Description

python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.

Tools in python-oletools:

• olebrowse: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
• oleid: a tool to analyze OLE files to detect specific characteristics usually found in malicious files.
• olemeta: a tool to extract all standard properties (metadata) from OLE files.
• oletimes: a tool to extract creation and modification timestamps of all streams and storages.
• olevba: a tool to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
• pyxswf: a tool to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.
• rtfobj: a tool and python module to extract embedded objects from RTF files.

Installation

Via pip

$ sudo pip install oletools

Manually

$ sudo aptitude install mercurial
$ hg clone https://bitbucket.org/decalage/oletools
$ sudo python setup.py install