PyUp Safety actively tracks 267,404 Python packages for vulnerabilities and notifies you when to upgrade.
- olevba: - added support for SLK files and XLM macro extraction from SLK - VBA Stomping detection - integrated pcodedmp to extract and disassemble P-code - detection of suspicious keywords and IOCs in P-code - new option --pcode to display P-code disassembly - improved detection of auto execution triggers - rtfobj: added URL carver for CVE-2017-0199 - better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR 365) - tests: - test files can now be encrypted, to avoid antivirus alerts (PR 217, issue 215) - tests that trigger antivirus alerts have been temporarily disabled (issue 215) How to install with pip: https://github.com/decalage2/oletools/wiki/Install
This is a bugfix release for [oletools 0.54](https://github.com/decalage2/oletools/releases/tag/v0.54). Changes: - **2019-05-23 v0.54.2**: - msoffcrypto-tool is now a required dependency (simplified install) - plugin_biff: fixed issues 428, 434 and 444, improved Python 3 support - olevba, msodde, crypto: improved handling of encrypted files (PR 441) - olevba: initialize VBA_Parser.xlm_macros (fixes 433) - various fixes (PR 446) - olevba and msodde now handle documents encrypted with common passwords such as 123, 1234, 4321, 12345, 123456, VelvetSweatShop automatically. - **2019-04-09 v0.54.1**: - olevba: decompress_stream now accepts both bytes and bytearray (fixes 422) How to install/update with pip: https://github.com/decalage2/oletools/wiki/Install
* olevba, msodde: added support for encrypted MS Office files * olevba: added detection and extraction of XLM/XLF Excel 4 macros * olevba, mraptor: added detection of VBA running Excel 4 macros * olevba: detect and display special characters such as backspace * olevba: colorized output showing suspicious keywords in the VBA code * olevba, mraptor: full Python 3 compatibility, no separate olevba3/mraptor3 anymore * olevba: improved handling of code pages and unicode * olevba: fixed a false-positive in VBA macro detection * rtfobj: improved OLE Package handling, improved Equation object detection * oleobj: added detection of external links to objects in OpenXML * replaced third party packages by PyPI dependencies How to install with pip: https://github.com/decalage2/oletools/wiki/Install
**2018-06-13 v0.53.1**: Bugfix release - rtfobj: fixed issue 316, whitespace after \bin on Python 3 - olevba3: fixed 320, chr instead of unichr on python 3 - olevba3: fixed 322, import reduce from functools
- olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format) - improved support for VBA forms in olevba (oleform) - rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red. - Updated rtfobj to handle obfuscated RTF samples. - rtfobj now handles the "\\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/ - msodde: improved detection of DDE formulas in CSV files - oledir now displays the tree of storage/streams, along with CLSIDs and their meaning. - common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant. - oleid now detects encrypted OpenXML files - fixed bugs in oleobj, rtfobj, oleid, olevba
- New tool msodde to detect and extract DDE links from MS Office files, RTF and CSV; - Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files; - Performance improvements in olevba and rtfobj; - VBA form parsing in olevba; - Office 2007+ support in oleobj.
- added the [oletools cheatsheet](https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf) - improved [rtfobj](https://github.com/decalage2/oletools/wiki/rtfobj) to handle malformed RTF files, detect vulnerability CVE-2017-0199 - olevba: improved deobfuscation and Mac files support - [mraptor](https://github.com/decalage2/oletools/wiki/mraptor): added more ActiveX macro triggers - added [DocVarDump.vba](https://github.com/decalage2/oletools/blob/master/oletools/DocVarDump.vba) to dump document variables using Word - olemap: can now detect and extract [extra data at end of file](http://decalage.info/en/ole_extradata), improved display - oledir, olemeta, oletimes: added support for zip files and wildcards - many [bugfixes](https://github.com/decalage2/oletools/milestone/3?closed=1) in all the tools - improved Python 2+3 support
- all oletools now support python 2 and 3. - olevba: several bugfixes and improvements. - mraptor: improved detection, added mraptor_milter for Sendmail/Postfix integration. - rtfobj: brand new RTF parser, obfuscation-aware, improved display, detect executable files in OLE Package objects. - setup: now creates handy command-line scripts to run oletools from any directory.
- olevba: added PPT97 macros support, improved handling of malformed/incomplete documents, improved error handling and JSON output, now returns an exit code based on analysis results, new --relaxed option. - rtfobj: improved parsing to handle obfuscated RTF documents, added -d option to set output dir. - moved repository and documentation to GitHub.
olevba does not deobfuscate VBA expressions by default (much faster), new option --deobf to enable it. Fixed color display bug on Windows for several tools. [oletools-0.46.tar.gz](https://github.com/decalage2/oletools/files/288425/oletools-0.46.tar.gz) [oletools-0.46.zip](https://github.com/decalage2/oletools/files/288426/oletools-0.46.zip)