oletools v0.56
- 2020-09-28 v0.56:
- olevba/mraptor:
- added detection of trigger _OnConnecting
- olevba:
- updated plugin_biff to v0.0.17 to improve Excel 4/XLM macros parsing
- added simple analysis of Excel 4/XLM macros in XLSM files (PR #569)
- added detection of template injection (PR #569)
- added detection of many suspicious keywords (PR #591 and #569, see https://www.certego.net/en/news/advanced-vba-macros/)
- improved MHT detection (PR #532)
- added --no-xlm option to disable Excel 4/XLM macros parsing (PR #532)
- fixed bug when decompressing raw chunks in VBA (issue #575)
- fixed bug with email package due to monkeypatch for MHT parsing (issue #602, PR #604)
- fixed option --relaxed (issue #596, PR #595)
- enabled relaxed mode by default (issues #477, #593)
- fixed detect_vba_macros to always return VBA code as
unicode on Python 3 (issues #455, #477, #587, #593) - replaced option --pcode by --show-pcode and --no-pcode,
replaced optparse by argparse (PR #479)
- oleform: improved form parsing (PR #532)
- oleobj: "Ole10Native" is now case insensitive (issue #541)
- clsid: added PDF (issue #552), Microsoft Word Picture (issue #571)
- ppt_parser: fixed bug on Python 3 (issues #177, #607, PR #450)
- olevba/mraptor:
How to install with pip: https://github.com/decalage2/oletools/wiki/Install