Skip to content

oletools v0.56

Compare
Choose a tag to compare
@decalage2 decalage2 released this 04 Oct 18:57
· 212 commits to master since this release
  • 2020-09-28 v0.56:
    • olevba/mraptor:
      • added detection of trigger _OnConnecting
    • olevba:
      • updated plugin_biff to v0.0.17 to improve Excel 4/XLM macros parsing
      • added simple analysis of Excel 4/XLM macros in XLSM files (PR #569)
      • added detection of template injection (PR #569)
      • added detection of many suspicious keywords (PR #591 and #569, see https://www.certego.net/en/news/advanced-vba-macros/)
      • improved MHT detection (PR #532)
      • added --no-xlm option to disable Excel 4/XLM macros parsing (PR #532)
      • fixed bug when decompressing raw chunks in VBA (issue #575)
      • fixed bug with email package due to monkeypatch for MHT parsing (issue #602, PR #604)
      • fixed option --relaxed (issue #596, PR #595)
      • enabled relaxed mode by default (issues #477, #593)
      • fixed detect_vba_macros to always return VBA code as
        unicode on Python 3 (issues #455, #477, #587, #593)
      • replaced option --pcode by --show-pcode and --no-pcode,
        replaced optparse by argparse (PR #479)
    • oleform: improved form parsing (PR #532)
    • oleobj: "Ole10Native" is now case insensitive (issue #541)
    • clsid: added PDF (issue #552), Microsoft Word Picture (issue #571)
    • ppt_parser: fixed bug on Python 3 (issues #177, #607, PR #450)

How to install with pip: https://github.com/decalage2/oletools/wiki/Install