python-oletools
===============
|PyPI| |Build Status| |Say Thanks!|
`oletools <http://www.decalage.info/python/oletools>`__ is a package of
python tools to analyze `Microsoft OLE2
files <http://en.wikipedia.org/wiki/Compound_File_Binary_Format>`__
(also called Structured Storage, Compound File Binary Format or Compound
Document File Format), such as Microsoft Office 97-2003 documents, MSI
files or Outlook messages, mainly for malware analysis, forensics and
debugging. It is based on the
`olefile <http://www.decalage.info/olefile>`__ parser.
It also provides tools to analyze RTF files and files based on the
`OpenXML format <https://en.wikipedia.org/wiki/Office_Open_XML>`__ (aka
OOXML) such as MS Office 2007+ documents, XPS or MSIX files.
For example, oletools can detect, extract and analyse VBA macros, OLE
objects, Excel 4 macros (XLM) and DDE links.
See http://www.decalage.info/python/oletools for more info.
**Quick links:** `Home
page <http://www.decalage.info/python/oletools>`__ -
`Download/Install <https://github.com/decalage2/oletools/wiki/Install>`__
- `Documentation <https://github.com/decalage2/oletools/wiki>`__ -
`Report
Issues/Suggestions/Questions <https://github.com/decalage2/oletools/issues>`__
- `Contact the Author <http://decalage.info/contact>`__ -
`Repository <https://github.com/decalage2/oletools>`__ - `Updates on
Twitter <https://twitter.com/decalage2>`__
`Cheatsheet <https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf>`__
Note: python-oletools is not related to OLETools published by BeCubed
Software.
News
----
- **2024-07-02 v0.60.2**:
- olevba:
- fixed a bug in open_slk (issue #797, PR #769)
- fixed a bug due to new PROJECTCOMPATVERSION record in dir
stream (PR #723, issues #700, #701, #725, #791, #808, #811,
#833)
- oleobj: fixed SyntaxError with Python 3.12 (PR #855),
SyntaxWarning (PR #774)
- rtfobj: fixed SyntaxError with Python 3.12 (PR #854)
- clsid: added CLSIDs for MSI, Zed
- ftguess: added MSI, PNG and OneNote formats
- pyxswf: fixed python 3.12 compatibility (PR #841, issue #813)
- setup/requirements: allow pyparsing 3 to solve install issues (PR
#812, issue #762)
- **2022-05-09 v0.60.1**:
- olevba:
- fixed a bug when calling XLMMacroDeobfuscator (PR #737)
- removed keyword "sample" causing false positives
- oleid: fixed OleID init issue (issue #695, PR #696)
- oleobj:
- added simple detection of CVE-2021-40444 initial stage
- added detection for customUI onLoad
- improved handling of incorrect filenames in OLE package (PR
#451)
- rtfobj: fixed code to find URLs in OLE2Link objects for Py3 (issue
#692)
- ftguess:
- added PowerPoint and XPS formats (PR #716)
- fixed issue with XPS and malformed documents (issue #711)
- added XLSB format (issue #758)
- improved logging with common module log_helper (PR #449)
- **2021-06-02 v0.60**:
- ftguess: new tool to identify file formats and containers (issue
#680)
- oleid: (issue #679)
- each indicator now has a risk level
- calls ftguess to identify file formats
- calls olevba+mraptor to detect and analyse VBA+XLM macros
- olevba:
- when XLMMacroDeobfuscator is available, use it to extract and
deobfuscate XLM macros
- rtfobj:
- use ftguess to identify file type of OLE Package (issue #682)
- fixed bug in re_executable_extensions
- crypto: added PowerPoint transparent password '/01Hannes
Ruescher/01' (issue #627)
- setup: XLMMacroDeobfuscator, xlrd2 and pyxlsb2 added as optional
dependencies
See the `full
changelog <https://github.com/decalage2/oletools/wiki/Changelog>`__ for
more information.
Tools:
------
Tools to analyze malicious documents
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `oleid <https://github.com/decalage2/oletools/wiki/oleid>`__: to
analyze OLE files to detect specific characteristics usually found in
malicious files.
- `olevba <https://github.com/decalage2/oletools/wiki/olevba>`__: to
extract and analyze VBA Macro source code from MS Office documents
(OLE and OpenXML).
- `MacroRaptor <https://github.com/decalage2/oletools/wiki/mraptor>`__:
to detect malicious VBA Macros
- `msodde <https://github.com/decalage2/oletools/wiki/msodde>`__: to
detect and extract DDE/DDEAUTO links from MS Office documents, RTF
and CSV
- `pyxswf <https://github.com/decalage2/oletools/wiki/pyxswf>`__: to
detect, extract and analyze Flash objects (SWF) that may be embedded
in files such as MS Office documents (e.g. Word, Excel) and RTF,
which is especially useful for malware analysis.
- `oleobj <https://github.com/decalage2/oletools/wiki/oleobj>`__: to
extract embedded objects from OLE files.
- `rtfobj <https://github.com/decalage2/oletools/wiki/rtfobj>`__: to
extract embedded objects from RTF files.
Tools to analyze the structure of OLE files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `olebrowse <https://github.com/decalage2/oletools/wiki/olebrowse>`__:
A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint
documents), to view and extract individual data streams.
- `olemeta <https://github.com/decalage2/oletools/wiki/olemeta>`__: to
extract all standard properties (metadata) from OLE files.
- `oletimes <https://github.com/decalage2/oletools/wiki/oletimes>`__:
to extract creation and modification timestamps of all streams and
storages.
- `oledir <https://github.com/decalage2/oletools/wiki/oledir>`__: to
display all the directory entries of an OLE file, including free and
orphaned entries.
- `olemap <https://github.com/decalage2/oletools/wiki/olemap>`__: to
display a map of all the sectors in an OLE file.
Projects using oletools:
------------------------
oletools are used by a number of projects and online malware analysis
services, including `ACE <https://github.com/IntegralDefense/ACE>`__,
`ADAPT <https://www.blackhat.com/eu-23/briefings/schedule/index.html#unmasking-apts-an-automated-approach-for-real-world-threat-attribution-35162>`__,
`Anlyz.io <https://sandbox.anlyz.io/>`__,
`AssemblyLine <https://www.cse-cst.gc.ca/en/assemblyline>`__, `Binary
Refinery <https://github.com/binref/refinery>`__,
`CAPE <https://github.com/ctxis/CAPE>`__,
`CinCan <https://cincan.io>`__, `Cortex XSOAR (Palo
Alto) <https://cortex.marketplace.pan.dev/marketplace/details/Oletools/>`__,
`Cuckoo Sandbox <https://github.com/cuckoosandbox/cuckoo>`__,
`DARKSURGEON <https://github.com/cryps1s/DARKSURGEON>`__,
`Deepviz <https://sandbox.deepviz.com/>`__,
`DIARIO <https://diario.elevenpaths.com/>`__,
`dridex.malwareconfig.com <https://dridex.malwareconfig.com>`__, `EML
Analyzer <https://github.com/ninoseki/eml_analyzer>`__,
`EXPMON <https://pub.expmon.com/>`__,
`FAME <https://certsocietegenerale.github.io/fame/>`__,
`FLARE-VM <https://github.com/fireeye/flare-vm>`__, `GLIMPS
Malware <https://www.glimps.fr/en/glimps-malware-2/>`__,
`Hybrid-analysis.com <https://www.hybrid-analysis.com/>`__, `InQuest
Labs <https://labs.inquest.net/>`__,
`IntelOwl <https://github.com/certego/IntelOwl>`__, `Joe
Sandbox <https://www.document-analyzer.net/>`__, `Laika
BOSS <https://github.com/lmco/laikaboss>`__,
`MacroMilter <https://github.com/sbidy/MacroMilter>`__,
`mailcow <https://mailcow.email/>`__,
`malshare.io <https://malshare.io>`__,
`malware-repo <https://github.com/Tigzy/malware-repo>`__, `Malware
Repository Framework (MRF) <https://www.adlice.com/download/mrf/>`__,
`MalwareBazaar <https://bazaar.abuse.ch/>`__,
`olefy <https://github.com/HeinleinSupport/olefy>`__,
`Pandora <https://github.com/pandora-analysis/pandora>`__,
`PeekabooAV <https://github.com/scVENUS/PeekabooAV>`__,
`pcodedmp <https://github.com/bontchev/pcodedmp>`__,
`PyCIRCLean <https://github.com/CIRCL/PyCIRCLean>`__,
`QFlow <https://www.quarkslab.com/products-qflow/>`__,
`Qu1cksc0pe <https://github.com/CYB3RMX/Qu1cksc0pe>`__, `Tylabs
QuickSand <https://github.com/tylabs/quicksand>`__,
`REMnux <https://remnux.org/>`__,
`Snake <https://github.com/countercept/snake>`__,
`SNDBOX <https://app.sndbox.com>`__, `Splunk add-on for MS O365
Email <https://splunkbase.splunk.com/app/5365/>`__,
`SpuriousEmu <https://github.com/ldbo/SpuriousEmu>`__,
`Strelka <https://github.com/target/strelka>`__,
`stoQ <https://stoq.punchcyber.com/>`__, `Sublime
Platform/MQL <https://docs.sublimesecurity.com/docs/enrichment-functions>`__,
`Subparse <https://github.com/jstrosch/subparse>`__,
`TheHive/Cortex <https://github.com/TheHive-Project/Cortex-Analyzers>`__,
`ThreatBoook <https://s.threatbook.com/>`__, `TSUGURI
Linux <https://tsurugi-linux.org/>`__,
`Vba2Graph <https://github.com/MalwareCantFly/Vba2Graph>`__,
`Viper <http://viper.li/>`__,
`ViperMonkey <https://github.com/decalage2/ViperMonkey>`__,
`YOMI <https://yomi.yoroi.company>`__, and probably
`VirusTotal <https://www.virustotal.com>`__,
`FileScan.IO <https://www.filescan.io>`__. And quite a few `other
projects on
GitHub <https://github.com/search?q=oletools&type=Repositories>`__.
(Please `contact me <(http://decalage.info/contact)>`__ if you have or
know a project using oletools)
Download and Install:
---------------------
The recommended way to download and install/update the **latest stable
release** of oletools is to use
`pip <https://pip.pypa.io/en/stable/installing/>`__:
- On Linux/Mac: ``sudo -H pip install -U oletools[full]``
- On Windows: ``pip install -U oletools[full]``
This should automatically create command-line scripts to run each tool
from any directory: ``olevba``, ``mraptor``, ``rtfobj``, etc.
The keyword ``[full]`` means that all optional dependencies will be
installed, such as XLMMacroDeobfuscator. If you prefer a lighter version
without optional dependencies, just remove ``[full]`` from the command
line.
To get the **latest development version** instead:
- On Linux/Mac:
``sudo -H pip install -U https://github.com/decalage2/oletools/archive/master.zip``
- On Windows:
``pip install -U https://github.com/decalage2/oletools/archive/master.zip``
See the
`documentation <https://github.com/decalage2/oletools/wiki/Install>`__
for other installation options.
Documentation:
--------------
The latest version of the documentation can be found
`online <https://github.com/decalage2/oletools/wiki>`__, otherwise a
copy is provided in the doc subfolder of the package.
How to Suggest Improvements, Report Issues or Contribute:
---------------------------------------------------------
This is a personal open-source project, developed on my spare time. Any
contribution, suggestion, feedback or bug report is welcome.
To suggest improvements, report a bug or any issue, please use the
`issue reporting page <https://github.com/decalage2/oletools/issues>`__,
providing all the information and files to reproduce the problem.
You may also `contact the author <http://decalage.info/contact>`__
directly to provide feedback.
The code is available in `a GitHub
repository <https://github.com/decalage2/oletools>`__. You may use it to
submit enhancements using forks and pull requests.
License
-------
This license applies to the python-oletools package, apart from the
thirdparty folder which contains third-party files published with their
own license.
The python-oletools package is copyright (c) 2012-2024 Philippe Lagadec
(http://www.decalage.info)
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
- Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--------------
olevba contains modified source code from the officeparser project,
published under the following MIT License (MIT):
officeparser is copyright (c) 2014 John William Davison
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
.. |PyPI| image:: https://img.shields.io/pypi/v/oletools.svg
:target: https://pypi.org/project/oletools/
.. |Build Status| image:: https://travis-ci.org/decalage2/oletools.svg?branch=master
:target: https://travis-ci.org/decalage2/oletools
.. |Say Thanks!| image:: https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg
:target: https://saythanks.io/to/decalage2
Raw data
{
"_id": null,
"home_page": "https://github.com/decalage2/oletools",
"name": "oletools",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "Philippe Lagadec",
"author_email": "nospam@decalage.info",
"download_url": "https://files.pythonhosted.org/packages/5c/2f/037f40e44706d542b94a2312ccc33ee2701ebfc9a83b46b55263d49ce55a/oletools-0.60.2.zip",
"platform": null,
"description": "python-oletools\n===============\n\n|PyPI| |Build Status| |Say Thanks!|\n\n`oletools <http://www.decalage.info/python/oletools>`__ is a package of\npython tools to analyze `Microsoft OLE2\nfiles <http://en.wikipedia.org/wiki/Compound_File_Binary_Format>`__\n(also called Structured Storage, Compound File Binary Format or Compound\nDocument File Format), such as Microsoft Office 97-2003 documents, MSI\nfiles or Outlook messages, mainly for malware analysis, forensics and\ndebugging. It is based on the\n`olefile <http://www.decalage.info/olefile>`__ parser.\n\nIt also provides tools to analyze RTF files and files based on the\n`OpenXML format <https://en.wikipedia.org/wiki/Office_Open_XML>`__ (aka\nOOXML) such as MS Office 2007+ documents, XPS or MSIX files.\n\nFor example, oletools can detect, extract and analyse VBA macros, OLE\nobjects, Excel 4 macros (XLM) and DDE links.\n\nSee http://www.decalage.info/python/oletools for more info.\n\n**Quick links:** `Home\npage <http://www.decalage.info/python/oletools>`__ -\n`Download/Install <https://github.com/decalage2/oletools/wiki/Install>`__\n- `Documentation <https://github.com/decalage2/oletools/wiki>`__ -\n`Report\nIssues/Suggestions/Questions <https://github.com/decalage2/oletools/issues>`__\n- `Contact the Author <http://decalage.info/contact>`__ -\n`Repository <https://github.com/decalage2/oletools>`__ - `Updates on\nTwitter <https://twitter.com/decalage2>`__\n`Cheatsheet <https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf>`__\n\nNote: python-oletools is not related to OLETools published by BeCubed\nSoftware.\n\nNews\n----\n\n- **2024-07-02 v0.60.2**:\n\n - olevba:\n\n - fixed a bug in open_slk (issue #797, PR #769)\n - fixed a bug due to new PROJECTCOMPATVERSION record in dir\n stream (PR #723, issues #700, #701, #725, #791, #808, #811,\n #833)\n\n - oleobj: fixed SyntaxError with Python 3.12 (PR #855),\n SyntaxWarning (PR #774)\n - rtfobj: fixed SyntaxError with Python 3.12 (PR #854)\n - clsid: added CLSIDs for MSI, Zed\n - ftguess: added MSI, PNG and OneNote formats\n - pyxswf: fixed python 3.12 compatibility (PR #841, issue #813)\n - setup/requirements: allow pyparsing 3 to solve install issues (PR\n #812, issue #762)\n\n- **2022-05-09 v0.60.1**:\n\n - olevba:\n\n - fixed a bug when calling XLMMacroDeobfuscator (PR #737)\n - removed keyword \"sample\" causing false positives\n\n - oleid: fixed OleID init issue (issue #695, PR #696)\n - oleobj:\n\n - added simple detection of CVE-2021-40444 initial stage\n - added detection for customUI onLoad\n - improved handling of incorrect filenames in OLE package (PR\n #451)\n\n - rtfobj: fixed code to find URLs in OLE2Link objects for Py3 (issue\n #692)\n - ftguess:\n\n - added PowerPoint and XPS formats (PR #716)\n - fixed issue with XPS and malformed documents (issue #711)\n - added XLSB format (issue #758)\n\n - improved logging with common module log_helper (PR #449)\n\n- **2021-06-02 v0.60**:\n\n - ftguess: new tool to identify file formats and containers (issue\n #680)\n - oleid: (issue #679)\n\n - each indicator now has a risk level\n - calls ftguess to identify file formats\n - calls olevba+mraptor to detect and analyse VBA+XLM macros\n\n - olevba:\n\n - when XLMMacroDeobfuscator is available, use it to extract and\n deobfuscate XLM macros\n\n - rtfobj:\n\n - use ftguess to identify file type of OLE Package (issue #682)\n - fixed bug in re_executable_extensions\n\n - crypto: added PowerPoint transparent password '/01Hannes\n Ruescher/01' (issue #627)\n - setup: XLMMacroDeobfuscator, xlrd2 and pyxlsb2 added as optional\n dependencies\n\nSee the `full\nchangelog <https://github.com/decalage2/oletools/wiki/Changelog>`__ for\nmore information.\n\nTools:\n------\n\nTools to analyze malicious documents\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n- `oleid <https://github.com/decalage2/oletools/wiki/oleid>`__: to\n analyze OLE files to detect specific characteristics usually found in\n malicious files.\n- `olevba <https://github.com/decalage2/oletools/wiki/olevba>`__: to\n extract and analyze VBA Macro source code from MS Office documents\n (OLE and OpenXML).\n- `MacroRaptor <https://github.com/decalage2/oletools/wiki/mraptor>`__:\n to detect malicious VBA Macros\n- `msodde <https://github.com/decalage2/oletools/wiki/msodde>`__: to\n detect and extract DDE/DDEAUTO links from MS Office documents, RTF\n and CSV\n- `pyxswf <https://github.com/decalage2/oletools/wiki/pyxswf>`__: to\n detect, extract and analyze Flash objects (SWF) that may be embedded\n in files such as MS Office documents (e.g. Word, Excel) and RTF,\n which is especially useful for malware analysis.\n- `oleobj <https://github.com/decalage2/oletools/wiki/oleobj>`__: to\n extract embedded objects from OLE files.\n- `rtfobj <https://github.com/decalage2/oletools/wiki/rtfobj>`__: to\n extract embedded objects from RTF files.\n\nTools to analyze the structure of OLE files\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n- `olebrowse <https://github.com/decalage2/oletools/wiki/olebrowse>`__:\n A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint\n documents), to view and extract individual data streams.\n- `olemeta <https://github.com/decalage2/oletools/wiki/olemeta>`__: to\n extract all standard properties (metadata) from OLE files.\n- `oletimes <https://github.com/decalage2/oletools/wiki/oletimes>`__:\n to extract creation and modification timestamps of all streams and\n storages.\n- `oledir <https://github.com/decalage2/oletools/wiki/oledir>`__: to\n display all the directory entries of an OLE file, including free and\n orphaned entries.\n- `olemap <https://github.com/decalage2/oletools/wiki/olemap>`__: to\n display a map of all the sectors in an OLE file.\n\nProjects using oletools:\n------------------------\n\noletools are used by a number of projects and online malware analysis\nservices, including `ACE <https://github.com/IntegralDefense/ACE>`__,\n`ADAPT <https://www.blackhat.com/eu-23/briefings/schedule/index.html#unmasking-apts-an-automated-approach-for-real-world-threat-attribution-35162>`__,\n`Anlyz.io <https://sandbox.anlyz.io/>`__,\n`AssemblyLine <https://www.cse-cst.gc.ca/en/assemblyline>`__, `Binary\nRefinery <https://github.com/binref/refinery>`__,\n`CAPE <https://github.com/ctxis/CAPE>`__,\n`CinCan <https://cincan.io>`__, `Cortex XSOAR (Palo\nAlto) <https://cortex.marketplace.pan.dev/marketplace/details/Oletools/>`__,\n`Cuckoo Sandbox <https://github.com/cuckoosandbox/cuckoo>`__,\n`DARKSURGEON <https://github.com/cryps1s/DARKSURGEON>`__,\n`Deepviz <https://sandbox.deepviz.com/>`__,\n`DIARIO <https://diario.elevenpaths.com/>`__,\n`dridex.malwareconfig.com <https://dridex.malwareconfig.com>`__, `EML\nAnalyzer <https://github.com/ninoseki/eml_analyzer>`__,\n`EXPMON <https://pub.expmon.com/>`__,\n`FAME <https://certsocietegenerale.github.io/fame/>`__,\n`FLARE-VM <https://github.com/fireeye/flare-vm>`__, `GLIMPS\nMalware <https://www.glimps.fr/en/glimps-malware-2/>`__,\n`Hybrid-analysis.com <https://www.hybrid-analysis.com/>`__, `InQuest\nLabs <https://labs.inquest.net/>`__,\n`IntelOwl <https://github.com/certego/IntelOwl>`__, `Joe\nSandbox <https://www.document-analyzer.net/>`__, `Laika\nBOSS <https://github.com/lmco/laikaboss>`__,\n`MacroMilter <https://github.com/sbidy/MacroMilter>`__,\n`mailcow <https://mailcow.email/>`__,\n`malshare.io <https://malshare.io>`__,\n`malware-repo <https://github.com/Tigzy/malware-repo>`__, `Malware\nRepository Framework (MRF) <https://www.adlice.com/download/mrf/>`__,\n`MalwareBazaar <https://bazaar.abuse.ch/>`__,\n`olefy <https://github.com/HeinleinSupport/olefy>`__,\n`Pandora <https://github.com/pandora-analysis/pandora>`__,\n`PeekabooAV <https://github.com/scVENUS/PeekabooAV>`__,\n`pcodedmp <https://github.com/bontchev/pcodedmp>`__,\n`PyCIRCLean <https://github.com/CIRCL/PyCIRCLean>`__,\n`QFlow <https://www.quarkslab.com/products-qflow/>`__,\n`Qu1cksc0pe <https://github.com/CYB3RMX/Qu1cksc0pe>`__, `Tylabs\nQuickSand <https://github.com/tylabs/quicksand>`__,\n`REMnux <https://remnux.org/>`__,\n`Snake <https://github.com/countercept/snake>`__,\n`SNDBOX <https://app.sndbox.com>`__, `Splunk add-on for MS O365\nEmail <https://splunkbase.splunk.com/app/5365/>`__,\n`SpuriousEmu <https://github.com/ldbo/SpuriousEmu>`__,\n`Strelka <https://github.com/target/strelka>`__,\n`stoQ <https://stoq.punchcyber.com/>`__, `Sublime\nPlatform/MQL <https://docs.sublimesecurity.com/docs/enrichment-functions>`__,\n`Subparse <https://github.com/jstrosch/subparse>`__,\n`TheHive/Cortex <https://github.com/TheHive-Project/Cortex-Analyzers>`__,\n`ThreatBoook <https://s.threatbook.com/>`__, `TSUGURI\nLinux <https://tsurugi-linux.org/>`__,\n`Vba2Graph <https://github.com/MalwareCantFly/Vba2Graph>`__,\n`Viper <http://viper.li/>`__,\n`ViperMonkey <https://github.com/decalage2/ViperMonkey>`__,\n`YOMI <https://yomi.yoroi.company>`__, and probably\n`VirusTotal <https://www.virustotal.com>`__,\n`FileScan.IO <https://www.filescan.io>`__. And quite a few `other\nprojects on\nGitHub <https://github.com/search?q=oletools&type=Repositories>`__.\n(Please `contact me <(http://decalage.info/contact)>`__ if you have or\nknow a project using oletools)\n\nDownload and Install:\n---------------------\n\nThe recommended way to download and install/update the **latest stable\nrelease** of oletools is to use\n`pip <https://pip.pypa.io/en/stable/installing/>`__:\n\n- On Linux/Mac: ``sudo -H pip install -U oletools[full]``\n- On Windows: ``pip install -U oletools[full]``\n\nThis should automatically create command-line scripts to run each tool\nfrom any directory: ``olevba``, ``mraptor``, ``rtfobj``, etc.\n\nThe keyword ``[full]`` means that all optional dependencies will be\ninstalled, such as XLMMacroDeobfuscator. If you prefer a lighter version\nwithout optional dependencies, just remove ``[full]`` from the command\nline.\n\nTo get the **latest development version** instead:\n\n- On Linux/Mac:\n ``sudo -H pip install -U https://github.com/decalage2/oletools/archive/master.zip``\n- On Windows:\n ``pip install -U https://github.com/decalage2/oletools/archive/master.zip``\n\nSee the\n`documentation <https://github.com/decalage2/oletools/wiki/Install>`__\nfor other installation options.\n\nDocumentation:\n--------------\n\nThe latest version of the documentation can be found\n`online <https://github.com/decalage2/oletools/wiki>`__, otherwise a\ncopy is provided in the doc subfolder of the package.\n\nHow to Suggest Improvements, Report Issues or Contribute:\n---------------------------------------------------------\n\nThis is a personal open-source project, developed on my spare time. Any\ncontribution, suggestion, feedback or bug report is welcome.\n\nTo suggest improvements, report a bug or any issue, please use the\n`issue reporting page <https://github.com/decalage2/oletools/issues>`__,\nproviding all the information and files to reproduce the problem.\n\nYou may also `contact the author <http://decalage.info/contact>`__\ndirectly to provide feedback.\n\nThe code is available in `a GitHub\nrepository <https://github.com/decalage2/oletools>`__. You may use it to\nsubmit enhancements using forks and pull requests.\n\nLicense\n-------\n\nThis license applies to the python-oletools package, apart from the\nthirdparty folder which contains third-party files published with their\nown license.\n\nThe python-oletools package is copyright (c) 2012-2024 Philippe Lagadec\n(http://www.decalage.info)\n\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n- Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n- Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\nIS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED\nTO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\nPARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n--------------\n\nolevba contains modified source code from the officeparser project,\npublished under the following MIT License (MIT):\n\nofficeparser is copyright (c) 2014 John William Davison\n\nPermission is hereby granted, free of charge, to any person obtaining a\ncopy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n.. |PyPI| image:: https://img.shields.io/pypi/v/oletools.svg\n :target: https://pypi.org/project/oletools/\n.. |Build Status| image:: https://travis-ci.org/decalage2/oletools.svg?branch=master\n :target: https://travis-ci.org/decalage2/oletools\n.. |Say Thanks!| image:: https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg\n :target: https://saythanks.io/to/decalage2\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR",
"version": "0.60.2",
"project_urls": {
"Download": "https://github.com/decalage2/oletools/releases",
"Homepage": "https://github.com/decalage2/oletools"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "acff05257b7183279b80ecec6333744de23f48f0faeeba46c93e6d13ce835515",
"md5": "0c480dd236e347cb4dc1b4d11d6c9698",
"sha256": "72ad8bd748fd0c4e7b5b4733af770d11543ebb2bf2697455f99f975fcd50cc96"
},
"downloads": -1,
"filename": "oletools-0.60.2-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "0c480dd236e347cb4dc1b4d11d6c9698",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 989449,
"upload_time": "2024-07-02T14:50:29",
"upload_time_iso_8601": "2024-07-02T14:50:29.122555Z",
"url": "https://files.pythonhosted.org/packages/ac/ff/05257b7183279b80ecec6333744de23f48f0faeeba46c93e6d13ce835515/oletools-0.60.2-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "5c2f037f40e44706d542b94a2312ccc33ee2701ebfc9a83b46b55263d49ce55a",
"md5": "28bdd4e828d1d5267a21d9a307dc782f",
"sha256": "ad452099f4695ffd8855113f453348200d195ee9fa341a09e197d66ee7e0b2c3"
},
"downloads": -1,
"filename": "oletools-0.60.2.zip",
"has_sig": false,
"md5_digest": "28bdd4e828d1d5267a21d9a307dc782f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 3433750,
"upload_time": "2024-07-02T14:50:38",
"upload_time_iso_8601": "2024-07-02T14:50:38.242261Z",
"url": "https://files.pythonhosted.org/packages/5c/2f/037f40e44706d542b94a2312ccc33ee2701ebfc9a83b46b55263d49ce55a/oletools-0.60.2.zip",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-02 14:50:38",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "decalage2",
"github_project": "oletools",
"travis_ci": true,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "pyparsing",
"specs": [
[
"<",
"4"
],
[
">=",
"2.1.0"
]
]
},
{
"name": "olefile",
"specs": [
[
">=",
"0.46"
]
]
},
{
"name": "easygui",
"specs": []
},
{
"name": "colorclass",
"specs": []
},
{
"name": "msoffcrypto-tool",
"specs": []
},
{
"name": "pcodedmp",
"specs": [
[
">=",
"1.2.5"
]
]
}
],
"lcname": "oletools"
}
JSON
