This is the home page of the documentation for python-oletools. The
latest version can be found online, otherwise
a copy is provided in the doc subfolder of the package.
oletools is a
package of python tools to analyze Microsoft
OLE2 files (also called Structured Storage, Compound File Binary
Format or Compound Document File Format), such as Microsoft Office
97-2003 documents, MSI files or Outlook messages, mainly for malware
analysis, forensics and debugging. It is based on the olefile parser.
It also provides tools to analyze RTF files and files based on the OpenXML format
(aka OOXML) such as MS Office 2007+ documents, XPS or MSIX files.
For example, oletools can detect, extract and analyse VBA macros, OLE
objects, Excel 4 macros (XLM) and DDE links.
See http://www.decalage.info/python/oletools
for more info.
Quick links: Home page - Download/Install
- Documentation
- Report
Issues/Suggestions/Questions - Contact the Author - Repository - Updates on Twitter
Note: python-oletools is not related to OLETools published by BeCubed
Software.
- oleid: to analyze OLE
files to detect specific characteristics usually found in malicious
files.
- olevba: to extract and
analyze VBA Macro source code from MS Office documents (OLE and
OpenXML).
- mraptor: to detect
malicious VBA Macros
- msodde: to detect and
extract DDE/DDEAUTO links from MS Office documents, RTF and CSV
- pyxswf: to detect,
extract and analyze Flash objects (SWF) that may be embedded in files
such as MS Office documents (e.g. Word, Excel) and RTF, which is
especially useful for malware analysis.
- oleobj: to extract
embedded objects from OLE files.
- rtfobj: to extract
embedded objects from RTF files.
- olebrowse: A simple
GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to
view and extract individual data streams.
- olemeta: to extract all
standard properties (metadata) from OLE files.
- oletimes: to extract
creation and modification timestamps of all streams and storages.
- oledir: to display all
the directory entries of an OLE file, including free and orphaned
entries.
- olemap: to display a map
of all the sectors in an OLE file.
- and a few others (coming soon)