Articles and tools about Python, Cyber Security and more.

Weaponized PDF

This article describes the PDF file format, related security issues and useful resources. [WORK IN PROGRESS]

pyxswf - a python tool to extract SWF (Flash) objects from documents (improved xxxswf)

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.

rtfobj - a python tool to extract embedded objects from RTF files

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package. 

oleid - a python tool to quickly analyze OLE files

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package. 

olebrowse - a simple python GUI to browse OLE files and extract streams

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.

pywordform - a Python module to parse MS Word forms (docx) to extract field values and tags

pywordform is a python module to parse Microsoft Word forms in docx format, and extract all field values with their tags into a python dictionary.

iodeflib - a python library to create, parse and edit IODEF incident reports

iodeflib is a python library to create, parse and edit cyber incident reports using the IODEF XML format (RFC 5070).

How to package a Python app and the Python interpreter in a single EXE

This article describes solutions to create a single executable file containing a Python application/script and the Python interpreter DLL with all necessary libraries. The executable file can then be launched on any system even if Python is not installed.

CherryProxy - a filtering HTTP proxy extensible in Python

CherryProxy is a simple HTTP proxy written in Python 2.x, based on the CherryPy WSGI server and httplib, extensible for content analysis and filtering.

How to create network servers in Python (HTTP, FTP, SMTP, SOAP, syslog, ...)

This article lists solutions to create network servers in Python for different standard protocols: HTTP, FTP, SMTP, SOAP, syslog, WebDAV, ...

Syndicate content