decalage2 oletools issues

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.8k stars 560 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Add the vba ppt sample to the `find_vba` list in the `test_macros` function.

#862 kijeong opened 1 week ago
2
clsid - add CLSIDs

#861 decalage2 opened 3 weeks ago
0
Edit regex to exclude comments (to avoid false positives)

#860 DecimalTurn opened 4 weeks ago
3
Fix unittests

#859 christian-intra2net closed 1 month ago
1
rtfobj/oleid: Equation Editor objects not detected

#858 decalage2 opened 1 month ago
0
requirements: made easygui optional with [gui] extra

#857 ideeockus opened 1 month ago
2
detect_vba_macros() false positives?

#856 xme opened 1 month ago
2
oleobj.py syntax error

#855 xambroz closed 1 month ago
0
rtfobj.py syntax error

#854 xambroz closed 1 month ago
0
oleid, ftguess: parsing issues with PPTM file

#853 decalage2 opened 3 months ago
0
olevba+mraptor: add keywords from malapi.io

#852 decalage2 opened 3 months ago
0
olevba, mraptor: add keywords LoadXML/transformNode for XSL to script

#851 decalage2 opened 3 months ago
0
ftguess: add option to rename files with extension matching format

#850 decalage2 opened 3 months ago
0
ftguess: add options to list supported file formats and extensions

#849 decalage2 opened 3 months ago
0
ftguess: add strict/safe mode to match extension to file formats

#848 decalage2 opened 3 months ago
0
oleobj/oleid: distinguish legitimate hyperlinks from suspicious ones

#847 decalage2 opened 3 months ago
0
oleobj/oleid: very large OLE object not reported

#846 decalage2 opened 4 months ago
0
olevba: ignore malformed OLE files inside OpenXML

#845 decalage2 opened 4 months ago
0
olevba/mraptor: extract info from vbaData.xml

#844 decalage2 opened 4 months ago
0
ftguess: fallback to magika (or others) when file type not identified

#843 decalage2 opened 4 months ago
0
password discovery and decrypted filepath dstfile

#842 federicofantini opened 4 months ago
4
Remove imp import from xxxswf for python 3.12 compatability

#841 cccs-jh closed 3 weeks ago
1
Relax pyparsing version specifier

#840 ninoseki closed 4 months ago
1
Expose References via VBA Parser object

#839 AndrewJLockhart opened 4 months ago
0
Make VBA Tools->References Information available

#838 AndrewJLockhart opened 5 months ago
2
Macro detection issues

#837 tstallings opened 5 months ago
2
Recognize txt

#836 christian-intra2net opened 6 months ago
0
Offline installation without active internet connection crashes on windows

#835 testtomat opened 6 months ago
3
clsid/ftguess: add ZED container format

#834 decalage2 opened 7 months ago
0
Olevba not expecting optional ProjectCompatVersion record

#833 Beakerboy closed 5 months ago
9
clsid: add tag to select suspicious CLSIDs

#832 decalage2 opened 8 months ago
0
oleid/oleobj/msodde: sensibility to zipbomb packaged inside OOXML files

#831 guzmud opened 8 months ago
0
ftguess: file type not detected due to lack of root storage CLSID

#830 decalage2 opened 8 months ago
0
mraptor: should ignore directories when using wildcards

#829 catafest opened 8 months ago
1
ftguess: DOCX not identified properly

#828 decalage2 opened 8 months ago
0
doc: update install instructions for recent Ubuntu/Debian

#827 decalage2 opened 9 months ago
0
oleobj: detect remote templates and other remote references in OLE files

#826 decalage2 opened 9 months ago
1
Add "Modules" as keyword for self-modification

#823 DecimalTurn opened 9 months ago
1
olevba - bug with PDF/MHT

#822 decalage2 opened 10 months ago
0
Detect CVE-2023-36884

#821 yoshimo opened 11 months ago
1
Remove cycle between oletools and pcodedmp

#820 youngcho22 opened 11 months ago
0
handle new record in new vbaproject.bin if present

#819 beauvankirk closed 8 months ago
3
add hint about existing parameter when stomping is detected

#818 security-companion opened 1 year ago
1
Comments are causing false positives

#817 DecimalTurn opened 1 year ago
0
Cant run the script after installation

#816 Ondjultomte opened 1 year ago
0
Exclude RTF files from language statistics

#815 DecimalTurn closed 1 year ago
1
OleID contains_xlm_macros indicator

#814 TheOfficer123 opened 1 year ago
0
Replace deprecated imp module with importlib

#813 hugovk closed 3 weeks ago
1
Relax pyparsing requirement.

#812 vEpiphyte closed 2 months ago
8
olevba dropping file extensions

#811 samspoerl closed 5 months ago
2