oletools
oletools copied to clipboard
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Several install instructions do not work as-is on Ubuntu/Debian (and possibly other Linux distros): - to use olebrowse, the Tkinter package is required: `sudo apt install python3-tk`. This issue should...
oleobj detects remote references in OpenXML files (docx, xlsx, pptx), but not in legacy OLE files (doc, xls, ppt). For example this sample is not detected: - https://twitter.com/doc_guard/status/1710647730966519892 - https://bazaar.abuse.ch/sample/f393e8344867ebad8b65e0bc32f3dc6911a5064c0ec07b8436e93ff6b43bda51/...
**Is your feature request related to a problem? Please describe.** CVE-2023-36884 seems to be a RCE opportunity in office files **Describe the solution you'd like** Find the documents that exploit...
I recently found [this question](https://stackoverflow.com/questions/54221055/excel-vba-import-module-from-text-file-without-requiring-trust-center) on Stack Overflow, it shows how to import a new code module in VBA using the `Modules` object. Here's a simplified snippet that illustrates how...
There seems to be a bug with olevba when scanning this sample: - https://twitter.com/wdormann/status/1696197904262742370 - https://twitter.com/jpcert_en/status/1696056414148645326 - https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html Malware hash value - ef59d7038cfd565fd65bae12588810d5361df938244ebad33b71882dcf683058 - 098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187 - 5b677d297fb862c2d223973697479ee53a91d03073b14556f421b3d74f136b9d
**Affected tool:** bazel **Describe the bug** There's a cycle between ```oletools``` and ```pcodedmp```, as the maintainers would already know, and this is causing an issue when bazel tries to pull...
This issue was already mentioned in https://github.com/decalage2/oletools/issues/90, but I think the problem deserves a specific issue. Currently, for matching suspicious keywords, there is no attempt to distinguish a regular line...
I cant run olevba oleid etc. after install ole pip3 list WARNING: Skipping /opt/homebrew/lib/python3.11/site-packages/six-1.16.0-py3.11.egg-info due to invalid metadata entry 'name' Package Version ---------------- ------- ansible-pylibssh 1.1.0 bcrypt 4.0.1 .... msoffcrypto-tool...
**Affected tool:** oleid **Describe the bug** OleID fail to detect XLM macros while openning the file manually clearly show it has **File/Malware sample to reproduce the bug** 961a06016808892b0f7098974b4eda79afd949c85468bd2397b1c9c7659a2f81 **How To...
**Affected tool:** olevba, mraptor, rtfobj, oleid, etc oletools-0.60.1/oletools/thirdparty/xxxswf/xxxswf.py **Describe the bug** This project uses the [`imp` module](https://docs.python.org/3/library/imp.html) which has been deprecated since Python 3.4 and removed in 3.12: * Raised...