === MAIN ===================================================================
132 146
setup.py
  View file @eb2b93e
@@ -43,7 +43,7 @@ import os, fnmatch @@ -43,7 +43,7 @@ import os, fnmatch
43 #--- METADATA ----------------------------------------------------------------- 43 #--- METADATA -----------------------------------------------------------------
44 44
45 name = "oletools" 45 name = "oletools"
46 -version = '0.52.5' 46 +version = '0.53dev1'
47 desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" 47 desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
48 long_desc = open('oletools/README.rst').read() 48 long_desc = open('oletools/README.rst').read()
49 author = "Philippe Lagadec" 49 author = "Philippe Lagadec"