Skip to content

Commit

Permalink
updated doc
Browse files Browse the repository at this point in the history
  • Loading branch information
decalage2 committed May 23, 2019
1 parent b96ab66 commit 9e47e2a
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 32 deletions.
8 changes: 7 additions & 1 deletion oletools/README.html
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ <h1 id="python-oletools">python-oletools</h1>
<p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p>
<h2 id="news">News</h2>
<ul>
<li><strong>2019-05-22 v0.54.2</strong>:
<ul>
<li>bugfix release: fixed several issues related to encrypted documents and XLM/XLF Excel 4 macros</li>
<li>msoffcrypto-tool is now installed by default to handle encrypted documents</li>
<li>olevba and msodde now handle documents encrypted with common passwords such as 123, 1234, 4321, 12345, 123456, VelvetSweatShop automatically.</li>
</ul></li>
<li><strong>2019-04-04 v0.54</strong>:
<ul>
<li>olevba, msodde: added support for encrypted MS Office files</li>
Expand Down Expand Up @@ -80,7 +86,7 @@ <h3 id="tools-to-analyze-the-structure-of-ole-files">Tools to analyze the struct
<li><a href="https://github.com/decalage2/oletools/wiki/olemap">olemap</a>: to display a map of all the sectors in an OLE file.</li>
</ul>
<h2 id="projects-using-oletools">Projects using oletools:</h2>
<p>oletools are used by a number of projects and online malware analysis services, including <a href="http://viper.li/">Viper</a>, <a href="https://remnux.org/">REMnux</a>, <a href="https://github.com/fireeye/flare-vm">FLARE-VM</a>, <a href="https://certsocietegenerale.github.io/fame/">FAME</a>, <a href="https://www.hybrid-analysis.com/">Hybrid-analysis.com</a>, <a href="https://www.document-analyzer.net/">Joe Sandbox</a>, <a href="https://sandbox.deepviz.com/">Deepviz</a>, <a href="https://github.com/lmco/laikaboss">Laika BOSS</a>, <a href="https://github.com/cuckoosandbox/cuckoo">Cuckoo Sandbox</a>, <a href="https://sandbox.anlyz.io/">Anlyz.io</a>, <a href="https://github.com/decalage2/ViperMonkey">ViperMonkey</a>, <a href="https://github.com/bontchev/pcodedmp">pcodedmp</a>, <a href="https://dridex.malwareconfig.com">dridex.malwareconfig.com</a>, <a href="https://github.com/countercept/snake">Snake</a>, <a href="https://github.com/cryps1s/DARKSURGEON">DARKSURGEON</a>, <a href="https://github.com/ctxis/CAPE">CAPE</a>, <a href="https://www.cse-cst.gc.ca/en/assemblyline">AssemblyLine</a>, <a href="https://malshare.io">malshare.io</a>, <a href="https://www.adlice.com/download/mrf/">Malware Repository Framework (MRF)</a>, <a href="https://github.com/Tigzy/malware-repo">malware-repo</a>, <a href="https://github.com/MalwareCantFly/Vba2Graph">Vba2Graph</a>, <a href="https://github.com/target/strelka">Strelka</a>, <a href="https://stoq.punchcyber.com/">stoQ</a>, and probably <a href="https://www.virustotal.com">VirusTotal</a>. And quite a few <a href="https://github.com/search?q=oletools&amp;type=Repositories">other projects on GitHub</a>. (Please <a href="(http://decalage.info/contact)">contact me</a> if you have or know a project using oletools)</p>
<p>oletools are used by a number of projects and online malware analysis services, including <a href="http://viper.li/">Viper</a>, <a href="https://remnux.org/">REMnux</a>, <a href="https://github.com/fireeye/flare-vm">FLARE-VM</a>, <a href="https://certsocietegenerale.github.io/fame/">FAME</a>, <a href="https://www.hybrid-analysis.com/">Hybrid-analysis.com</a>, <a href="https://www.document-analyzer.net/">Joe Sandbox</a>, <a href="https://sandbox.deepviz.com/">Deepviz</a>, <a href="https://github.com/lmco/laikaboss">Laika BOSS</a>, <a href="https://github.com/cuckoosandbox/cuckoo">Cuckoo Sandbox</a>, <a href="https://sandbox.anlyz.io/">Anlyz.io</a>, <a href="https://github.com/decalage2/ViperMonkey">ViperMonkey</a>, <a href="https://github.com/bontchev/pcodedmp">pcodedmp</a>, <a href="https://dridex.malwareconfig.com">dridex.malwareconfig.com</a>, <a href="https://github.com/countercept/snake">Snake</a>, <a href="https://github.com/cryps1s/DARKSURGEON">DARKSURGEON</a>, <a href="https://github.com/ctxis/CAPE">CAPE</a>, <a href="https://www.cse-cst.gc.ca/en/assemblyline">AssemblyLine</a>, <a href="https://malshare.io">malshare.io</a>, <a href="https://www.adlice.com/download/mrf/">Malware Repository Framework (MRF)</a>, <a href="https://github.com/Tigzy/malware-repo">malware-repo</a>, <a href="https://github.com/MalwareCantFly/Vba2Graph">Vba2Graph</a>, <a href="https://github.com/target/strelka">Strelka</a>, <a href="https://stoq.punchcyber.com/">stoQ</a>, <a href="https://yomi.yoroi.company">YOMI</a>, and probably <a href="https://www.virustotal.com">VirusTotal</a>. And quite a few <a href="https://github.com/search?q=oletools&amp;type=Repositories">other projects on GitHub</a>. (Please <a href="(http://decalage.info/contact)">contact me</a> if you have or know a project using oletools)</p>
<h2 id="download-and-install">Download and Install:</h2>
<p>The recommended way to download and install/update the <strong>latest stable release</strong> of oletools is to use <a href="https://pip.pypa.io/en/stable/installing/">pip</a>:</p>
<ul>
Expand Down
13 changes: 12 additions & 1 deletion oletools/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,16 @@ Software.
News
----

- **2019-05-22 v0.54.2**:

- bugfix release: fixed several issues related to encrypted
documents and XLM/XLF Excel 4 macros
- msoffcrypto-tool is now installed by default to handle encrypted
documents
- olevba and msodde now handle documents encrypted with common
passwords such as 123, 1234, 4321, 12345, 123456, VelvetSweatShop
automatically.

- **2019-04-04 v0.54**:

- olevba, msodde: added support for encrypted MS Office files
Expand Down Expand Up @@ -153,7 +163,8 @@ Sandbox <https://github.com/cuckoosandbox/cuckoo>`__,
`malware-repo <https://github.com/Tigzy/malware-repo>`__,
`Vba2Graph <https://github.com/MalwareCantFly/Vba2Graph>`__,
`Strelka <https://github.com/target/strelka>`__,
`stoQ <https://stoq.punchcyber.com/>`__, and probably
`stoQ <https://stoq.punchcyber.com/>`__,
`YOMI <https://yomi.yoroi.company>`__, and probably
`VirusTotal <https://www.virustotal.com>`__. And quite a few `other
projects on
GitHub <https://github.com/search?q=oletools&type=Repositories>`__.
Expand Down
8 changes: 0 additions & 8 deletions oletools/doc/Install.html
Original file line number Diff line number Diff line change
Expand Up @@ -25,32 +25,24 @@ <h3 id="linux-mac-osx-unix">Linux, Mac OSX, Unix</h3>
<p>To download and install/update the latest release version of oletools, run the following command in a shell:</p>
<pre class="text"><code>sudo -H pip install -U oletools</code></pre>
<p>Replace <code>pip</code> by <code>pip3</code> or <code>pip2</code> to install on a specific Python version.</p>
<p><strong>New in v0.54:</strong> To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:</p>
<pre class="text"><code>sudo -H pip install -U msoffcrypto-tool</code></pre>
<p><strong>Important</strong>: Since version 0.50, pip will automatically create convenient command-line scripts in /usr/local/bin to run all the oletools from any directory.</p>
<h3 id="windows">Windows</h3>
<p>To download and install/update the latest release version of oletools, run the following command in a cmd window:</p>
<pre class="text"><code>pip install -U oletools</code></pre>
<p>Replace <code>pip</code> by <code>pip3</code> or <code>pip2</code> to install on a specific Python version.</p>
<p><strong>Note</strong>: with Python 3, you may need to open a cmd window with Administrator privileges in order to run pip and install for all users. If that is not possible, you may also install only for the current user by adding the <code>--user</code> option:</p>
<pre class="text"><code>pip3 install -U --user oletools</code></pre>
<p><strong>New in v0.54:</strong> To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:</p>
<pre class="text"><code>pip install -U msoffcrypto-tool</code></pre>
<p><strong>Important</strong>: Since version 0.50, pip will automatically create convenient command-line scripts to run all the oletools from any directory: olevba, mraptor, oleid, rtfobj, etc.</p>
<h2 id="how-to-install-the-latest-development-version">How to install the latest development version</h2>
<p>If you want to benefit from the latest improvements in the development version, you may also use pip:</p>
<h3 id="linux-mac-osx-unix-1">Linux, Mac OSX, Unix</h3>
<pre class="text"><code>sudo -H pip install -U https://github.com/decalage2/oletools/archive/master.zip</code></pre>
<p>Replace <code>pip</code> by <code>pip3</code> or <code>pip2</code> to install on a specific Python version.</p>
<p><strong>New in v0.54:</strong> To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:</p>
<pre class="text"><code>sudo -H pip install -U msoffcrypto-tool</code></pre>
<h3 id="windows-1">Windows</h3>
<pre class="text"><code>pip install -U https://github.com/decalage2/oletools/archive/master.zip</code></pre>
<p>Replace <code>pip</code> by <code>pip3</code> or <code>pip2</code> to install on a specific Python version.</p>
<p><strong>Note</strong>: with Python 3, you may need to open a cmd window with Administrator privileges in order to run pip and install for all users. If that is not possible, you may also install only for the current user by adding the <code>--user</code> option:</p>
<pre class="text"><code>pip3 install -U --user https://github.com/decalage2/oletools/archive/master.zip</code></pre>
<p><strong>New in v0.54:</strong> To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:</p>
<pre class="text"><code>pip install -U msoffcrypto-tool</code></pre>
<h2 id="how-to-install-offline---computer-without-internet-access">How to install offline - Computer without Internet access</h2>
<p>First, download the oletools archive on a computer with Internet access: * Latest stable version: from https://pypi.org/project/oletools/ or https://github.com/decalage2/oletools/releases * Development version: https://github.com/decalage2/oletools/archive/master.zip</p>
<p>Copy the archive file to the target computer.</p>
Expand Down
22 changes: 0 additions & 22 deletions oletools/doc/Install.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ sudo -H pip install -U oletools

Replace `pip` by `pip3` or `pip2` to install on a specific Python version.

**New in v0.54:** To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:
```text
sudo -H pip install -U msoffcrypto-tool
```


**Important**: Since version 0.50, pip will automatically create convenient command-line scripts
in /usr/local/bin to run all the oletools from any directory.

Expand All @@ -53,11 +47,6 @@ by adding the `--user` option:
pip3 install -U --user oletools
```

**New in v0.54:** To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:
```text
pip install -U msoffcrypto-tool
```

**Important**: Since version 0.50, pip will automatically create convenient command-line scripts
to run all the oletools from any directory: olevba, mraptor, oleid, rtfobj, etc.

Expand All @@ -76,11 +65,6 @@ sudo -H pip install -U https://github.com/decalage2/oletools/archive/master.zip

Replace `pip` by `pip3` or `pip2` to install on a specific Python version.

**New in v0.54:** To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:
```text
sudo -H pip install -U msoffcrypto-tool
```

### Windows

```text
Expand All @@ -97,12 +81,6 @@ by adding the `--user` option:
pip3 install -U --user https://github.com/decalage2/oletools/archive/master.zip
```

**New in v0.54:** To enable the decryption of encrypted documents, you also need to install the msoffcrypto-tool package:
```text
pip install -U msoffcrypto-tool
```


How to install offline - Computer without Internet access
---------------------------------------------------------

Expand Down

0 comments on commit 9e47e2a

Please sign in to comment.