oletools v0.53

2018-05-30 v0.53:
- olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format)
- improved support for VBA forms in olevba (oleform)
- rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red.
- Updated rtfobj to handle obfuscated RTF samples.
- rtfobj now handles the "\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/
- msodde: improved detection of DDE formulas in CSV files
- oledir now displays the tree of storage/streams, along with CLSIDs and their meaning.
- common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant.
- oleid now detects encrypted OpenXML files
- fixed bugs in oleobj, rtfobj, oleid, olevba

oletools v0.52

• New tool msodde to detect and extract DDE links from MS Office files, RTF and CSV;
• Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files;
• Performance improvements in olevba and rtfobj;
• VBA form parsing in olevba;
• Office 2007+ support in oleobj.

oletools v0.51

• added the oletools cheatsheet
• improved rtfobj to handle malformed RTF files, detect vulnerability CVE-2017-0199
• olevba: improved deobfuscation and Mac files support
• mraptor: added more ActiveX macro triggers
• added DocVarDump.vba to dump document variables using Word
• olemap: can now detect and extract extra data at end of file, improved display
• oledir, olemeta, oletimes: added support for zip files and wildcards
• many bugfixes in all the tools
• improved Python 2+3 support

oletools v0.50

• all oletools now support python 2 and 3.
• olevba: several bugfixes and improvements.
• mraptor: improved detection, added mraptor_milter for Sendmail/Postfix integration.
• rtfobj: brand new RTF parser, obfuscation-aware, improved display, detect executable files in OLE Package objects.
• setup: now creates handy command-line scripts to run oletools from any directory.

oletools v0.47

• olevba: added PPT97 macros support, improved handling of malformed/incomplete documents, improved error handling and JSON output, now returns an exit code based on analysis results, new --relaxed option.
• rtfobj: improved parsing to handle obfuscated RTF documents, added -d option to set output dir.
• moved repository and documentation to GitHub.

oletools v0.46

olevba does not deobfuscate VBA expressions by default (much faster), new option --deobf to enable it. Fixed color display bug on Windows for several tools.
oletools-0.46.tar.gz
oletools-0.46.zip