Python

user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'Here is the list of open-source Python projects that I am maintaining or contributing to.\n', created = 1369359918, expire = 1369446318, headers = '', serialized = 0 WHERE cid = '1:856fb11d06948f0632f2502350e5ee55' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'Here is a collection of short articles I have written about how to do many useful things in Python.\n', created = 1369359918, expire = 1369446318, headers = '', serialized = 0 WHERE cid = '1:47f38f23f1f7ca1a2b1ed43ddd658751' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the <a href=\"oletools\">oletools </a>package. pyxswf is an extension of <a href=\"http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html\">xxxswf.py</a> published by Alexander Hanel.\n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:7dcc78a81cc4e465896b192d8d875e58' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = '<a href=\"../../../../../../python/oletools\">python-oletools</a> is a package of python tools to analyze <a href=\"http://en.wikipedia.org/wiki/Compound_File_Binary_Format\">Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)</a>, such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the <a href=\"../../../../../../python/olefileio\">OleFileIO_PL</a> parser. \n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:13a6dbc252cc6586ffde782fbe5c0e63' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'OleFileIO_PL is a Python module to read <a href=\"http://en.wikipedia.org/wiki/Compound_File_Binary_Format\">Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)</a>, such as Microsoft Office documents, Image Composer and FlashPix files, Outlook messages, ... This my improved version of the OleFileIO module from <a href=\"http://www.pythonware.com/products/pil/index.htm\">PIL</a>, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The API is still compatible with PIL, but I have improved the internal implementation significantly, with many bugfixes and a more robust design.\n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = &# in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package. \n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:c13d199824eb9fd8b23ecbc592c82338' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package. \n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:ce49a7fb233c73461ad0ec952532cfc8' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package.\n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:57f2c306753f0b4d67a4ddb87201c9d2' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'pywordform is a python module to parse Microsoft Word forms in docx format, and extract all field values with their tags into a python dictionary.\n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:92035c9e8ec44290f7c45cb2f15d36ee' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.75.76' for table 'cache_filter' query: UPDATE cache_filter SET data = 'iodeflib is a python library to create, parse and edit cyber incident reports using the IODEF XML format (<a href=\"http://www.ietf.org/rfc/rfc5070.txt\">RFC 5070</a>).\n', created = 1369359919, expire = 1369446319, headers = '', serialized = 0 WHERE cid = '1:cd94dccc8e7de79e750b7e4babc921ad' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
warning: array_map() [function.array-map]: Argument #2 should be an array in /homez.14/decalaged/www/drupal/modules/system/system.module on line 1015.
warning: array_keys() [function.array-keys]: The first argument should be an array in /homez.14/decalaged/www/drupal/includes/theme.inc on line 1817.
warning: Invalid argument supplied for foreach() in /homez.14/decalaged/www/drupal/includes/theme.inc on line 1817.

Python projects

Tool
Python

Here is the list of open-source Python projects that I am maintaining or contributing to.

My Python howtos

Here is a collection of short articles I have written about how to do many useful things in Python.

pyxswf - a python tool to extract SWF (Flash) objects from documents (improved xxxswf)

Submitted by decalage on Wed, 05/08/2013 - 19:24

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.

python-oletools - python tools to analyze OLE files

Submitted by decalage on Wed, 05/08/2013 - 19:21

python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the OleFileIO_PL parser.

OleFileIO_PL - a Python module to read MS OLE2 files

Tool
Python

OleFileIO_PL is a Python module to read Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents, Image Composer and FlashPix files, Outlook messages, ... This my improved version of the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The API is still compatible with PIL, but I have improved the internal implementation significantly, with many bugfixes and a more robust design.

rtfobj - a python tool to extract embedded objects from RTF files

Submitted by decalage on Fri, 05/03/2013 - 04:56

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package.

oleid - a python tool to quickly analyze OLE files

Submitted by decalage on Fri, 11/02/2012 - 10:03

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package.

olebrowse - a simple python GUI to browse OLE files and extract streams

Submitted by decalage on Mon, 10/15/2012 - 20:15

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.