Python

My Python projects

Here is the list of open-source Python projects that I am maintaining or contributing to.

My Python howtos

Here is a collection of short articles I have written about how to do many useful things in Python.

Balbuzard - malware analysis tools to extract patterns of interest and crack obfuscation such as XOR

Balbuzard is a package of malware analysis tools in python to extract patterns from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

reScan - quick pattern matching in files for malware analysis

reScan is a very simple Python script to look for specific patterns (regular expressions) in binary or text files. It has been primarily developed to analyze malicious files, to quickly extract interesting patterns (shellcodes, embedded executables in malformed documents, etc). Update in 2014: it has now evolved into Balbuzard, which provides many more features.

OleFileIO_PL - a Python module to read MS OLE2 files

OleFileIO_PL is a Python module to read Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents, Image Composer and FlashPix files, Outlook messages, ... This my improved version of the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The API is still compatible with PIL, but I have improved the internal implementation significantly, with many bugfixes and a more robust design.

python-oletools - python tools to analyze OLE files

python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the OleFileIO_PL parser. 

pyxswf - a python tool to extract SWF (Flash) objects from documents (improved xxxswf)

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.

rtfobj - a python tool to extract embedded objects from RTF files

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package. 

oleid - a python tool to quickly analyze OLE files

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package. 

olebrowse - a simple python GUI to browse OLE files and extract streams

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.

Syndicate content