Hi,
Some day ago I've released pyOLEScanner 1.3
The essential aim of this script is to detect Malicious Office Files (basically doc, xls, ppt) and warn about suspect behaviours.
https://github.com/Evilcry/PythonScript ... canner.zip
Version 1.3 contains:
1. Bug Fix.
2. More Shellcode Detection.
3. More API Detection.
4. SQLite Support.
5. OLE2 Macro Scan.
6. Office2007 (docx/pptx/xlsx) deflate and Macro checks.
Directory scan works too, in presence of encryption a ‘decrypted‘ copy is dumped.
USAGE: python pyOLEScanner.py _suspect_document
Compatibility with Windows and Linux is maintained.
Next Issue:
1. Whole script will be OOP-ized.
2. CVE Detector.
3. Increase Performances of XOR Bruteforcer.
4. Forensics Interface, to explore File Format Internals.
5. Report.
Regards,
Evilcry
Some day ago I've released pyOLEScanner 1.3
The essential aim of this script is to detect Malicious Office Files (basically doc, xls, ppt) and warn about suspect behaviours.
https://github.com/Evilcry/PythonScript ... canner.zip
Version 1.3 contains:
1. Bug Fix.
2. More Shellcode Detection.
3. More API Detection.
4. SQLite Support.
5. OLE2 Macro Scan.
6. Office2007 (docx/pptx/xlsx) deflate and Macro checks.
Directory scan works too, in presence of encryption a ‘decrypted‘ copy is dumped.
USAGE: python pyOLEScanner.py _suspect_document
Compatibility with Windows and Linux is maintained.
Next Issue:
1. Whole script will be OOP-ized.
2. CVE Detector.
3. Increase Performances of XOR Bruteforcer.
4. Forensics Interface, to explore File Format Internals.
5. Report.
Regards,
Evilcry
