oletools: analyze MS OLE2 files & MS Office documents, for malware analysis, forensics & debugging
python-oletools
oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics, and debugging. It is based on the olefile parser.
Tools
Tools to analyze malicious documents
- oleid: to analyze OLE files to detect specific characteristics usually found in malicious files.
- olevba: to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
- MacroRaptor: to detect malicious VBA Macros
- msodde: to detect and extract DDE/DDEAUTO links from MS Office documents, RTF and CSV
- pyxswf: to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.
- oleobj: to extract embedded objects from OLE files.
- rtfobj: to extract embedded objects from RTF files.
Tools to analyze the structure of OLE files
- olebrowse: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
- olemeta: to extract all standard properties (metadata) from OLE files.
- oletimes: to extract creation and modification timestamps of all streams and storages.
- oledir: to display all the directory entries of an OLE file, including free and orphaned entries.
- olemap: to display a map of all the sectors in an OLE file.