Commit f1cefbd416cfdcb17ee26050be6e7c5b79a3744b
1 parent
57ec6e29
updated readme for v0.40
Showing
3 changed files
with
22 additions
and
3 deletions
README.md
| @@ -22,7 +22,11 @@ Note: python-oletools is not related to OLETools published by BeCubed Software. | @@ -22,7 +22,11 @@ Note: python-oletools is not related to OLETools published by BeCubed Software. | ||
| 22 | News | 22 | News |
| 23 | ---- | 23 | ---- |
| 24 | 24 | ||
| 25 | -- **2015-06-19 v0.12**: [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) can now deobfuscate VBA | 25 | +- **2015-09-17 v0.40**: Improved macro deobfuscation in [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba), |
| 26 | +to decode Hex and Base64 within VBA expressions. Display printable deobfuscated strings by | ||
| 27 | +default. Improved the VBA_Parser API. Improved performance. | ||
| 28 | +Fixed [issue #23](https://bitbucket.org/decalage/oletools/issue/23) with sys.stderr. | ||
| 29 | +- 2015-06-19 v0.12: [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) can now deobfuscate VBA | ||
| 26 | expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &, using a VBA parser built with | 30 | expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &, using a VBA parser built with |
| 27 | [pyparsing](http://pyparsing.wikispaces.com). New options to display only the analysis results or only the macros source code. | 31 | [pyparsing](http://pyparsing.wikispaces.com). New options to display only the analysis results or only the macros source code. |
| 28 | The analysis is now done on all the VBA modules at once. | 32 | The analysis is now done on all the VBA modules at once. |
| @@ -79,6 +83,9 @@ If you plan to use python-oletools with other Python applications or your own sc | @@ -79,6 +83,9 @@ If you plan to use python-oletools with other Python applications or your own sc | ||
| 79 | use "**pip install oletools**" or "**easy_install oletools**" to download and install in one go. Otherwise you may | 83 | use "**pip install oletools**" or "**easy_install oletools**" to download and install in one go. Otherwise you may |
| 80 | download/extract the zip archive and run "**setup.py install**". | 84 | download/extract the zip archive and run "**setup.py install**". |
| 81 | 85 | ||
| 86 | +**Important: to update oletools** if it is already installed, you must run **"pip install -U oletools"**, otherwise pip | ||
| 87 | +will not update it. | ||
| 88 | + | ||
| 82 | Documentation: | 89 | Documentation: |
| 83 | -------------- | 90 | -------------- |
| 84 | 91 |
oletools/README.html
| @@ -4,7 +4,8 @@ | @@ -4,7 +4,8 @@ | ||
| 4 | <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p> | 4 | <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p> |
| 5 | <h2 id="news">News</h2> | 5 | <h2 id="news">News</h2> |
| 6 | <ul> | 6 | <ul> |
| 7 | -<li><strong>2015-06-19 v0.12</strong>: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now deobfuscate VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &, using a VBA parser built with <a href="http://pyparsing.wikispaces.com">pyparsing</a>. New options to display only the analysis results or only the macros source code. The analysis is now done on all the VBA modules at once.</li> | 7 | +<li><strong>2015-09-17 v0.40</strong>: Improved macro deobfuscation in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, to decode Hex and Base64 within VBA expressions. Display printable deobfuscated strings by default. Improved the VBA_Parser API. Improved performance. Fixed <a href="https://bitbucket.org/decalage/oletools/issue/23">issue #23</a> with sys.stderr.</li> |
| 8 | +<li>2015-06-19 v0.12: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now deobfuscate VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &, using a VBA parser built with <a href="http://pyparsing.wikispaces.com">pyparsing</a>. New options to display only the analysis results or only the macros source code. The analysis is now done on all the VBA modules at once.</li> | ||
| 8 | <li>2015-05-29 v0.11: Improved parsing of MHTML and ActiveMime/MSO files in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, added several suspicious keywords to VBA scanner (thanks to <span class="citation">@ozhermit</span> and Davy Douhine for the suggestions)</li> | 9 | <li>2015-05-29 v0.11: Improved parsing of MHTML and ActiveMime/MSO files in <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, added several suspicious keywords to VBA scanner (thanks to <span class="citation">@ozhermit</span> and Davy Douhine for the suggestions)</li> |
| 9 | <li>2015-05-06 v0.10: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word MHTML files with macros, aka "Single File Web Page" (.mht) - see <a href="https://bitbucket.org/decalage/oletools/issue/10">issue #10</a> for more info</li> | 10 | <li>2015-05-06 v0.10: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word MHTML files with macros, aka "Single File Web Page" (.mht) - see <a href="https://bitbucket.org/decalage/oletools/issue/10">issue #10</a> for more info</li> |
| 10 | <li>2015-03-23 v0.09: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word 2003 XML files, added anti-sandboxing/VM detection</li> | 11 | <li>2015-03-23 v0.09: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word 2003 XML files, added anti-sandboxing/VM detection</li> |
| @@ -33,6 +34,7 @@ | @@ -33,6 +34,7 @@ | ||
| 33 | <p>To use python-oletools from the command line as analysis tools, you may simply <a href="https://bitbucket.org/decalage/oletools/downloads">download the zip archive</a> and extract the files in the directory of your choice.</p> | 34 | <p>To use python-oletools from the command line as analysis tools, you may simply <a href="https://bitbucket.org/decalage/oletools/downloads">download the zip archive</a> and extract the files in the directory of your choice.</p> |
| 34 | <p>To get the latest development version, click on "Download repository" on the <a href="https://bitbucket.org/decalage/oletools/downloads">downloads page</a>, or use mercurial to clone the repository.</p> | 35 | <p>To get the latest development version, click on "Download repository" on the <a href="https://bitbucket.org/decalage/oletools/downloads">downloads page</a>, or use mercurial to clone the repository.</p> |
| 35 | <p>If you plan to use python-oletools with other Python applications or your own scripts, then the simplest solution is to use "<strong>pip install oletools</strong>" or "<strong>easy_install oletools</strong>" to download and install in one go. Otherwise you may download/extract the zip archive and run "<strong>setup.py install</strong>".</p> | 36 | <p>If you plan to use python-oletools with other Python applications or your own scripts, then the simplest solution is to use "<strong>pip install oletools</strong>" or "<strong>easy_install oletools</strong>" to download and install in one go. Otherwise you may download/extract the zip archive and run "<strong>setup.py install</strong>".</p> |
| 37 | +<p><strong>Important: to update oletools</strong> if it is already installed, you must run <strong>"pip install -U oletools"</strong>, otherwise pip will not update it.</p> | ||
| 36 | <h2 id="documentation">Documentation:</h2> | 38 | <h2 id="documentation">Documentation:</h2> |
| 37 | <p>The latest version of the documentation can be found <a href="https://bitbucket.org/decalage/oletools/wiki">online</a>, otherwise a copy is provided in the doc subfolder of the package.</p> | 39 | <p>The latest version of the documentation can be found <a href="https://bitbucket.org/decalage/oletools/wiki">online</a>, otherwise a copy is provided in the doc subfolder of the package.</p> |
| 38 | <h2 id="how-to-suggest-improvements-report-issues-or-contribute">How to Suggest Improvements, Report Issues or Contribute:</h2> | 40 | <h2 id="how-to-suggest-improvements-report-issues-or-contribute">How to Suggest Improvements, Report Issues or Contribute:</h2> |
oletools/README.rst
| @@ -26,7 +26,14 @@ Software. | @@ -26,7 +26,14 @@ Software. | ||
| 26 | News | 26 | News |
| 27 | ---- | 27 | ---- |
| 28 | 28 | ||
| 29 | -- **2015-06-19 v0.12**: | 29 | +- **2015-09-17 v0.40**: Improved macro deobfuscation in |
| 30 | + `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__, to | ||
| 31 | + decode Hex and Base64 within VBA expressions. Display printable | ||
| 32 | + deobfuscated strings by default. Improved the VBA\_Parser API. | ||
| 33 | + Improved performance. Fixed `issue | ||
| 34 | + #23 <https://bitbucket.org/decalage/oletools/issue/23>`__ with | ||
| 35 | + sys.stderr. | ||
| 36 | +- 2015-06-19 v0.12: | ||
| 30 | `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ can | 37 | `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ can |
| 31 | now deobfuscate VBA expressions with any combination of Chr, Asc, | 38 | now deobfuscate VBA expressions with any combination of Chr, Asc, |
| 32 | Val, StrReverse, Environ, +, &, using a VBA parser built with | 39 | Val, StrReverse, Environ, +, &, using a VBA parser built with |
| @@ -122,6 +129,9 @@ oletools**\ " or "**easy\_install oletools**\ " to download and install | @@ -122,6 +129,9 @@ oletools**\ " or "**easy\_install oletools**\ " to download and install | ||
| 122 | in one go. Otherwise you may download/extract the zip archive and run | 129 | in one go. Otherwise you may download/extract the zip archive and run |
| 123 | "**setup.py install**\ ". | 130 | "**setup.py install**\ ". |
| 124 | 131 | ||
| 132 | +**Important: to update oletools** if it is already installed, you must | ||
| 133 | +run **"pip install -U oletools"**, otherwise pip will not update it. | ||
| 134 | + | ||
| 125 | Documentation: | 135 | Documentation: |
| 126 | -------------- | 136 | -------------- |
| 127 | 137 |