From aldeid
Jump to navigation Jump to search
You are here


pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel), which is especially useful for malware analysis.

For detailed use cases, refer to the official documentation.


Refer to this section.



usage: [options] <file.bad>


-h, --help
show this help message and exit
-x, --extract
Extracts the embedded SWF(s), names it MD5HASH.swf & saves it in the working dir. No addition args needed
-y, --yara
Scans the SWF(s) with yara. If the SWF(s) is compressed it will be deflated. No addition args needed
-s, --md5scan
Scans the SWF(s) for MD5 signatures. Please see func checkMD5 to define hashes. No addition args needed
-H, --header
Displays the SWFs file header. No addition args needed
-d, --decompress
Deflates compressed SWFS(s)
-r PATH, --recdir=PATH
Will recursively scan a directory for files that contain SWFs. Must provide path in quotes
-c, --compress
Compresses the SWF using Zlib
-o, --ole
Parse an OLE file (e.g. Word, Excel) to look for SWF in each stream
-f, --rtf
Parse an RTF file to look for SWF in each embedded object