code from rblott (thanks!) for installing upgraded version of oletools and extracting dde links, also adding more useful version output to results
version check
Fixed indentation. Added in flash extraction as per xxxswf.py. Have not tested at all. TODO: TEST!
typo
Check should be with the imports.
the proper directory would be helpful
Not sure if this is in the new version or not, but takes file name and not contents.
Adjusted code to fit in service
Adding heuristics back so that they now work. Add section for notifcation of swf extraction.
Don't add result line if not processing
The old rtf parser is depricated. New code will handle new rtfparsing class. However it seems some files do not parse with 0.52 code that will in 0.45. Investigating...
More appropriate here, need to test
Added suspicious keywords for extraction of some streams, vb hex encoding detection and decode, changed the way some modules returned data
specify body_format
Should pass the section, not the boolean value.
More detailed log to find files erroring
Downgrade logging for msodde errors
Make result output a little nicer, add a filetype to suspicious extensions
code from rblott (thanks!) for installing upgraded version of oletools and extracting dde links, also adding more useful version output to results
version check
Fixed indentation. Added in flash extraction as per xxxswf.py. Have not tested at all. TODO: TEST!
typo
Check should be with the imports.
the proper directory would be helpful
Not sure if this is in the new version or not, but takes file name and not contents.
Adjusted code to fit in service
Adding heuristics back so that they now work. Add section for notifcation of swf extraction.
Don't add result line if not processing
The old rtf parser is depricated. New code will handle new rtfparsing class. However it seems some files do not parse with 0.52 code that will in 0.45. Investigating...
More appropriate here, need to test
Added suspicious keywords for extraction of some streams, vb hex encoding detection and decode, changed the way some modules returned data
specify body_format
Should pass the section, not the boolean value.
More detailed log to find files erroring
Downgrade logging for msodde errors
Make result output a little nicer, add a filetype to suspicious extensions
Examine unique ole stream data
Â