oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Analyses of the attacks using ms-msdt links show that there is a multitude of attack vectors based on links or general "external relations" in office documents. It is therefore prudent to check for these and there is code in oleobj that helps doing that.
However, oleobj also dumps embedded files to disc which may not be the intended behaviour when using it as "link finder". The commits in this PR therefore add an option to skip all dumping and just report what could be dumped and what external relations were found.
We could take an alternative approach and instead create a separate "link_finder.py", moving this functionality there, but since more and more people rely on oletools I did not want to break compatibility with existing behaviour. I can implement that as well if you wish.
This branch is based on one other branch, therefore the PR contains 10 commits from #771 (log-helper and json in oleobj) to avoid trouble when merging. Hope that is ok.
Analyses of the attacks using ms-msdt links show that there is a multitude of attack vectors based on links or general "external relations" in office documents. It is therefore prudent to check for these and there is code in oleobj that helps doing that.
However, oleobj also dumps embedded files to disc which may not be the intended behaviour when using it as "link finder". The commits in this PR therefore add an option to skip all dumping and just report what could be dumped and what external relations were found.
We could take an alternative approach and instead create a separate "link_finder.py", moving this functionality there, but since more and more people rely on oletools I did not want to break compatibility with existing behaviour. I can implement that as well if you wish.
This branch is based on one other branch, therefore the PR contains 10 commits from #771 (log-helper and json in oleobj) to avoid trouble when merging. Hope that is ok.