oletools python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics, and debugging.

Installation

Tested on Kali Linux (ARM64)

python3 -m venv venv
source venv/bin/activate
pip install oletools[full]

Tools to analyze malicious documents

oleid: to analyze OLE files to detect specific characteristics usually found in malicious files.
olevba: to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
MacroRaptor: to detect malicious VBA Macros
msodde: to detect and extract DDE/DDEAUTO links from MS Office documents, RTF and CSV
pyxswf: to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.
oleobj: to extract embedded objects from OLE files.
rtfobj: to extract embedded objects from RTF files.

Tools to analyze the structure of OLE files

olebrowse: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
olemeta: to extract all standard properties (metadata) from OLE files.
oletimes: to extract creation and modification timestamps of all streams and storages.
oledir: to display all the directory entries of an OLE file, including free and orphaned entries.
olemap: to display a map of all the sectors in an OLE file.

Recent Notes

Custom domain for Codeberg page

Different type of DNS Records

Installing OpenBSD on macOS

Murphy's Law and more

Lumix DMC-GX80

oletools

Installation

Tools to analyze malicious documents

Tools to analyze the structure of OLE files

Graph View

Table of Contents

Recent Notes

Custom domain for Codeberg page

Different type of DNS Records

Backlinks