python-oletools - python tools to analyze OLE files

python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the OleFileIO_PL parser. 

Note: python-oletools is not related to OLETools published by BeCubed Software.

Tools in oletools:

  • olebrowse: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
  • oleid: a tool to analyze OLE files to detect specific characteristics that could potentially indicate that the file is suspicious or malicious.
  • olemeta: a tool to extract all standard properties (metadata) from OLE files.
  • oletimes: a tool to extract creation and modification timestamps of all streams and storages.
  • pyxswf: a tool to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. pyxswf is an extension of xxxswf.py published by Alexander Hanel.
  • rtfobj: a tool and python module to extract embedded objects from RTF files.
  • and a few others (coming soon)

News

  • 2013-07-24 v0.05: added new tools olemeta and oletimes
  • 2013-04-18 v0.04: fixed bug in rtfobj, added documentation for rtfob
  • 2012-11-09 v0.03: Improved pyxswf to extract Flash objects from RTF
  • 2012-10-29 v0.02: Added oleid
  • 2012-10-09 v0.01: Initial version of olebrowse and pyxswf
  • see changelog in source code for more info.

Download:

The archive is available on the project page.

How to contribute:

The code is available in a Mercurial repository on bitbucket. You may use it to submit enhancements or to report any issue.

If you would like to help us improve this module, or simply provide feedback, you may also send an e-mail to decalage(at)laposte.net.

How to report bugs:

To report a bug or any issue, please use the issue reporting page, or send an e-mail with all the information and files to reproduce the problem.

License

This license applies to the python-oletools package, apart from the thirdparty folder which contains third-party files published with their own license.

The python-oletools package is copyright (c) 2012-2013, Philippe Lagadec (http://www.decalage.info) All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.