Oletools

This is a bugfix release for [oletools 0.54](https://github.com/decalage2/oletools/releases/tag/v0.54).

Changes:
- **2019-05-23 v0.54.2**:
- msoffcrypto-tool is now a required dependency (simplified install)
- plugin_biff: fixed issues 428, 434 and 444, improved Python 3 support
- olevba, msodde, crypto: improved handling of encrypted files (PR 441)
- olevba: initialize VBA_Parser.xlm_macros (fixes 433)
- various fixes (PR 446)
- olevba and msodde now handle documents encrypted with common passwords such
as 123, 1234, 4321, 12345, 123456, VelvetSweatShop automatically.
- **2019-04-09 v0.54.1**:
- olevba: decompress_stream now accepts both bytes and bytearray (fixes 422)

How to install/update with pip: https://github.com/decalage2/oletools/wiki/Install

* olevba, msodde: added support for encrypted MS Office files
* olevba: added detection and extraction of XLM/XLF Excel 4 macros
* olevba, mraptor: added detection of VBA running Excel 4 macros
* olevba: detect and display special characters such as backspace
* olevba: colorized output showing suspicious keywords in the VBA code
* olevba, mraptor: full Python 3 compatibility, no separate olevba3/mraptor3 anymore
* olevba: improved handling of code pages and unicode
* olevba: fixed a false-positive in VBA macro detection
* rtfobj: improved OLE Package handling, improved Equation object detection
* oleobj: added detection of external links to objects in OpenXML
* replaced third party packages by PyPI dependencies

How to install with pip: https://github.com/decalage2/oletools/wiki/Install

**2018-06-13 v0.53.1**: Bugfix release
- rtfobj: fixed issue 316, whitespace after \bin on Python 3
- olevba3: fixed 320, chr instead of unichr on python 3
- olevba3: fixed 322, import reduce from functools

- olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format)
- improved support for VBA forms in olevba (oleform)
- rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red.
- Updated rtfobj to handle obfuscated RTF samples.
- rtfobj now handles the "\\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/
- msodde: improved detection of DDE formulas in CSV files
- oledir now displays the tree of storage/streams, along with CLSIDs and their meaning.
- common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant.
- oleid now detects encrypted OpenXML files
- fixed bugs in oleobj, rtfobj, oleid, olevba

- New tool msodde to detect and extract DDE links from MS Office files, RTF and CSV;
- Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files;
- Performance improvements in olevba and rtfobj;
- VBA form parsing in olevba;
- Office 2007+ support in oleobj.

- added the [oletools cheatsheet](https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf)
- improved [rtfobj](https://github.com/decalage2/oletools/wiki/rtfobj) to handle malformed RTF files, detect vulnerability CVE-2017-0199
- olevba: improved deobfuscation and Mac files support
- [mraptor](https://github.com/decalage2/oletools/wiki/mraptor): added more ActiveX macro triggers
- added [DocVarDump.vba](https://github.com/decalage2/oletools/blob/master/oletools/DocVarDump.vba) to dump document variables using Word
- olemap: can now detect and extract [extra data at end of file](http://decalage.info/en/ole_extradata), improved display
- oledir, olemeta, oletimes: added support for zip files and wildcards
- many [bugfixes](https://github.com/decalage2/oletools/milestone/3?closed=1) in all the tools
- improved Python 2+3 support